Public bug reported: Description of problem: In Python, nis.cat() with long string argument will lead to crash of Python interpreter. But Python developers claim that it's a not a bug in Python but in glibc.
The related report in Python bug tracker: https://bugs.python.org/issue43587 Steps to Reproduce: 1. install Python 3(CPython) 2. type the following code "import nis;nis.cat('/','abs/'*10000000)" and run it with Python A Python example: ===================================================== Python 3.10.0a6 (default, Mar 19 2021, 11:45:56) [GCC 7.5.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import nis; >>> nis.cat('/','abs/'*10000000) Segmentation fault (core dumped) ===================================================== Attached gdb result: >>> import nis; >>> nis.cat('/','abs/'*10000000) Program received signal SIGSEGV, Segmentation fault. 0x00007ffff67bccdc in yp_bind_file (ysd=0x9b03c0, domain=0x7ffff4192040 "abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/abs/"...) at ypclnt.c:84 84 ypclnt.c: No such file or directory. (gdb) Attached valgrind result: >>> import nis >>> nis.cat('/','abs/'*10000000) ==25360== Warning: client switching stacks? SP change: 0x1ffefff520 --> 0x1ffc9d9af8 ==25360== to suppress, use: --max-stackframe=40000040 or greater ==25360== Invalid write of size 8 ==25360== at 0x7E3FCDC: yp_bind_file (ypclnt.c:84) ==25360== by 0x7E3FCDC: __yp_bind.part.2 (ypclnt.c:179) ==25360== Address 0x1ffc9d9af8 is on thread 1's stack ==25360== ==25360== ==25360== Process terminating with default action of signal 11 (SIGSEGV) ==25360== Access not within mapped region at address 0x1FFC9D9AF8 ==25360== at 0x7E3FCDC: yp_bind_file (ypclnt.c:84) ==25360== by 0x7E3FCDC: __yp_bind.part.2 (ypclnt.c:179) ==25360== If you believe this happened as a result of a stack ==25360== overflow in your program's main thread (unlikely but ==25360== possible), you can try to increase the size of the ==25360== main thread stack using the --main-stacksize= flag. ==25360== The main thread stack size used in this run was 8388608. ==25360== Invalid write of size 8 ==25360== at 0x4A2867A: _vgnU_freeres (vg_preloaded.c:57) ==25360== Address 0x1ffc9d9af0 is on thread 1's stack ==25360== ==25360== ==25360== Process terminating with default action of signal 11 (SIGSEGV) ==25360== Access not within mapped region at address 0x1FFC9D9AF0 ==25360== at 0x4A2867A: _vgnU_freeres (vg_preloaded.c:57) ==25360== If you believe this happened as a result of a stack ==25360== overflow in your program's main thread (unlikely but ==25360== possible), you can try to increase the size of the ==25360== main thread stack using the --main-stacksize= flag. ==25360== The main thread stack size used in this run was 8388608. ==25360== ==25360== HEAP SUMMARY: ==25360== in use at exit: 45,108,440 bytes in 33,832 blocks ==25360== total heap usage: 84,181 allocs, 50,349 frees, 54,298,362 bytes allocated ==25360== ==25360== LEAK SUMMARY: ==25360== definitely lost: 104 bytes in 1 blocks ==25360== indirectly lost: 0 bytes in 0 blocks ==25360== possibly lost: 44,967,758 bytes in 32,993 blocks ==25360== still reachable: 140,578 bytes in 838 blocks ==25360== suppressed: 0 bytes in 0 blocks ==25360== Rerun with --leak-check=full to see details of leaked memory ==25360== ==25360== For lists of detected and suppressed errors, rerun with: -s ==25360== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0) Segmentation fault (core dumped) ** Affects: glibc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1922985 Title: long string causes segmentation fault in ypclnt.c To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1922985/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
