[issue24613] array.fromstring Use After Free

Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri

[issue24613] array.fromstring Use After Free

Changes by Serhiy Storchaka : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___ _

[issue24613] array.fromstring Use After Free

Serhiy Storchaka added the comment: Thank you for your contribution John. -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue24613] array.fromstring Use After Free

Roundup Robot added the comment: New changeset 2d39777f3477 by Serhiy Storchaka in branch '2.7': Issue #24613: Calling array.fromstring() with self is no longer allowed https://hg.python.org/cpython/rev/2d39777f3477 -- nosy: +python-dev ___ Python tra

[issue24613] array.fromstring Use After Free

Serhiy Storchaka added the comment: The patch doesn't apply correctly. Looks as it is encoded with UTF-16. For future please provide a patch in the encoding of the source file (should be ASCII compatible, without BOM). -- ___ Python tracker

[issue24613] array.fromstring Use After Free

John Leitch added the comment: Attached is a patch that updates array.fromstring to throw a ValueError when self is passed. It also updates the unit tests to cover this new behavior. -- Added file: http://bugs.python.org/file40023/array.fromstring-Use-After-Free.patch

[issue24613] array.fromstring Use After Free

Benjamin Peterson added the comment: I think it should raise an exception. It's hard to feel too bad about preventing corruption even if only "occasional". -- ___ Python tracker ___

[issue24613] array.fromstring Use After Free

John Leitch added the comment: To clarify one point, passing self to array.fromstring works as expected almost all the time in 2.7. My testing revealed anomalous behavior <1% of the time, and it was almost always non-fatal corruption of the buffer. It stands to reason that legacy code may exis

[issue24613] array.fromstring Use After Free

Serhiy Storchaka added the comment: This is not about consistency, this is about that don't encourage users to write new code incompatible with 3.x. For now passing self to array.fromstring() doesn't work in 3.x and doesn't work (sporadically crashes) and never worked in 2.7. What you think a

[issue24613] array.fromstring Use After Free

John Leitch added the comment: I understand the desire for consistency and I will create such a patch when I get some slack space (hopefully tonight), but I believe it will constitute a breaking change; in 2.7, passing self to array.fromstring works as expected most of the time. -- _

[issue24613] array.fromstring Use After Free

Serhiy Storchaka added the comment: Minimal example: import array a = array.array("B") a.fromstring(b'x'*0x1) a.fromstring(a) a.fromstring(a) In 3.x it doesn't work. An exception is raised: Traceback (most recent call last): File "", line 1, in BufferError: cannot resize an array that i

[issue24613] array.fromstring Use After Free

Changes by Serhiy Storchaka : -- assignee: -> serhiy.storchaka components: +Extension Modules nosy: +serhiy.storchaka stage: -> patch review ___ Python tracker ___

[issue24613] array.fromstring Use After Free

John Leitch added the comment: Attaching patch. -- keywords: +patch Added file: http://bugs.python.org/file39900/arraymodule.c.patch ___ Python tracker ___ __

[issue24613] array.fromstring Use After Free

New submission from John Leitch: The Python array.fromstring() method suffers from a use after free caused by unsafe realloc use. The issue is triggered when an array is concatenated to itself via fromstring() call: static PyObject * array_fromstring(arrayobject *self, PyObject *args) { ch