Skip to content

bz2.BZ2File.__init__() cannot be called twice with non-existent file #64077

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Level mannequin opened this issue Dec 3, 2013 · 8 comments
Closed

bz2.BZ2File.__init__() cannot be called twice with non-existent file #64077

Level mannequin opened this issue Dec 3, 2013 · 8 comments
Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@Level
Copy link
Mannequin

Level mannequin commented Dec 3, 2013

BPO 19878
Nosy @vstinner, @ned-deily, @serhiy-storchaka, @vajrasky
Files
  • fix_segfault_in_bz2_init_non_existent_file.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2013-12-08.14:49:31.829>
created_at = <Date 2013-12-03.18:51:08.909>
labels = ['interpreter-core', 'type-crash']
title = 'bz2.BZ2File.__init__() cannot be called twice with non-existent file'
updated_at = <Date 2013-12-10.16:23:19.713>
user = 'https://bugs.python.org/Level'

    bugs.python.org fields:

    activity = <Date 2013-12-10.16:23:19.713>
actor = 'python-dev'
assignee = 'nadeem.vawda'
closed = True
closed_date = <Date 2013-12-08.14:49:31.829>
closer = 'python-dev'
components = ['Interpreter Core']
creation = <Date 2013-12-03.18:51:08.909>
creator = 'Level'
dependencies = []
files = ['32965']
hgrepos = []
issue_num = 19878
keywords = ['patch']
message_count = 8.0
messages = ['205137', '205143', '205149', '205151', '205159', '205194', '205568', '205834']
nosy_count = 7.0
nosy_names = ['vstinner', 'nadeem.vawda', 'ned.deily', 'python-dev', 'serhiy.storchaka', 'vajrasky', 'Level']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'crash'
url = 'https://bugs.python.org/issue19878'
versions = ['Python 2.7']
    @Level
    Copy link
    Mannequin Author

    Level mannequin commented Dec 3, 2013 

    [level@<removed> fuzz]# cat pyfile.py
import bz2
obj = bz2.BZ2File('/tmp/fileName')
obj.__init__("fileName")
obj.__reduce__
[level@<removed> fuzz]# gdb --args python pyfile.py
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/python...(no debugging symbols found)...done.
Missing separate debuginfos, use: debuginfo-install python-2.6.6-37.el6_4.i686 python-2.6.6-37.el6_4.x86_64
(gdb) r
Starting program: /usr/bin/python pyfile.py
[Thread debugging using libthread_db enabled]
Traceback (most recent call last):
  File "pyfile.py", line 3, in <module>
    obj.__init__("fileName")
IOError: [Errno 2] No such file or directory: 'fileName'

    Program received signal SIGSEGV, Segmentation fault.
    0x00007ffff7a98170 in PyFile_DecUseCount () from /usr/lib64/libpython2.6.so.1.0
    (gdb)

    @Level Level mannequin added interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump labels Dec 3, 2013
    @ned-deily
    Copy link
    Member

    Sorry, the Python 2.6 series is now officially retired. As of 2.6.9, "All official maintenance for Python 2.6, including security patches, has ended." If you can reproduce the problem with a currently supported version of Python, such as Python 2.7.6 or 3.3.3, please reopen with similar documentation.

    http://www.python.org/download/releases/2.6.9/

    @vstinner
    Copy link
    Member

    vstinner commented Dec 3, 2013

    I can reproduce the issue with Python 2.7. The problem is that BZ2File.__init__() doesn't reset the object when __init__() is called twice.

    For example, the following script fails with "too many open files" error, before the previous file is not called:
    ---

    import bz2
obj = bz2.BZ2File('bla.bz2')
for loop in range(1024*10):
    obj.__init__('bla.bz2')

    By the way, why do you call __init__() twice? Why not creating a new object?

    BZ2File was rewritten in pure Python in Python 3.3. Python 3.3+ is not affected by this issue.

    @vstinner vstinner changed the title PyFile_DecUseCount() SIGSEGV bz2.BZ2File.__init__() cannot be called twice Dec 3, 2013
    @vstinner vstinner reopened this Dec 3, 2013
    @Level
    Copy link
    Mannequin Author

    Level mannequin commented Dec 3, 2013

    I was fuzzing the interpreter otherwise it would init itself

    @nadeemvawda
    Copy link
    Mannequin

    nadeemvawda mannequin commented Dec 3, 2013

    It appears that this *does* affect 2.7 (though not 3.2, 3.3 or 3.4, fortunately):

        ~/src/cpython/2.7☿ gdb --ex run --args ./python -c 'import bz2; obj = bz2.BZ2File("/dev/null"); obj.__init__("")'
    «... snip banner ...»
    Starting program: /home.u/nadeem/src/cpython/2.7/./python -c import\ bz2\;\ obj\ =\ bz2.BZ2File\(\"/dev/null\"\)\;\ obj.__init__\(\"\"\)
    [Thread debugging using libthread_db enabled]
    Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
    IOError: [Errno 2] No such file or directory: ''
    Program received signal SIGSEGV, Segmentation fault.
0x0000000000431d3e in PyFile_DecUseCount (fobj=0x0) at [Objects/fileobject.c:89](https://github.com/python/cpython/blob/main/Objects/fileobject.c#L89)
89          fobj->unlocked_count--;

    @nadeemvawda nadeemvawda mannequin self-assigned this Dec 3, 2013
    @vajrasky
    Copy link
    Mannequin

    vajrasky mannequin commented Dec 4, 2013

    Here is the preliminary patch.

    @vajrasky vajrasky mannequin changed the title bz2.BZ2File.__init__() cannot be called twice bz2.BZ2File.__init__() cannot be called twice with non-existent file Dec 4, 2013
    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Dec 8, 2013

    New changeset 55a748f6e396 by Nadeem Vawda in branch '2.7':
    Closes bpo-19878: Fix segfault in bz2 module.
    http://hg.python.org/cpython/rev/55a748f6e396

    @python-dev python-dev mannequin closed this as completed Dec 8, 2013
    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Dec 10, 2013

    New changeset 3337298f5c75 by Nadeem Vawda in branch '2.7':
    Skip test for bpo-19878 on Windows.
    http://hg.python.org/cpython/rev/3337298f5c75

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @vstinner @ned-deily