Serhiy Storchaka <storchaka+cpyt...@gmail.com> added the comment: Using nested _PyMem_DebugRawRealloc() looks suspicions to me. This may be a bug.
But even without nested _PyMem_DebugRawRealloc() writing to the extra memory after using realloc() looks wrong to me. This can break other non-trivial system allocators which write an information past the allocated block. This can cause a segfault if unused memory pages are returned to OS. After creating the PR I have found that it literally restores the code of 2.7 and 3.3. 3.4 and later contain this bug. The bug looks enough serious to me for fixing it in 3.4 and 3.5. ---------- nosy: +larry title: Crash in _PyUnicode_DecodeUnicodeEscape on OpenBSD -> Writing in freed memory in _PyMem_DebugRawRealloc() after shrinking a memory block versions: +Python 3.4, Python 3.5, Python 3.6 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue31626> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
