Commit Graph

21 Commits

Author SHA1 Message Date
Brett Cannon f5bee30e30 Fix crasher for when an object's __del__ creates a new weakref to itself.
Patch only fixes new-style classes; classic classes still buggy.

Closes bug #1377858.  Already backported.
2007-01-23 23:21:22 +00:00
Armin Rigo c839c2f226 Another crasher. 2006-09-25 15:16:26 +00:00
Neal Norwitz 361b46be24 Add a "crasher" taken from the sgml bug report referenced in the comment 2006-09-11 04:32:57 +00:00
Armin Rigo cd73a78b68 The regular expression engine in '_sre' can segfault when interpreting
bogus bytecode.  It is unclear whether this is a real bug or a "won't
fix" case like bogus_code_obj.py.
2006-08-25 12:44:28 +00:00
Armin Rigo b62efad943 Document the crashers that will not go away soon as "won't fix",
and explain why.
2006-07-25 18:38:39 +00:00
Armin Rigo 5a9a2a3fe1 Added another crasher, which hit me today (I was not intentionally
writing such code, of course, but it took some gdb time to figure out
what my bug was).
2006-07-25 18:11:07 +00:00
Armin Rigo 4df7c0a55b Document why is and is not a good way to fix the gc_inspection crasher. 2006-07-25 18:09:57 +00:00
Armin Rigo 5953baca0a A couple of examples about how to attack the fact that _PyType_Lookup()
returns a borrowed ref.  Many of the calls are open to attack.
2006-07-06 07:58:18 +00:00
Fred Drake 6ffe499397 SF bug #1296433 (Expat bug #1515266): Unchecked calls to character data
handler would cause a segfault.  This merges in Expat's lib/xmlparse.c
revisions 1.154 and 1.155, which fix this and a closely related problem
(the later does not affect Python).

Moved the crasher test to the tests for xml.parsers.expat.
2006-07-01 16:28:20 +00:00
Armin Rigo d77ef8fa51 A couple of crashers of the "won't fix" kind. 2006-06-28 10:49:51 +00:00
Brett Cannon ea3912b0da If a classic class defined a __coerce__() method that just returned its two
arguments in reverse, the interpreter would infinitely recourse trying to get a
coercion that worked.  So put in a recursion check after a coercion is made and
the next call to attempt to use the coerced values.

Fixes bug #992017 and closes crashers/coerce.py .
2006-06-13 21:46:41 +00:00
Brett Cannon 22565aac3b An object with __call__ as an attribute, when called, will have that attribute checked for __call__ itself, and will continue to look until it finds an object without the attribute. This can lead to an infinite recursion.
Closes bug #532646, again.  Will be backported.
2006-06-09 22:31:23 +00:00
Armin Rigo 35f6d36951 [ 1497053 ] Let dicts propagate the exceptions in user __eq__().
[ 1456209 ] dictresize() vulnerability ( <- backport candidate ).
2006-06-01 13:19:12 +00:00
Armin Rigo 7e97ee6ac8 A dictresize() attack. If oldtable == mp->ma_smalltable then pure
Python code can mangle with mp->ma_smalltable while it is being walked
over.
2006-04-18 14:00:01 +00:00
Michael W. Hudson 15b1f146bc add a very old crasher from the 2.1 -> 2.2 round of dictionary fixes. 2006-04-18 13:52:32 +00:00
Neal Norwitz 38a76a1017 Copy note from leakers README here too. We want to keep all test cases. 2006-04-14 06:35:46 +00:00
Tim Peters 1a57296450 Set svn:eol-style to native. 2006-03-01 06:19:04 +00:00
Armin Rigo b4b5a7601b collected my segfaulting Python examples from the SF trackers
(is the purpose of the crashers directory to scare people? :-)
2006-01-14 10:58:30 +00:00
Tim Peters a28ad77844 Whitespace normalization. 2006-01-13 03:05:25 +00:00
Neal Norwitz ae1df41127 add another crash reported by Thomas Wouters 2006-01-11 07:21:19 +00:00
Neal Norwitz 8cc4ef561c As I threatened on python-dev, add a directory which contains all known
bugs which cause the interpreter to crash.  I'm sure we can find a few
more.  Many missing bugs deal with variations on unchecked infinite recursion
(like coerce.py).
2006-01-10 07:49:41 +00:00