You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm going to describe the problem in terms of the Singular interface, but I think probably at least some other interfaces are similarly vulnerable.
The bad sequence of events is:
Some Singular computation is requested, by calling Singular.eval().
Singular.eval() calls Expect.eval().
Expect.eval() sends a command to Singular, to perform the requested computation.
A Python garbage collection is triggered.
One of the collected objects is a Singular wrapper object (of type SingularElement).
Singular.clear() is called on this object.
Singular.clear() calls Singular.eval() to kill the Singular variable corresponding to this object.
Singular.eval() calls Expect.eval().
Expect.eval() sends the kill command to Singular.
Expect.eval() waits for a response from Singular. Unfortunately, the next response it sees from Singular is the response to the command sent in step 3), from the mathematical computation.
Expect.eval() returns this response to Singular.eval().
Singular.eval() returns this response to Singular.clear().
Singular.clear() discards the response.
Garbage collection completes.
Expect.eval() waits for a response from Singular. Unfortunately, the next response it sees from Singular is the null response from the kill command.
Expect.eval() returns this response to Singular.eval().
Singular.eval() returns this null response as the result of the requested computation.
I'll attach two log files to this ticket; log7027 shows the interface working, and log7028 shows the interface failing because the print(sage10); command is interrupted by the command to kill sage7.
Release 2.8.8 had a patch for this that fixed most or all of the issues with Singular. However, other interfaces are still vulnerable to the same problem. All interfaces should be audited and fixed.
I'm going to describe the problem in terms of the Singular interface, but I think probably at least some other interfaces are similarly vulnerable.
The bad sequence of events is:
Some Singular computation is requested, by calling Singular.eval().
Singular.eval() calls Expect.eval().
Expect.eval() sends a command to Singular, to perform the requested computation.
A Python garbage collection is triggered.
One of the collected objects is a Singular wrapper object (of type SingularElement).
Singular.clear() is called on this object.
Singular.clear() calls Singular.eval() to kill the Singular variable corresponding to this object.
Singular.eval() calls Expect.eval().
Expect.eval() sends the kill command to Singular.
Expect.eval() waits for a response from Singular. Unfortunately, the next response it sees from Singular is the response to the command sent in step 3), from the mathematical computation.
Expect.eval() returns this response to Singular.eval().
Singular.eval() returns this response to Singular.clear().
Singular.clear() discards the response.
Garbage collection completes.
Expect.eval() waits for a response from Singular. Unfortunately, the next response it sees from Singular is the null response from the kill command.
Expect.eval() returns this response to Singular.eval().
Singular.eval() returns this null response as the result of the requested computation.
I'll attach two log files to this ticket; log7027 shows the interface working, and log7028 shows the interface failing because the print(sage10); command is interrupted by the command to kill sage7.
Component: interfaces
Issue created by migration from https://trac.sagemath.org/ticket/955
The text was updated successfully, but these errors were encountered: