summaryrefslogtreecommitdiffstats
path: root/Lib/test/crashers
Commit message (Collapse)AuthorAgeFilesLines
* Sorry, sorry! Ignore my previous two commits. I mixed up the versionArmin Rigo2009-09-032-21/+0
| | | | | of python with which I tried running the crashers. They don't crash the current HEAD.
* Does not terminate: consume all memory without responding to Ctrl-C.Armin Rigo2009-09-031-0/+10
| | | | I am not too sure why, but you can surely find out by gdb'ing a bit...
* Found the next crasher by thinking about this logic in PyPy.Armin Rigo2009-09-031-0/+11
|
* thanks to guido's bytecode verifier, this is fixedBenjamin Peterson2009-03-291-47/+0
|
* this has been fixed since 2.6 (I love removing these)Benjamin Peterson2009-03-291-14/+0
|
* Ivan on IRC in #twisted reported this crasher.Armin Rigo2009-02-061-0/+5
|
* #3720: Interpreter crashes when an evil iterator removes its own next function.Amaury Forgeot d'Arc2009-01-121-53/+0
| | | | | | Now the slot is filled with a function that always raises. Will not backport: extensions compiled with 2.6.x would not run on 2.6.0.
* A collection of crashers, all variants of the ideaArmin Rigo2008-08-291-0/+53
| | | | of issue #3720.
* Sounds obvious, but I didn't even realize that you can put non-stringArmin Rigo2008-06-121-4/+3
| | | | keys in type dictionaries without using this locals() hack.
* A new crasher.Armin Rigo2008-04-251-0/+31
|
* Fix test67.py from issue #1303614.Guido van Rossum2008-01-241-21/+0
|
* Fix two crashers.Guido van Rossum2008-01-232-42/+0
|
* This got fixed for classic classes in r60057,Guido van Rossum2008-01-181-17/+0
| | | | and backported to 2.5.2 in 60056.
* Remove duplicate crasher.Georg Brandl2007-10-211-8/+0
|
* Add a crasher for the long-standing issue with closing a fileArmin Rigo2007-10-211-0/+14
| | | | while another thread uses it.
* Fix a crasher where Python code managed to infinitely recurse in C code withoutBrett Cannon2007-09-074-38/+0
| | | | | | | ever going back out to Python code in PyObject_Call(). Required introducing a static RuntimeError instance so that normalizing an exception there is no reliance on a recursive call that would put the exception system over the recursion check itself.
* PyDict_GetItem() returns a borrowed reference.Armin Rigo2007-09-061-0/+28
| | | | | This attack is against ceval.c:IMPORT_NAME, which calls an object (__builtin__.__import__) without holding a reference to it.
* PyDict_GetItem() returns a borrowed reference.Armin Rigo2007-09-051-0/+14
| | | | | There are probably a number of places that are open to attacks such as the following one, in bltinmodule.c:min_max().
* Add a crasher for the thread-unsafety of file objects.Georg Brandl2007-08-281-0/+8
|
* Fix for #1303614 and #1174712:Armin Rigo2007-05-022-32/+0
| | | | | | | - __dict__ descriptor abuse for subclasses of built-in types - subclassing from both ModuleType and another built-in types Thanks zseil for the patch.
* Modify the segfaulting example to show why r53997 is not a solution toArmin Rigo2007-02-281-0/+20
| | | | it.
* Add checking for a number of metaclass error conditions.Jeremy Hylton2007-02-271-19/+0
| | | | | | | | | | | | | | | | | | | | | | | We add some new rules that are required for preserving internal invariants of types. 1. If type (or a subclass of type) appears in bases, it must appear before any non-type bases. If a non-type base (like a regular new-style class) occurred first, it could trick type into allocating the new class an __dict__ which must be impossible. 2. There are several checks that are made of bases when creating a type. Those checks are now repeated when assigning to __bases__. We also add the restriction that assignment to __bases__ may not change the metaclass of the type. Add new tests for these cases and for a few other oddball errors that were no previously tested. Remove a crasher test that was fixed. Also some internal refactoring: Extract the code to find the most derived metaclass of a type and its bases. It is now needed in two places. Rewrite the TypeError checks in test_descr to use doctest. The tests now clearly show what exception they expect to see.
* Fix crasher for when an object's __del__ creates a new weakref to itself.Brett Cannon2007-01-231-1/+2
| | | | | | Patch only fixes new-style classes; classic classes still buggy. Closes bug #1377858. Already backported.
* Another crasher.Armin Rigo2006-09-251-0/+36
|
* Add a "crasher" taken from the sgml bug report referenced in the commentNeal Norwitz2006-09-111-0/+16
|
* The regular expression engine in '_sre' can segfault when interpretingArmin Rigo2006-08-251-0/+47
| | | | | bogus bytecode. It is unclear whether this is a real bug or a "won't fix" case like bogus_code_obj.py.
* Document the crashers that will not go away soon as "won't fix",Armin Rigo2006-07-252-0/+15
| | | | and explain why.
* Added another crasher, which hit me today (I was not intentionallyArmin Rigo2006-07-251-0/+16
| | | | | writing such code, of course, but it took some gdb time to figure out what my bug was).
* Document why is and is not a good way to fix the gc_inspection crasher.Armin Rigo2006-07-251-0/+15
|
* A couple of examples about how to attack the fact that _PyType_Lookup()Armin Rigo2006-07-062-0/+67
| | | | returns a borrowed ref. Many of the calls are open to attack.
* SF bug #1296433 (Expat bug #1515266): Unchecked calls to character dataFred Drake2006-07-011-56/+0
| | | | | | | | handler would cause a segfault. This merges in Expat's lib/xmlparse.c revisions 1.154 and 1.155, which fix this and a closely related problem (the later does not affect Python). Moved the crasher test to the tests for xml.parsers.expat.
* A couple of crashers of the "won't fix" kind.Armin Rigo2006-06-282-0/+26
|
* If a classic class defined a __coerce__() method that just returned its twoBrett Cannon2006-06-131-9/+0
| | | | | | | | arguments in reverse, the interpreter would infinitely recourse trying to get a coercion that worked. So put in a recursion check after a coercion is made and the next call to attempt to use the coerced values. Fixes bug #992017 and closes crashers/coerce.py .
* An object with __call__ as an attribute, when called, will have that ↵Brett Cannon2006-06-091-9/+0
| | | | | | attribute checked for __call__ itself, and will continue to look until it finds an object without the attribute. This can lead to an infinite recursion. Closes bug #532646, again. Will be backported.
* [ 1497053 ] Let dicts propagate the exceptions in user __eq__().Armin Rigo2006-06-011-32/+0
| | | | [ 1456209 ] dictresize() vulnerability ( <- backport candidate ).
* A dictresize() attack. If oldtable == mp->ma_smalltable then pureArmin Rigo2006-04-181-0/+32
| | | | | Python code can mangle with mp->ma_smalltable while it is being walked over.
* add a very old crasher from the 2.1 -> 2.2 round of dictionary fixes.Michael W. Hudson2006-04-181-0/+47
|
* Copy note from leakers README here too. We want to keep all test cases.Neal Norwitz2006-04-141-0/+5
|
* Set svn:eol-style to native.Tim Peters2006-03-012-72/+72
|
* collected my segfaulting Python examples from the SF trackersArmin Rigo2006-01-148-0/+99
| | | | (is the purpose of the crashers directory to scare people? :-)
* Whitespace normalization.Tim Peters2006-01-132-73/+72
|
* add another crash reported by Thomas WoutersNeal Norwitz2006-01-111-0/+10
|
* As I threatened on python-dev, add a directory which contains all knownNeal Norwitz2006-01-104-0/+97
bugs which cause the interpreter to crash. I'm sure we can find a few more. Many missing bugs deal with variations on unchecked infinite recursion (like coerce.py).
generated by cgit v0.12 at 2025-08-27 20:34:08 (GMT)