1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
"""
The regular expression engine in '_sre' can segfault when interpreting
bogus bytecode.
It is unclear whether this is a real bug or a "won't fix" case like
bogus_code_obj.py, because it requires bytecode that is built by hand,
as opposed to compiled by 're' from a string-source regexp. The
difference with bogus_code_obj, though, is that the only existing regexp
compiler is written in Python, so that the C code has no choice but
accept arbitrary bytecode from Python-level.
The test below builds and runs random bytecodes until 'match' crashes
Python. I have not investigated why exactly segfaults occur nor how
hard they would be to fix. Here are a few examples of 'code' that
segfault for me:
[21, 50814, 8, 29, 16]
[21, 3967, 26, 10, 23, 54113]
[29, 23, 0, 2, 5]
[31, 64351, 0, 28, 3, 22281, 20, 4463, 9, 25, 59154, 15245, 2,
16343, 3, 11600, 24380, 10, 37556, 10, 31, 15, 31]
Here is also a 'code' that triggers an infinite uninterruptible loop:
[29, 1, 8, 21, 1, 43083, 6]
"""
import _sre, random
def pick():
n = random.randrange(-65536, 65536)
if n < 0:
n &= 31
return n
ss = ["", "world", "x" * 500]
while 1:
code = [pick() for i in range(random.randrange(5, 25))]
print code
pat = _sre.compile(None, 0, code)
for s in ss:
try:
pat.match(s)
except RuntimeError:
pass
|