Issue 22035: Fatal error in dbm.gdbm (original) (raw)

Created on 2014-07-22 10:20 by serhiy.storchaka, last changed 2022-04-11 14:58 by admin.

Files
File name Uploaded Description Edit
dbm_gdbm_fatal_error.patch serhiy.storchaka,2014-07-22 10:20 review
Messages (7)
msg223658 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2014-07-22 10:20
It is possible to crash Python by breaking opened gdbm database. >>> import _gdbm as dbm >>> db = dbm.open('x.db', 'n') >>> open('x.db', 'wb').close() >>> db[b'a'] = b'b' gdbm fatal: read error Proposed patch tries to convert fatal gdbm into regular exception or in Python fatal error (which at least produces traceback). >>> import _gdbm as dbm >>> db = dbm.open('x.db', 'n') >>> open('x.db', 'wb').close() >>> db[b'a'] = b'b' Traceback (most recent call last): File "", line 1, in _gdbm.error: gdbm fatal: read error
msg236005 - (view) Author: Mark Lawrence (BreamoreBoy) * Date: 2015-02-14 22:55
Would somebody please review Serhiy's patch.
msg236006 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-02-14 23:03
Oh, Mark, please stop shaking up bug tracker.
msg239688 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2015-03-31 12:05
I would prefer to avoid setgmp/longjmp, it's kind of a hack. It's maybe more a design issue in the gdbm library to report errors. I proposed a generic signal handler using setjmp/longjmp to convert SIGSEGV to regular Python exceptions, but it was rejected: issue #3999.
msg239689 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2015-03-31 12:06
> Oh, Mark, please stop shaking up bug tracker. I agree: please stop posting useless messages, and review patches instead.
msg239773 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-04-01 08:39
The patch for was rejected because Python internal state may be corrupted when the SIGSEGV signal is raised. This is not the case of this issue. gdbm fatal function is called when Python is in consistent state. So we free to use any Python C-API. But internal state of concrete GDBM_FILE may be corrupted, so we shouldn't use it after handling fatal error. This cause a leak, but I think that a leak with an exception is better than just a crash. May be different type of exception should be raised. May be we need FatalError that inherits from BaseException. Other external libraries used by the stdlib also can crash, and perhaps crashes can be converted to exceptions. This issue is only first in the series.
msg239778 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2015-04-01 09:47
2015-04-01 10:39 GMT+02:00 Serhiy Storchaka <report@bugs.python.org>: > Other external libraries used by the stdlib also can crash, and perhaps crashes can be converted to exceptions. This issue is only first in the series. I don't think that it's a good practice to try to workaround bugs. IMO it's better to modify libraries directly to allow users of the library to handle correctly errors.
History
Date User Action Args
2022-04-11 14:58:06 admin set github: 66234
2019-03-15 22:15:58 BreamoreBoy set nosy: - BreamoreBoy
2015-04-01 09:47:12 vstinner set messages: +
2015-04-01 08:39:57 serhiy.storchaka set messages: +
2015-03-31 12:06:08 vstinner set messages: +
2015-03-31 12:05:31 vstinner set messages: +
2015-03-31 10:38:12 serhiy.storchaka set nosy: + vstinner
2015-02-14 23:03:50 serhiy.storchaka set messages: +
2015-02-14 22:55:43 BreamoreBoy set nosy: + BreamoreBoymessages: +
2014-08-06 14:59:50 serhiy.storchaka set keywords: + needs review
2014-07-22 10:20:40 serhiy.storchaka create