Serhiy Storchaka added the comment:
__dcigettext() contains:
domainname_len = strlen (domainname);
xdomainname = (char *) alloca (strlen (categoryname)
+ domainname_len + 5);
It tries to allocate a buffer on stack, and for domain name causes stack
overflo
Christian Heimes added the comment:
The crash occurs inside glibc's dgettext() implementation. Its man page does
not list any limitation for domain or msgid length. This looks like a bug in
glibc.
#0 0x77c57a8f in __dcigettext () from /lib64/libc.so.6
#1 0x0058a235 in _loca
Xinmeng Xia added the comment:
Attached testing results of gdb and valgrind. (No error is reported for
locale.dgettext('abs'*10,''))
$gdb ./python
(gdb) run
>>> locale.dgettext('abs'*1000,'')
Program received signal SIGSEGV, Segmentation fault.
__dcigettext (
domainname=domainname@e
New submission from Xinmeng Xia :
Setting the first argument of locale.dgettext() long string, Python interpreter
crashes.
==
Python 3.10.0a6 (default, Mar 19 2021, 11:45:56) [GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "licen
