Brett Cannon
f5bee30e30
Fix crasher for when an object's __del__ creates a new weakref to itself.
...
Patch only fixes new-style classes; classic classes still buggy.
Closes bug #1377858 . Already backported.
2007-01-23 23:21:22 +00:00
Armin Rigo
c839c2f226
Another crasher.
2006-09-25 15:16:26 +00:00
Neal Norwitz
361b46be24
Add a "crasher" taken from the sgml bug report referenced in the comment
2006-09-11 04:32:57 +00:00
Armin Rigo
cd73a78b68
The regular expression engine in '_sre' can segfault when interpreting
...
bogus bytecode. It is unclear whether this is a real bug or a "won't
fix" case like bogus_code_obj.py.
2006-08-25 12:44:28 +00:00
Armin Rigo
b62efad943
Document the crashers that will not go away soon as "won't fix",
...
and explain why.
2006-07-25 18:38:39 +00:00
Armin Rigo
5a9a2a3fe1
Added another crasher, which hit me today (I was not intentionally
...
writing such code, of course, but it took some gdb time to figure out
what my bug was).
2006-07-25 18:11:07 +00:00
Armin Rigo
4df7c0a55b
Document why is and is not a good way to fix the gc_inspection crasher.
2006-07-25 18:09:57 +00:00
Armin Rigo
5953baca0a
A couple of examples about how to attack the fact that _PyType_Lookup()
...
returns a borrowed ref. Many of the calls are open to attack.
2006-07-06 07:58:18 +00:00
Fred Drake
6ffe499397
SF bug #1296433 (Expat bug #1515266 ): Unchecked calls to character data
...
handler would cause a segfault. This merges in Expat's lib/xmlparse.c
revisions 1.154 and 1.155, which fix this and a closely related problem
(the later does not affect Python).
Moved the crasher test to the tests for xml.parsers.expat.
2006-07-01 16:28:20 +00:00
Armin Rigo
d77ef8fa51
A couple of crashers of the "won't fix" kind.
2006-06-28 10:49:51 +00:00
Brett Cannon
ea3912b0da
If a classic class defined a __coerce__() method that just returned its two
...
arguments in reverse, the interpreter would infinitely recourse trying to get a
coercion that worked. So put in a recursion check after a coercion is made and
the next call to attempt to use the coerced values.
Fixes bug #992017 and closes crashers/coerce.py .
2006-06-13 21:46:41 +00:00
Brett Cannon
22565aac3b
An object with __call__ as an attribute, when called, will have that attribute checked for __call__ itself, and will continue to look until it finds an object without the attribute. This can lead to an infinite recursion.
...
Closes bug #532646 , again. Will be backported.
2006-06-09 22:31:23 +00:00
Armin Rigo
35f6d36951
[ 1497053 ] Let dicts propagate the exceptions in user __eq__().
...
[ 1456209 ] dictresize() vulnerability ( <- backport candidate ).
2006-06-01 13:19:12 +00:00
Armin Rigo
7e97ee6ac8
A dictresize() attack. If oldtable == mp->ma_smalltable then pure
...
Python code can mangle with mp->ma_smalltable while it is being walked
over.
2006-04-18 14:00:01 +00:00
Michael W. Hudson
15b1f146bc
add a very old crasher from the 2.1 -> 2.2 round of dictionary fixes.
2006-04-18 13:52:32 +00:00
Neal Norwitz
38a76a1017
Copy note from leakers README here too. We want to keep all test cases.
2006-04-14 06:35:46 +00:00
Tim Peters
1a57296450
Set svn:eol-style to native.
2006-03-01 06:19:04 +00:00
Armin Rigo
b4b5a7601b
collected my segfaulting Python examples from the SF trackers
...
(is the purpose of the crashers directory to scare people? :-)
2006-01-14 10:58:30 +00:00
Tim Peters
a28ad77844
Whitespace normalization.
2006-01-13 03:05:25 +00:00
Neal Norwitz
ae1df41127
add another crash reported by Thomas Wouters
2006-01-11 07:21:19 +00:00
Neal Norwitz
8cc4ef561c
As I threatened on python-dev, add a directory which contains all known
...
bugs which cause the interpreter to crash. I'm sure we can find a few
more. Many missing bugs deal with variations on unchecked infinite recursion
(like coerce.py).
2006-01-10 07:49:41 +00:00