Bugs item #1456209, was opened at 2006-03-22 10:47 Message generated for change (Comment added) made by tim_one You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1456209&group_id=5470
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Python Interpreter Core Group: None Status: Closed Resolution: Fixed Priority: 5 Submitted By: Armin Rigo (arigo) Assigned to: Nobody/Anonymous (nobody) Summary: dictobject.c:dictresize() vulnerability Initial Comment: We thought we squashed the last of the modify-the-dict-from-a-custom-eq kind of bugs long ago. Too bad. ---------------------------------------------------------------------- >Comment By: Tim Peters (tim_one) Date: 2006-10-09 16:29 Message: Logged In: YES user_id=31435 I backported the parts of rev 46589 relevant to this bug to the 2.4 maint branch, as rev 52256, for Python 2.4.4. ---------------------------------------------------------------------- Comment By: Tim Peters (tim_one) Date: 2006-06-01 11:54 Message: Logged In: YES user_id=31435 Patch 1497053 was checked in as revision 46589 of the trunk for Python 2.5, so closing this. I doubt it's worth the effort to backport to 2.4. ---------------------------------------------------------------------- Comment By: Armin Rigo (arigo) Date: 2006-06-01 09:20 Message: Logged In: YES user_id=4771 Fixed by patch #1497053. ---------------------------------------------------------------------- Comment By: Armin Rigo (arigo) Date: 2006-03-22 11:32 Message: Logged In: YES user_id=4771 The cause of the bug is that if oldtable == mp->ma_smalltable then pure Python code can mangle with mp->ma_smalltable while it is being walked on. A simple fix would be to always make a copy of the oldtable if it is mp->ma_smalltable (not only if oldtable == newtable). Attached a more efficient fix, which should also make dict resizing somehow faster. It requires yet another version of the lookup algorithm, though. It's a very simple version that assumes that all items are different and the dict contains no dummy entries. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1456209&group_id=5470 _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
