Your message dated Thu, 07 Oct 2010 09:02:16 +0000
with message-id <e1p3mmi-0002pe...@franck.debian.org>
and subject line Bug#581058: fixed in python-numpy 1:1.4.1-5
has caused the Debian Bug report #581058,
regarding Running pylint on a file with just "import numpy" corrupts memory
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
581058: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581058
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: pylint
Version: 0.20.0-1
Severity: grave
Tags: upstream security
Justification: user security hole
For the record, I'm not certain that this is a bug in pylint and not a bug in
numpy. However, since I couldn't reproduce it
with pylint's stable version (pylint 0.14.0-2.2, python-logilab-astng
0.17.2-2.1, and python-logilab-common 0.30.0-2), but
_could_ reproduce it with python-numpy's stable version (1:1.1.0-3+lenny1), I
believe pylint or python-logilab-common
or python-logilab-astng is the proximate cause of the bug.
Steps to reproduce:
Create a file "t.py" with the single line:
import numpy
Run pylint on this file and glibc will throw a memory corruption warning and
hang:
$ /usr/bin/pylint -e t.py
No config file found, using default configuration
/usr/lib/pymodules/python2.5/logilab/common/configuration.py:716:
DeprecationWarning: "_config_parser" attribute has been renamed to
"cfgfile_parser"
warn(msg, DeprecationWarning)
*** glibc detected *** /usr/bin/python: corrupted double-linked list:
0x0955c120 ***
You can also run it under gdb for a bit more detail:
j...@slim:~/gtp$ gdb python
GNU gdb (GDB) 7.1-debian
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/python...Reading symbols from
/usr/lib/debug/usr/bin/python2.5...done.
done.
(gdb) run /usr/bin/pylint -e t.py
Starting program: /usr/bin/python /usr/bin/pylint -e t.py
[Thread debugging using libthread_db enabled]
No config file found, using default configuration
/usr/lib/pymodules/python2.5/logilab/common/configuration.py:716:
DeprecationWarning: "_config_parser" attribute has been renamed to
"cfgfile_parser"
warn(msg, DeprecationWarning)
*** glibc detected *** /usr/bin/python: corrupted double-linked list:
0x087f7410 ***
^C
Program received signal SIGINT, Interrupt.
0xb7fe1424 in __kernel_vsyscall ()
(gdb) bt
#0 0xb7fe1424 in __kernel_vsyscall ()
#1 0xb7f15b63 in __lll_lock_wait_private () at
../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:95
#2 0xb7eaa91d in _L_lock_9675 () from /lib/i686/cmov/libc.so.6
#3 0xb7ea90d6 in *__GI___libc_free (mem=0x8800dc0) at malloc.c:3736
#4 0xb7ff418c in _dl_scope_free (old=0x8800dc0) at dl-open.c:175
#5 0xb7feed8f in _dl_map_object_deps (map=0x88251c0, preloads=0x0,
npreloads=<value optimized out>, trace_mode=0,
open_mode=-2147483648) at dl-deps.c:668
#6 0xb7ff43e0 in dl_open_worker (a=0xbfffe7a0) at dl-open.c:326
#7 0xb7ff0186 in _dl_catch_error (objname=0xbfffe7c8, errstring=0xbfffe7c4,
mallocedp=0xbfffe7cf,
operate=0xb7ff4230 <dl_open_worker>, args=0xbfffe7a0) at dl-error.c:178
#8 0xb7ff3d3e in _dl_open (file=0xb7f5c35d "libgcc_s.so.1", mode=-2147483647,
caller_dlopen=0x0, nsid=-1208495168, argc=4,
argv=0xbffff4c4, env=0xbffff4d8) at dl-open.c:616
#9 0xb7f3f082 in do_dlopen (ptr=0xbfffe920) at dl-libc.c:86
#10 0xb7ff0186 in _dl_catch_error (objname=0xbfffe8fc, errstring=0xbfffe8f8,
mallocedp=0xbfffe903, operate=0xb7f3f020 <do_dlopen>,
args=0xbfffe920) at dl-error.c:178
#11 0xb7f3f181 in dlerror_run (operate=<value optimized out>, args=<value
optimized out>) at dl-libc.c:47
#12 0xb7f3f2ab in *__GI___libc_dlopen_mode (name=0xb7f5c35d "libgcc_s.so.1",
mode=-2147483647) at dl-libc.c:160
#13 0xb7f1d238 in init () at ../sysdeps/i386/backtrace.c:44
#14 0xb7fba460 in pthread_once () at
../nptl/sysdeps/unix/sysv/linux/i386/pthread_once.S:122
#15 0xb7f1d42d in *__GI___backtrace (array=0xbfffef00, size=64) at
../sysdeps/i386/backtrace.c:121
#16 0xb7e9a6db in __libc_message (do_abort=2, fmt=0xb7f610e8 "*** glibc
detected *** %s: %s: 0x%s ***\n")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:152
#17 0xb7ea4824 in malloc_printerr (action=2, str=0xb7f5db6c "corrupted
double-linked list", ptr=0x87f7410) at malloc.c:6239
#18 0xb7ea62df in _int_free (av=0xb7f7d3c0, p=0x7f741008) at malloc.c:4925
#19 0xb7ea90dd in *__GI___libc_free (mem=0x87f7538) at malloc.c:3738
#20 0xb7926819 in ?? () from
/usr/lib/python2.5/site-packages/numpy/core/umath.so
#21 0x08086659 in insertdict (mp=0xb794fe6c, key=0x87f7538, hash=-128066157,
value=0x8146b78) at ../Objects/dictobject.c:420
#22 0x080883a2 in PyDict_SetItem (op=0x87a79bc, key=0x87be360, value=0x8146b78)
at ../Objects/dictobject.c:645
#23 0x0808a3f4 in _PyModule_Clear (m=0x82acb0c) at ../Objects/moduleobject.c:136
#24 0x080df7a1 in PyImport_Cleanup () at ../Python/import.c:492
#25 0x080ea5f1 in Py_Finalize () at ../Python/pythonrun.c:399
#26 0x080e9cb7 in Py_Exit () at ../Python/pythonrun.c:1618
#27 handle_system_exit () at ../Python/pythonrun.c:1054
#28 0x080ea27d in PyErr_PrintEx (set_sys_last_vars=<value optimized out>) at
../Python/pythonrun.c:1064
#29 0x080eb2f3 in PyRun_SimpleFileExFlags (fp=0xbffff654, filename=0xbffff654
"/usr/bin/pylint", closeit=1, flags=0xbffff3fc)
at ../Python/pythonrun.c:883
#30 0x08059401 in Py_Main (argc=4, argv=0xbffff4c4) at ../Modules/main.c:532
#31 0x0805877b in main (argc=4, argv=0xbffff4c4) at ../Modules/python.c:23
(gdb)
By contrast, if you download to the old version of pylint and the logilab
libraries described above, pylint runs without a problem:
$ /usr/bin/pylint -e t.py
No config file found, using default configuration
$
Since this bug causes memory corruption and could presumably be exploited for
nefarious purposes, I marked it "grave".
-- System Information:
Debian Release: squeeze/sid
APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500,
'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-trunk-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pylint depends on:
ii python 2.5.4-9 An interactive high-level object-o
ii python-logilab-astng 0.20.0-1 rebuild a new abstract syntax tree
ii python-logilab-common 0.50.1-1 useful miscellaneous modules used
ii python-support 1.0.8 automated rebuilding support for P
Versions of packages pylint recommends:
ii python-tk 2.6.5-1 Tkinter - Writing Tk applications
pylint suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: python-numpy
Source-Version: 1:1.4.1-5
We believe that the bug you reported is fixed in the latest version of
python-numpy, which is due to be installed in the Debian FTP archive:
python-numpy-dbg_1.4.1-5_amd64.deb
to main/p/python-numpy/python-numpy-dbg_1.4.1-5_amd64.deb
python-numpy-doc_1.4.1-5_all.deb
to main/p/python-numpy/python-numpy-doc_1.4.1-5_all.deb
python-numpy_1.4.1-5.debian.tar.gz
to main/p/python-numpy/python-numpy_1.4.1-5.debian.tar.gz
python-numpy_1.4.1-5.dsc
to main/p/python-numpy/python-numpy_1.4.1-5.dsc
python-numpy_1.4.1-5_amd64.deb
to main/p/python-numpy/python-numpy_1.4.1-5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 581...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sandro Tosi <mo...@debian.org> (supplier of updated python-numpy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 07 Oct 2010 10:19:13 +0200
Source: python-numpy
Binary: python-numpy python-numpy-dbg python-numpy-doc
Architecture: source amd64 all
Version: 1:1.4.1-5
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team
<python-modules-t...@lists.alioth.debian.org>
Changed-By: Sandro Tosi <mo...@debian.org>
Description:
python-numpy - Numerical Python adds a fast array facility to the Python
languag
python-numpy-dbg - Fast array facility to the Python language (debug extension)
python-numpy-doc - NumPy documentation
Closes: 581058
Changes:
python-numpy (1:1.4.1-5) unstable; urgency=low
.
* debian/patches/10_use_local_python.org_object.inv_sphinx.diff
- fixed small typo in description
* debian/patches/changeset_r8364.diff
- fix memory corruption (double free); thanks to Joseph Barillari for the
report and to Michael Gilbert for pushing resolution; Closes: #581058
Checksums-Sha1:
a4ae6cc495ce7b2ac172363db9076b44db1e4459 1716 python-numpy_1.4.1-5.dsc
3df33cfd72ffb3fa6c37e777b99a60a8b03d4150 102135
python-numpy_1.4.1-5.debian.tar.gz
be78ada4d66fb782cce24a8790e8a60cc5323abd 2080412 python-numpy_1.4.1-5_amd64.deb
b7440df651684662e0b466baa67accfb70c43152 5026220
python-numpy-dbg_1.4.1-5_amd64.deb
2dea0bf4f4b6cdd6fe92404baa4522c63608c40f 3194818
python-numpy-doc_1.4.1-5_all.deb
Checksums-Sha256:
7135041aae2b25907a2a62012d2f4e37a5506a5a554ee8e817d0732fbcf6b16e 1716
python-numpy_1.4.1-5.dsc
4af13a2e2fbcc069ac56c91a2a0e01cafaa026d7a6af6e182f5ca8154aed78ac 102135
python-numpy_1.4.1-5.debian.tar.gz
7b62ff3538b60cd8ca8c734aea5751786f4b1a93c0da7455b48ea54d19b020df 2080412
python-numpy_1.4.1-5_amd64.deb
d800713961905d4e4d20c61200fc51b82dae594977dc5e03c73c854ba175439f 5026220
python-numpy-dbg_1.4.1-5_amd64.deb
619dfadf467098bb1a5e805cca0d8b8503a015e6f97b45a69a69dda1e7767f2c 3194818
python-numpy-doc_1.4.1-5_all.deb
Files:
35b2f4bed63e0c61e8950d420037e9cd 1716 python optional python-numpy_1.4.1-5.dsc
a2c5cf3ee63bb6bed7689dadcd482c5b 102135 python optional
python-numpy_1.4.1-5.debian.tar.gz
18fbd5baa2668afd1894ce0952deb50c 2080412 python optional
python-numpy_1.4.1-5_amd64.deb
d37766eb3b1c8407bfb2d30815f471d5 5026220 debug extra
python-numpy-dbg_1.4.1-5_amd64.deb
71d85228860d28da010eade41a616216 3194818 doc optional
python-numpy-doc_1.4.1-5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkytimgACgkQAukwV0RN2VBM1ACgn+bKOILOJge5qQr4Vcw0bghe
pz4AnisDnFip/Ggs63U3nx70LF/WGP6g
=gggf
-----END PGP SIGNATURE-----
--- End Message ---
