Issue 9236: Invalid reads in fastsearch.h (original) (raw)

In test_bytes Valgrind finds two reads with negative array indices.

test_bytes ==7341== Invalid read of size 1 ==7341== at 0x4EDA24: fastsearch (fastsearch.h:143) ==7341== by 0x4F170E: bytearray_find_internal (find.h:42) ==7341== by 0x4F17BD: bytearray_rindex (bytearrayobject.c:1267) ==7341== by 0x49DDA0: PyEval_EvalFrameEx (ceval.c:4322) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== by 0x49D741: PyEval_EvalFrameEx (ceval.c:4108) ==7341== by 0x49E155: PyEval_EvalFrameEx (ceval.c:4098) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== by 0x4FE1BE: function_call (funcobject.c:526) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== by 0x49B9AB: PyEval_EvalFrameEx (ceval.c:4325) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== Address 0xcfd37df is 1 bytes before a block of size 6 alloc'd ==7341== at 0x4C2412C: malloc (vg_replace_malloc.c:195) ==7341== by 0x4C241A6: realloc (vg_replace_malloc.c:476) ==7341== by 0x4EF441: PyByteArray_Resize (bytearrayobject.c:259) ==7341== by 0x4F0F8A: bytearray_iconcat (bytearrayobject.c:340) ==7341== by 0x4F113E: bytearray_init (bytearrayobject.c:810) ==7341== by 0x468531: type_call (typeobject.c:723) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== by 0x499129: PyEval_EvalFrameEx (ceval.c:4230) ==7341== by 0x49E155: PyEval_EvalFrameEx (ceval.c:4098) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== by 0x4FE1BE: function_call (funcobject.c:526) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== ==7341== ==7341== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y ==7341== starting debugger with cmd: /usr/bin/gdb -nw /proc/7507/fd/1014 7507 GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu"... Attaching to program: /proc/7507/fd/1014, process 7507 fastsearch (s=0xcfd37e0 "world", n=0, p=0xa0170b4 "worm", m=4, maxcount=, mode=2) at Objects/stringlib/fastsearch.h:143 143 if (!STRINGLIB_BLOOM(mask, s[i-1])) (gdb) p i $1 = 0

==7341== ==7341== Debugger has detached. Valgrind regains control. We continue. ==7341== Invalid read of size 1 ==7341== at 0x4ED9B0: fastsearch (fastsearch.h:149) ==7341== by 0x4F0938: bytearray_rsplit (split.h:311) ==7341== by 0x49E6C1: PyEval_EvalFrameEx (ceval.c:4012) ==7341== by 0x49E155: PyEval_EvalFrameEx (ceval.c:4098) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== by 0x4FE1BE: function_call (funcobject.c:526) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== by 0x49B9AB: PyEval_EvalFrameEx (ceval.c:4325) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== by 0x4FE1BE: function_call (funcobject.c:526) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== by 0x42237E: instancemethod_call (classobject.c:2578) ==7341== Address 0xf7c508f is 1 bytes before a block of size 12 alloc'd ==7341== at 0x4C2412C: malloc (vg_replace_malloc.c:195) ==7341== by 0x4C241A6: realloc (vg_replace_malloc.c:476) ==7341== by 0x4EF441: PyByteArray_Resize (bytearrayobject.c:259) ==7341== by 0x4F0F8A: bytearray_iconcat (bytearrayobject.c:340) ==7341== by 0x4F113E: bytearray_init (bytearrayobject.c:810) ==7341== by 0x468531: type_call (typeobject.c:723) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== by 0x499129: PyEval_EvalFrameEx (ceval.c:4230) ==7341== by 0x49E155: PyEval_EvalFrameEx (ceval.c:4098) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== by 0x4FE1BE: function_call (funcobject.c:526) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== ==7341== ==7341== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y ==7341== starting debugger with cmd: /usr/bin/gdb -nw /proc/7534/fd/1014 7534 GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu"... Attaching to program: /proc/7534/fd/1014, process 7534 fastsearch (s=0xf7c5090 "mississippi", n=0, p=0x9eba16c "ss", m=2, maxcount=-1, mode=2) at Objects/stringlib/fastsearch.h:149 149 if (!STRINGLIB_BLOOM(mask, s[i-1])) (gdb) p i $1 = 0