[Python-Dev] segfaults due to hash randomization in C OrderedDict (original) (raw)

MRAB python at mrabarnett.plus.com
Fri May 22 00:06:25 CEST 2015

On 2015-05-21 22:52, Eric Snow wrote:

Good catch. Unfortunately, sticking "keys = ((PyDictObject *)od)->ma_keys;" right after "hash = ..." did not make a difference. I still get the same segfault.

So, does it change sometimes?

On Thu, May 21, 2015 at 11:17 AM, MRAB <python at mrabarnett.plus.com> wrote:

On 2015-05-21 15:55, Eric Snow wrote:

(see http://bugs.python.org/issue16991)

I an working on resolving an intermittent segfault that my C OrderedDict patch introduces. The failure happens in test_configparser (RawConfigParser uses OrderedDict internally), but only sporadically. However, Ned pointed out to me that it appears to be related to hash randomization, which I have verified. I'm looking into it.

In the meantime, here's a specific question. What would lead to the pattern of failures I'm seeing? I've verified that the segfault happens consistently for certain hash randomization seeds and never for the rest. I don't immediately recognize the pattern but expect that it would shed some light on where the problem lies. I ran the following command with the OrderedDict patch applied:

for i in seq 1 100; do echo i;PYTHONHASHSEED=i; PYTHONHASHSEED=i;PYTHONHASHSEED=i ./python -m test.regrtest -m test_basic test_configparser ; done

Through 100 I get segfaults with seeds of 7, 15, 35, 37, 39, 40, 42, 47, 50, 66, 67, 85, 87, 88, and 92. I expect the distribution across all seeds is uniform, but I haven't verified that.

Thoughts?

In "_odict_get_index", for example (there are others), you're caching "ma_keys":

PyDictKeysObject *keys = ((PyDictObject *)od)->ma_keys;

If it resizes, you go back to the label "start", which is after that line, but could "ma_keys" change when it's resized?

More information about the Python-Dev mailing list