[issue27826] Null-pointer dereference in tuplehash() function

2016-08-22 Thread Raymond Hettinger
Raymond Hettinger added the comment: Closing as won't fix. It is impractical to make marshal resilient against bytecode hacks and it is likewise impractical to put a NULL pointer check in-front of every dereference in the language. -- resolution: -> wont fix status: open -> closed _

[issue27826] Null-pointer dereference in tuplehash() function

2016-08-22 Thread STINNER Victor
STINNER Victor added the comment: > And it is hard to protect from such situation in marshal.c. Python doesn't validate marshal nor bytecode. It's a deliberate choice to get best performances. -- nosy: +haypo ___ Python tracker

[issue27826] Null-pointer dereference in tuplehash() function

2016-08-21 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: The simplest example: import marshal t = [], t[0].append(t) b = marshal.dumps(t) b = bytearray(b) b[2] = b'<'[0] marshal.loads(b) Create a recursive tuple containing a list containing a reference to original tuple. Marshal it and replace TYPE_LIST ('[') by T

[issue27826] Null-pointer dereference in tuplehash() function

2016-08-21 Thread Raymond Hettinger
Raymond Hettinger added the comment: It may be better to focus on Python/marshal.c to see if there are ways to make it more robust (at least checking to see if all of the n entries allocated in a container were actually filled). -- ___ Python tracke

[issue27826] Null-pointer dereference in tuplehash() function

2016-08-21 Thread Raymond Hettinger
Raymond Hettinger added the comment: > but it might be better to avoid a crash here. I'm reluctant to introduce changes like this, especially in the middle of a loop. This code and code like it has been nonproblematic for Python's 26 year history. The code throughout tupleobject.c assumes we

[issue27826] Null-pointer dereference in tuplehash() function

2016-08-21 Thread Raymond Hettinger
Changes by Raymond Hettinger : -- assignee: -> rhettinger nosy: +rhettinger ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue27826] Null-pointer dereference in tuplehash() function

2016-08-21 Thread Artem Smotrakov
Changes by Artem Smotrakov : -- keywords: +patch Added file: http://bugs.python.org/file44184/tuplehash.patch ___ Python tracker ___ _

[issue27826] Null-pointer dereference in tuplehash() function

2016-08-21 Thread Artem Smotrakov
New submission from Artem Smotrakov: A null-pointer dereference may happen while deserialization incorrect data with marshal.loads() function. Here is a test which reproduces this (see also attached marshal_tuplehash_null_dereference.py): import marshal value = ( # tuple1 "thi