Issue 18368: PyOS_StdioReadline() leaks memory when realloc() fails (original) (raw)

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/62568

classification

Title: PyOS_StdioReadline() leaks memory when realloc() fails
Type: resource usage Stage: resolved
Components: Interpreter Core Versions: Python 3.3, Python 3.4

process

Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, kristjan.jonsson, python-dev, serhiy.storchaka, vstinner
Priority: normal Keywords: patch

Created on 2013-07-05 20:02 by christian.heimes, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
osreadline.patch christian.heimes,2013-07-05 20:02 review
Pull Requests
URL Status Linked Edit
PR 12334 merged cstratak,2019-03-14 16:33
Messages (7)
msg192352 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-07-05 20:02
PyOS_StdioReadline() contains code such as: p = (char *)PyMem_REALLOC(p, n + incr); The code looses its pointer to p when realloc fails and has no chance to free the memory in p. Also the code sets PyExc_OverflowError when incr > INT_MAX but it doesn't return NULL to signal the error.
msg192959 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2013-07-12 19:10
A similar issue: #14909.
msg192968 - (view) Author: Kristján Valur Jónsson (kristjan.jonsson) * (Python committer) Date: 2013-07-12 20:24
Is it sufficient to check incr > INT_MAX to guard against overflow?
msg194532 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2013-08-06 09:03
The patch can be a little simplified (the "else" keyword is redundant), but in general it LGTM. Let's push.
msg194547 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2013-08-06 14:03
New changeset 5859a3ec5b7e by Christian Heimes in branch '3.3': Issue #18368: PyOS_StdioReadline() no longer leaks memory when realloc() fails. http://hg.python.org/cpython/rev/5859a3ec5b7e New changeset 6dbc4d6ff31e by Christian Heimes in branch 'default': Issue #18368: PyOS_StdioReadline() no longer leaks memory when realloc() fails. http://hg.python.org/cpython/rev/6dbc4d6ff31e
msg194549 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-06 14:16
Serhiy: Thanks for the review Kristján: Yes, it's enough to check for incr > INT_MAX. The buffer size is incremented to a value of <= (2*n)+2 in each round. The start value is 100. The loop is terminated once the buffer size reaches INT_MAX-2.
msg338339 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-03-19 10:43
New changeset d9c6564f90ead067c2e288f01825684821b7a129 by Victor Stinner (stratakis) in branch '2.7': [2.7] bpo-18368: Fix memory leaks in PyOS_StdioReadline() when realloc() fails (GH-12334) https://github.com/python/cpython/commit/d9c6564f90ead067c2e288f01825684821b7a129
History
Date User Action Args
2022-04-11 14:57:47 admin set github: 62568
2019-03-19 10:43:33 vstinner set messages: +
2019-03-14 16:33:29 cstratak set pull_requests: + <pull%5Frequest12305>
2013-08-16 13:03:14 christian.heimes set status: pending -> closed
2013-08-06 14:16:12 christian.heimes set status: open -> pendingresolution: fixedmessages: + stage: patch review -> resolved
2013-08-06 14:03:46 python-dev set nosy: + python-devmessages: +
2013-08-06 09:03:26 serhiy.storchaka set messages: +
2013-07-12 20:24:16 kristjan.jonsson set messages: +
2013-07-12 19:10:56 serhiy.storchaka set nosy: + kristjan.jonsson, serhiy.storchakamessages: +
2013-07-12 18:44:56 vstinner set nosy: + vstinner
2013-07-05 20:02:43 christian.heimes create