Charles-François Natali added the comment:
I'd like to move this forward: it could IMO be a great way to proactively
detect potential security defects, and nasty stack/heap/memory corruption in
general.
The remaining - missing - part is buildbot integration: AFAICT the only
specific thing to
Anton Afanasyev added the comment:
Hi Antoine,
my test works for me. It can be either
a = [1, 2, 3]
or
a = iter([1, 2, 3])
, no matter: both objects will be +1 referenced after taking
b = islice(a, 1)
.
My test failed without patch and passed with one.
But your test is more straightforward,
Changes by Anton Afanasyev fun@gmail.com:
Added file: http://bugs.python.org/file35087/issue21321_3.4_8c8315bac6a8_4.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21321
___
Changes by Anton Afanasyev fun@gmail.com:
Added file: http://bugs.python.org/file35086/issue21321_2.7_e3217efa6edd_4.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21321
___
Nick Coghlan added the comment:
Makes sense to me. Assuming we eventually manage to resolve the POSIX locale
issue, the bytes variant will become even less useful.
--
resolution: later - rejected
status: open - closed
___
Python tracker
Donald Stufft added the comment:
One of the reasons the PEP was done the way it was done was it allowed you to
write 2/3 compatible code without version checks. Enhancing that class won't
land until 3.5 which is 18+ months away. Further more the os.urandom persistent
FD's already exists and
Nick Coghlan added the comment:
This is expected behaviour - raise StopIteration in a generator is equivalent
to return, except it can occur inside a called function.
The bug here is in the given context manager definition - it should be taking
appropriate action if the next call failing is
Nick Coghlan added the comment:
Note that the discussion of this PEP *did* suffer from the language summit
effect where folks that couldn't make it to the summit are missing some of
the context. I believe I included all of the key motivating points in the
PEP itself, but it's still not the same
Tim Golden added the comment:
Yes, now that the custom allocator / tracing stuff is in place:
otherwise there's no way for custom allocation or tracing to occur.
Please go ahead and rework the patch when you have the time.
Also, since the setup of the reparse header is such an underdocumented
Antoine Pitrou added the comment:
Tentative patch attached. The test suite still passes, but I'm not
sure if it actually exerts the new code path.
A quick grep shows me that it should be exercised at least by
Modules/_io/bufferedio.c.
Otherwise, the way to test the C API is to add a function
Ned Deily added the comment:
Yes, it should be possible to build all Pythons for all recent OS X deployment
targets but, normally, the safest way is to build a specific deployment target
on the same OS X version; that should avoid any possibility of inadvertently
linking with new features not
Antoine Pitrou added the comment:
But I'm not really familiar with the buildbot support, so if anyone
has a clue...
I can add environment variables and configure options specific to a buildbot.
Just tell me which ones (and which buildbot (preferably yours ? :-)).
That said, it would be
Roundup Robot added the comment:
New changeset 3cf067049211 by Antoine Pitrou in branch 'default':
Issue #20951: SSLSocket.send() now raises either SSLWantReadError or
SSLWantWriteError on a non-blocking socket if the operation would block.
Previously, it would return 0.
Roundup Robot added the comment:
New changeset b0f6983d63df by Antoine Pitrou in branch 'default':
Add porting note for issue #20951.
http://hg.python.org/cpython/rev/b0f6983d63df
--
___
Python tracker rep...@bugs.python.org
Antoine Pitrou added the comment:
Patch finally committed. Thanks Nikolaus!
--
resolution: - fixed
stage: patch review - resolved
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20951
New submission from rsevcan:
signal.signal() built-in function doesnt throws a ValueError exception in
Windows when is called with a different signal than SIGABRT, SIGFPE, SIGILL,
SIGINT, SIGSEGV, or SIGTERM, as it is written in the documentation.
Simon Zack added the comment:
The problem is still present in python 3.4 with mingw gcc 4.8.2. I was having
trouble with compiling radare2's python swig bindings.
The solution described here:
http://ascend4.org/Setting_up_a_MinGW-w64_build_environment#Setup_Python_for_compilation_of_extensions
Kim Gräsman added the comment:
Also, since the setup of the reparse header is such an underdocumented
nightmare, please add as much commentary as possible around the choice
of allocations offsets.
I'll try. It might turn into a novel.
(BTW I'm not convinced that the PyMem change was the
Roundup Robot added the comment:
New changeset 2a1d63f09560 by Antoine Pitrou in branch 'default':
Issue #21057: TextIOWrapper now allows the underlying binary stream's read() or
read1() method to return an arbitrary bytes-like object (such as a memoryview).
Roundup Robot added the comment:
New changeset 7f50e1836ddb by Antoine Pitrou in branch 'default':
Fix failure in test_poplib after issue #20951.
http://hg.python.org/cpython/rev/7f50e1836ddb
--
___
Python tracker rep...@bugs.python.org
Antoine Pitrou added the comment:
Thank you, I've committed tha patch to 3.5.
--
resolution: - fixed
stage: patch review - resolved
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21057
Antoine Pitrou added the comment:
Ok, there was a failure in test_poplib when run with -unetwork, I fixed it.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20951
___
Raymond Hettinger added the comment:
Attaching a fix. I can't think of a way to test this without an array of
sys.maxsize.
--
keywords: +patch
Added file: http://bugs.python.org/file35088/fix_overflow.diff
___
Python tracker rep...@bugs.python.org
STINNER Victor added the comment:
The problem is AFAICT there's currently no way to get a file
descriptor to the underlying /dev/urandom (and I don't know how it
works on Windows).
We can reimplement os.urandom in SystemRandom on UNIX to keep the file (fd)
open. The code is very simple,
Antoine Pitrou added the comment:
Thanks. Could you also add a test for the islice_reduce additions? Or is it
already tested?
I suspect there's a reference leak there: after calling PyObject_GetIter, you
should always Py_DECREF(empty_list).
Also, with the O code, Py_BuildValue will take a new
STINNER Victor added the comment:
(and I don't know how it
works on Windows).
On Windows, the OS CryptoAPI is used and a handle is kept open between
calls to os.urandom. On Windows, I don't think that it's a an issue to keep
a handle open. Handle are not sequential numbers and users don't
New submission from Ned Deily:
make touch
hg --config extensions.touch=Tools/hg/hgtouch.py touch -v
*** failed to import extension touch from Tools/hg/hgtouch.py: [Errno 2] No
such file or directory: 'Tools/hg/hgtouch.py'
hg: unknown command 'touch'
--
components: Build
messages:
Antoine Pitrou added the comment:
If I remember correctly, ceval.c has an optmisation for str += str even if
the refcount is 2. Do we need to implement it or suggest to use bytearray
or b''.join() instead?
The latter, IMO. This issue is about the C API _PyBytes_Concat.
--
Changes by Ned Deily n...@acm.org:
--
keywords: +patch
stage: - patch review
Added file: http://bugs.python.org/file35089/issue21383_make_touch.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21383
STINNER Victor added the comment:
If I remember correctly, ceval.c has an optmisation for str += str even if
the refcount is 2. Do we need to implement it or suggest to use bytearray
or b''.join() instead?
--
___
Python tracker rep...@bugs.python.org
Ned Deily added the comment:
Martin, it could if make touch worked when building outside of the source
directory (Issue21383).
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17861
___
New submission from STINNER Victor:
The PEP 446 was implemented in Python 3.4. All file descriptors are now created
non inheritable. The implementation was not finished on Windows, handles may be
created inheritable. The Python code should be audoted for that.
For example, hCryptProv in
New submission from Antti Haapala:
We had had problems with our web service occasionally hanging and performing
poorly, and as we didn't have much clue about the cause of these, we decided to
continuously run our staging build under debug enabled python 3.4, and then
attaching gdb as needed.
Changes by Giampaolo Rodola' g.rod...@gmail.com:
--
nosy: +giampaolo.rodola
versions: +Python 3.5
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1284316
___
Anton Afanasyev added the comment:
Hi Antoine,
oops you are right about leaks: fixed them in new attached patch.
As for testing changes in reduce(): they are already covered by
self.pickletest(islice(range(100), *args)). Function pickletest() covers
case for pickle dumping/loading of exhausted
Changes by Kristján Valur Jónsson krist...@ccpgames.com:
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7105
___
Antoine Pitrou added the comment:
For the record, checks such as:
self.assertEqual(wr() is None, False)
are better written:
self.assertIsNotNone(wr())
No need to upload a new patch, I'm gonna make the change while committing :-)
--
Roundup Robot added the comment:
New changeset b795105db23a by Antoine Pitrou in branch '3.4':
Issue #21321: itertools.islice() now releases the reference to the source
iterator when the slice is exhausted.
http://hg.python.org/cpython/rev/b795105db23a
New changeset a627b3e3c9c8 by Antoine
Antoine Pitrou added the comment:
Patch committed, thank you!
If you want to provide a patch for 2.7, please say so, otherwise I'll close the
issue.
--
resolution: - fixed
stage: - resolved
___
Python tracker rep...@bugs.python.org
Giampaolo Rodola' added the comment:
If on one hand I agree that Python being in C:\PythonXX is not optimal for all
the reasons which have been mentioned so far, changing such an old established
aspect of the interpreter would be too much disruptive as a change.
To say one, being that on
Anton Afanasyev added the comment:
Antoine, not sure about 2.7. The issue first arose for me at Python 2.7, so I
would prefer issue21321_2.7_e3217efa6edd_4.diff patch be applied.
--
___
Python tracker rep...@bugs.python.org
Roundup Robot added the comment:
New changeset 8ee76e1b5aa6 by Antoine Pitrou in branch '2.7':
Issue #21321: itertools.islice() now releases the reference to the source
iterator when the slice is exhausted.
http://hg.python.org/cpython/rev/8ee76e1b5aa6
--
Antoine Pitrou added the comment:
Ok, then I've committed to 2.7 too. Thank you very much for contributing!
--
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21321
___
New submission from Roger Luethi:
Lib/ipaddress.py does not implement is_global for IPv4Address, in contrast to
the documentation which states for IPv4Address.is_global: True if the address
is allocated for public networks.
A patch like the one attached to this report should fix that.
New submission from Evgeniy Stepanov:
Following https://docs.python.org/2/c-api/init.html#Py_Finalize, I'm
reinitializing embedded python interpreter multiple time in one process.
#include Python.h
void f() {
Py_Initialize();
PyRun_SimpleString(from time import time,ctime\n
import
Stefan Krah added the comment:
Okay, if no one else wants this, I'll go ahead with the _fields part.
Andrew, could you sign a contributor agreement?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1820
Changes by Stefan Krah stefan-use...@bytereef.org:
--
resolution: - duplicate
stage: - resolved
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20230
___
Changes by Stefan Krah stefan-use...@bytereef.org:
--
superseder: - Enhance Object/structseq.c to match namedtuple and tuple
api
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20230
Stefan Krah added the comment:
Since Fedora 16 is EOL, let's close this.
--
resolution: - out of date
stage: needs patch - resolved
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19001
Changes by Eric V. Smith e...@trueblade.com:
--
nosy: +eric.smith, ncoghlan, pmoody
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21386
___
___
Tim Golden added the comment:
Fixed by issue9291
--
resolution: - duplicate
stage: - resolved
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21138
___
Jason R. Coombs added the comment:
I still disagree. If the preferable place for Python to be installed is not in
the root (and I fervently feel so), then there could be a transitional approach
to move it to the appropriate place, such as creating symbolic links from the
legacy destinations
dellair jie added the comment:
Hello masamoto,
The patch you provided works quite well.
The build passed and Python calls are successfully.
Please let me know what else you need me to test in order to have the patch
accepted or else feel free to close it with Resolution Fixed.
Thanks,
Dellair
dellair jie added the comment:
Finally got it compiled on Cygwin! :)
Victor,
I am still having issue with the make test on Cygwin, hence can only do some
manual testing:
Output:
info = signal.sigwaitinfo({signal.SIGINT})
^C
info = signal.struct_siginfo((2, 128, 0, 0, 0, 3))
Traceback
New submission from Stefan Krah:
We could remove decimal.InvalidContext, which is completely unused
both in decimal.py and _decimal.
--
messages: 217519
nosy: mark.dickinson, rhettinger, skrah
priority: normal
severity: normal
status: open
title: decimal.InvalidContext is unused
type:
Roundup Robot added the comment:
New changeset c75a2282166f by Zachary Ware in branch '3.4':
Issue #17386: List the 'htmlview' target in the Doc/Makefile help output.
http://hg.python.org/cpython/rev/c75a2282166f
New changeset c378c67c4170 by Zachary Ware in branch '3.4':
Issue #17386: Update
Roundup Robot added the comment:
New changeset 0f6bdc2b0e38 by Tim Golden in branch '2.7':
Issue #19630 Emphasise that the file parameter to marshal.dump must be a real
file object
http://hg.python.org/cpython/rev/0f6bdc2b0e38
--
nosy: +python-dev
Tim Golden added the comment:
I updated the docs to emphasise that the file parameter to marshal.dump must be
a real file, not a wrapper.
--
assignee: - tim.golden
status: open - closed
___
Python tracker rep...@bugs.python.org
Antoine Pitrou added the comment:
Shouldn't this issue be closed?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21040
___
___
Python-bugs-list
Changes by Zachary Ware zachary.w...@gmail.com:
--
keywords: +easy
stage: - needs patch
status: - open
type: - enhancement
versions: +Python 3.5
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21314
Stéphane Wirtel added the comment:
Hi all,
Here is a new version of the patch, please, keep me informed and I think I have
to modify some parts, but give me your feedback.
Thanks
--
Added file: http://bugs.python.org/file35093/issue12916-2.patch
Mark Dickinson added the comment:
It's part of the specification, though. For me, that's a good enough reason to
keep it.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21388
___
Changes by Charles-François Natali cf.nat...@gmail.com:
--
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21040
___
___
Changes by Jesús Cea Avión j...@jcea.es:
--
assignee: - jcea
nosy: +jcea
title: mark test_devpoll to be meaningfull only for Solaris - mark
test_devpoll to be meaningful only for Solaris
versions: +Python 3.5
___
Python tracker
Jesús Cea Avión added the comment:
Thanks for the head-up!!. Can you compile new version and try it out?.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21316
___
Roundup Robot added the comment:
New changeset cc2345e6e9ff by Jesus Cea in branch '3.4':
Closes issue #21316: mark test_devpoll to be meaningfull only for Solaris
http://hg.python.org/cpython/rev/cc2345e6e9ff
New changeset 825c67196aac by Jesus Cea in branch 'default':
MERGE: Closes issue
Changes by Jesús Cea Avión j...@jcea.es:
--
resolution: - fixed
stage: - resolved
status: open - closed
type: enhancement -
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21316
___
Roundup Robot added the comment:
New changeset bf64a5f7c1af by Stefan Krah in branch 'default':
Issue #21374: Fix pickling of DecimalTuple.
http://hg.python.org/cpython/rev/bf64a5f7c1af
New changeset 25919f35241e by Stefan Krah in branch '3.4':
Issue #21374: Fix pickling of DecimalTuple.
Changes by Stefan Krah stefan-use...@bytereef.org:
--
resolution: - fixed
stage: needs patch - resolved
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21374
___
Bill Bergmann added the comment:
Thank you for your response. The program works as expected.
I removed PYTHONPATH settings for 3.4 and 2.7. I'm not sure how those settings
were written. I suspect something related to virtualenv, and I will be watching
to see if they are written again.
When I
Changes by Florent Xicluna florent.xicl...@gmail.com:
--
components: +Library (Lib), Windows
nosy: +flox
type: enhancement - behavior
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21382
___
Christian Tismer added the comment:
Ned,
thank you for locating the patch that causes the problem.
At least, I could now make my script work, built a patch
feature into it.
cheers - Chris
--
___
Python tracker rep...@bugs.python.org
Florent Xicluna added the comment:
It's about documentation only.
The sentence is not wrong, but it is slightly confusing, and there's no hint
which signals are defined on Windows.
On Windows, signal() can only be called with SIGABRT, SIGFPE, SIGILL, SIGINT,
SIGSEGV, or SIGTERM. A ValueError
Changes by Tim Golden m...@timgolden.me.uk:
--
assignee: - tim.golden
resolution: - fixed
stage: patch review - resolved
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9291
Brian Quinlan added the comment:
The patch looks good to me too. I'll commit it soon.
--
assignee: - bquinlan
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21362
___
Adam Polkosnik added the comment:
Gentlemen,
Is there's any way this fix can be included in any version?
Currently, the fact that the exception is thrown makes extracting some zip
files impossible with this library, and rolling your own is a bit painful.
(either using a wrapper around 7zip to
Antoine Pitrou added the comment:
Here is an updated patch keeping up with recent changes in the source tree.
--
Added file: http://bugs.python.org/file35094/unwinding.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17611
Antoine Pitrou added the comment:
Thanks. It would be nice if you could try the same with Python 3.4, or the
development version.
--
nosy: +pitrou, skrah
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21387
Roundup Robot added the comment:
New changeset 0a4b211b927e by Gregory P. Smith in branch '3.3':
Document the subprocess Popen.args attribute (issue21353)
http://hg.python.org/cpython/rev/0a4b211b927e
New changeset 182b869283a5 by Gregory P. Smith in branch '3.4':
Document the subprocess
Gregory P. Smith added the comment:
yes. this was overlooked. thanks!
--
resolution: - fixed
stage: patch review - resolved
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21353
Kim Gräsman added the comment:
Here's a new attempt, please let me know if this works out better.
Changes:
- Switched to CRT string functions (wcsncmp, wcscpy) instead of Windows
lstrxxxW. There was no lstrncmpW.
- Switched to PyMem_Raw(Malloc|Free) and added explicit memset after allocation
-
Stefan Krah added the comment:
Okay, also it is easier to keep it. I was just busy with the exception
docs and found the InvalidContext situation slightly odd.
Of course, there is a very small chance that external software is
using it.
--
resolution: - not a bug
stage: - resolved
Stefan Krah added the comment:
Are we fixing these on a case by case basis or is it hopeless (msg146615)?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21387
___
Antoine Pitrou added the comment:
I think fixing on a case by case is fine.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21387
___
___
Jesús Cea Avión added the comment:
Eric, would you mind to clarify the points I raised in the last message?. Lets
move this forward.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue2159
Charles-François Natali added the comment:
That said, it would be better if you first check said options work locally.
I wasn't clear, but I did test it, and it works: the only problem I
encountered is address space exhaustion: I have a 32-bit box, and ASAN
uses a lot of virtual address space
Antoine Pitrou added the comment:
I guess we could go for any non-stable buildbot meeting the following
criteria:
- Linux 64-bit
- clang = 3.1 or gcc = 4.8
Hmm... perhaps Stefan would like to set something up?
--
nosy: +skrah
___
Python
Antoine Pitrou added the comment:
How do we spot any ASAN issues, though? Does ASAN change the process' return
code on errors?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21037
___
Terry J. Reedy added the comment:
Adam P, please don't screw around with the version headers. If you want to
claim that this is a security issue of the type we care about (threats to the
public internet) for patching old releases, and severe enough that we should do
anything about it, send a
Charles-François Natali added the comment:
How do we spot any ASAN issues, though? Does ASAN change the process' return
code on errors?
It aborts:
$ cat /tmp/test.c
int main(int argc, char *argv[])
{
int bar[16] = {0};
/* oops */
return bar[16];
}
$ gcc -Wall -fsanitize=address
Terry J. Reedy added the comment:
The new patch adds a docstring with spec template, a second example, and a
crude runall(). I am inclined to push this as a base for further patches -- at
least one to improve runall and others to test more widget classes. These might
be separate issues.
STINNER Victor added the comment:
Patch version 6:
- I renamed int zero parameter to int use_calloc and move the new parameter
at the first position to avoid confusion with nelem. For example,
_PyObject_Alloc(ctx, 1, nbytes, 0) becomes _PyObject_Alloc(0, ctx, 1, nbytes).
It also more logical
Hannan Aharonov added the comment:
OK. Thanks.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21379
___
___
Python-bugs-list mailing list
Adam Polkosnik added the comment:
For the version headers, I've added the versions featuring the broken behavior.
That's all.
I'm not saying that this is
I'm extracting malware from the Central Quarantine files, and the vendor's
implementation is broken and is causing this issue for me on
William Tisäter added the comment:
Found this a simple fix for an annoying and time consuming error. Patched as
discussed earlier and decided to leave the filename out.
--
components: +Windows -Library (Lib)
keywords: +patch
nosy: +tiwilliam
versions: +Python 3.5
Added file:
Adam Polkosnik added the comment:
Also, this behavior is present on all platforms and all versions of Python
(zipfile Library), so maybe the headers should be adjusted there too.
I'm not saying that this is necessarily a big freaking hole, but by using this,
one can prevent files from being
Charles-François Natali added the comment:
LGTM!
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21233
___
___
Python-bugs-list mailing list
Tim Peters added the comment:
I don't see a way to test it either, but it's easy enough to prove it's correct
;-) That is, looks good to me!
--
nosy: +tim.peters
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21375
Adam Polkosnik added the comment:
If I got a file scanner in my mail gateway implemented with this, one can
easily avoid getting the contents of zip-files scanned. Is that enough of a
security impact?
--
___
Python tracker rep...@bugs.python.org
Eric Olson added the comment:
Thank you for the feedback. Sorry I didn't see your previous response until
today. I will take a look and respond tonight.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue2159
1 - 100 of 126 matches
Mail list logo
