Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Off by one error in peephole call to find_op on case RETURN_VALUE #79374

Closed
gpshead opened this issue Nov 8, 2018 · 6 comments
Closed

Off by one error in peephole call to find_op on case RETURN_VALUE #79374

gpshead opened this issue Nov 8, 2018 · 6 comments
Assignees
Labels
3.7 (EOL) end of life 3.8 (EOL) end of life interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@gpshead
Copy link
Member

gpshead commented Nov 8, 2018

BPO 35193
Nosy @gpshead, @serhiy-storchaka, @miss-islington
PRs
  • bpo-35193: Fix an off by one error in the RETURN_VALUE case. #10418
  • [3.7] bpo-35193: Fix an off by one error in the RETURN_VALUE case. (GH-10418) #10421
  • [3.6] bpo-35193: Fix an off by one error in the RETURN_VALUE case. (GH-10418) #10422
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/gpshead'
    closed_at = <Date 2018-11-09.18:06:20.373>
    created_at = <Date 2018-11-08.21:08:35.000>
    labels = ['interpreter-core', '3.7', '3.8', 'type-crash']
    title = 'Off by one error in peephole call to find_op on case RETURN_VALUE'
    updated_at = <Date 2018-11-09.18:06:20.372>
    user = 'https://github.com/gpshead'

    bugs.python.org fields:

    activity = <Date 2018-11-09.18:06:20.372>
    actor = 'gregory.p.smith'
    assignee = 'gregory.p.smith'
    closed = True
    closed_date = <Date 2018-11-09.18:06:20.373>
    closer = 'gregory.p.smith'
    components = ['Interpreter Core']
    creation = <Date 2018-11-08.21:08:35.000>
    creator = 'gregory.p.smith'
    dependencies = []
    files = []
    hgrepos = []
    issue_num = 35193
    keywords = ['patch']
    message_count = 6.0
    messages = ['329485', '329492', '329493', '329499', '329502', '329544']
    nosy_count = 3.0
    nosy_names = ['gregory.p.smith', 'serhiy.storchaka', 'miss-islington']
    pr_nums = ['10418', '10421', '10422']
    priority = 'normal'
    resolution = 'fixed'
    stage = 'resolved'
    status = 'closed'
    superseder = None
    type = 'crash'
    url = 'https://bugs.python.org/issue35193'
    versions = ['Python 3.6', 'Python 3.7', 'Python 3.8']

    @gpshead
    Copy link
    Member Author

    gpshead commented Nov 8, 2018

    An off by one error was introduced to peephole.c by the "off by one error fix" in https://bugs.python.org/issue28517. Clang's memory sanitizer detects it (msan).

    find_op is ultimately called with h == codelen so it accesses one byte out of bounds.

    I have a fix, PR coming.

    @gpshead gpshead added 3.7 (EOL) end of life 3.8 (EOL) end of life labels Nov 8, 2018
    @gpshead gpshead self-assigned this Nov 8, 2018
    @gpshead gpshead added interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump labels Nov 8, 2018
    @gpshead
    Copy link
    Member Author

    gpshead commented Nov 9, 2018

    New changeset 49fa4a9 by Gregory P. Smith in branch 'master':
    bpo-35193: Fix an off by one error in the RETURN_VALUE case. (GH-10418)
    49fa4a9

    @miss-islington
    Copy link
    Contributor

    New changeset f16ebcd by Miss Islington (bot) in branch '3.7':
    bpo-35193: Fix an off by one error in the RETURN_VALUE case. (GH-10418)
    f16ebcd

    @serhiy-storchaka
    Copy link
    Member

    Thank you for catching and fixing this error Gregory!

    @gpshead
    Copy link
    Member Author

    gpshead commented Nov 9, 2018

    New changeset 65e1a1f by Gregory P. Smith in branch '3.6':
    bpo-35193: Fix an off by one error in the RETURN_VALUE case. (GH-10418) (GH-10422)
    65e1a1f

    @gpshead
    Copy link
    Member Author

    gpshead commented Nov 9, 2018

    I'm working on getting a memory-sanitizer buildbot setup. I'm so happy it made finding and debugging this relatively easy.

    @gpshead gpshead closed this as completed Nov 9, 2018
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    3.7 (EOL) end of life 3.8 (EOL) end of life interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump
    Projects
    None yet
    Development

    No branches or pull requests

    3 participants