[tahoe-dev] [pycryptopp] #19: Segmentation fault in HashMultipleBlocks

pycryptopp trac at allmydata.org
Tue Sep 8 04:58:40 UTC 2009


#19: Segmentation fault in HashMultipleBlocks
---------------------+------------------------------------------------------
Reporter:  francois  |           Owner:  francois
    Type:  defect    |          Status:  new     
Priority:  major     |         Version:  0.5.1   
Keywords:            |   Launchpad_bug:          
---------------------+------------------------------------------------------

Comment(by nejucomo):

 When looking at the stack trace I see that the message size is ~140
 Terrabytes, so either Francois has quite the heavy-duty application, or
 this is related to the corruption.

 Here's an untested hypothesis:

 PyArg_ParseTupleAndKeywords is called with "t#" and passed msgsize, a
 Py_ssize_t, to receive the length.

 The documentation on python argument parsing says "t#" is like "s#" and
 "s#" says:
 """
 Starting with Python 2.5 the type of the length argument can be controlled
 by defining the macro PY_SSIZE_T_CLEAN before including Python.h. If the
 macro is defined, length is a Py_ssize_t rather than an int.
 """
 See: http://docs.python.org/c-api/arg.html

 So maybe on x86_64 and with PY_SSIZE_T_CLEAN toggled the wrong way,
 PyArg_ParseTupleAndKeywords (which is a varargs function) writes the
 output arguments using the wrong boundaries.


 Another curious potential for a bug is the implicit cast of msgsize to a
 size_t when calling VerifyMessage, but I haven't thought that one out yet.

-- 
Ticket URL: <http://allmydata.org/trac/pycryptopp/ticket/19#comment:5>
pycryptopp <http://allmydata.org/trac/pycryptopp>
Python bindings for the Crypto++ library


More information about the tahoe-dev mailing list