Bugs item #1456209, was opened at 2006-03-22 15:47 Message generated for change (Settings changed) made by arigo You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1456209&group_id=5470
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Python Interpreter Core Group: None >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Armin Rigo (arigo) Assigned to: Nobody/Anonymous (nobody) Summary: dictobject.c:dictresize() vulnerability Initial Comment: We thought we squashed the last of the modify-the-dict-from-a-custom-eq kind of bugs long ago. Too bad. ---------------------------------------------------------------------- >Comment By: Armin Rigo (arigo) Date: 2006-06-01 13:20 Message: Logged In: YES user_id=4771 Fixed by patch #1497053. ---------------------------------------------------------------------- Comment By: Armin Rigo (arigo) Date: 2006-03-22 16:32 Message: Logged In: YES user_id=4771 The cause of the bug is that if oldtable == mp->ma_smalltable then pure Python code can mangle with mp->ma_smalltable while it is being walked on. A simple fix would be to always make a copy of the oldtable if it is mp->ma_smalltable (not only if oldtable == newtable). Attached a more efficient fix, which should also make dict resizing somehow faster. It requires yet another version of the lookup algorithm, though. It's a very simple version that assumes that all items are different and the dict contains no dummy entries. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1456209&group_id=5470 _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com