Issue 13461: Error on test_issue_1395_5 with Python 2.7 and VS2010 (original) (raw)
The problem is in CTextIOWrapperTest.test_issue1395_5 Here is the backtrace:
msvcr100d.dll!memset() Line 145 Asmmsvcr100d.dll!_heap_alloc_dbg_impl(unsigned __int64 nSize, int nBlockUse, const char * szFileName, int nLine, int * errno_tmp) Line 498 C++ msvcr100d.dll!_nh_malloc_dbg_impl(unsigned __int64 nSize, int nhFlag, int nBlockUse, const char * szFileName, int nLine, int * errno_tmp) Line 239 + 0x22 bytes C++ msvcr100d.dll!_nh_malloc_dbg(unsigned __int64 nSize, int nhFlag, int nBlockUse, const char * szFileName, int nLine) Line 302 + 0x2a bytes C++ msvcr100d.dll!malloc(unsigned __int64 nSize) Line 56 + 0x21 bytes C++ python27_d.dll!PyObject_Malloc(unsigned __int64 nbytes) Line 944 C python27_d.dll!_PyObject_DebugMallocApi(char id, unsigned __int64 nbytes) Line 1445 + 0xa bytes C python27_d.dll!_PyObject_DebugMalloc(unsigned __int64 nbytes) Line 1413 C python27_d.dll!PyString_FromStringAndSize(const char * str, __int64 size) Line 88 + 0x11 bytes C python27_d.dll!do_mkvalue(const char * * p_format, char * * p_va, int flags) Line 427 + 0xf bytes C python27_d.dll!va_build_value(const char * format, char * va, int flags) Line 537 + 0x14 bytes C python27_d.dll!_Py_VaBuildValue_SizeT(const char * format, char * va) Line 511 C python27_d.dll!_PyObject_CallMethod_SizeT(_object * o, char * name, char * format, ...) Line 2671 + 0xf bytes C python27_d.dll!textiowrapper_tell(textio * self, _object * args) Line 2222 + 0x2c bytes C
So the problem happens when calling in textio.c: {{{ PyObject *decoded = PyObject_CallMethod( self->decoder, "decode", "s#", input, 1); }}}
self->decoder is of type "_io.IncrementalNewlineDecoder" and input is "BBB".
This will result in PyString_FromStringAndSize being called with size = 4294967297, which will cause the server to fall.
What if you replace:
PyObject *decoded = PyObject_CallMethod( self->decoder, "decode", "s#", input, 1);
with:
PyObject *decoded = PyObject_CallMethod( self->decoder, "decode", "s#", input, (Py_ssize_t) 1);