[NumPy-Tickets] [NumPy] #1766: Nested recarray crashes numpy 1.5.x on Python 3.x
NumPy Trac
numpy-tickets@scipy....
Fri Mar 11 18:05:12 CST 2011
#1766: Nested recarray crashes numpy 1.5.x on Python 3.x
------------------------+---------------------------------------------------
Reporter: cgohlke | Owner: somebody
Type: defect | Status: new
Priority: normal | Milestone: Unscheduled
Component: numpy.core | Version: 1.5.1
Keywords: |
------------------------+---------------------------------------------------
Changes (by cgohlke):
* component: Other => numpy.core
Comment:
I could reproduce the segmentation fault on 64 bit Ubuntu with Python
3.1.2 and numpy 1.5.1.
The crash occurs in line 209, in function _buffer_format_string, of
numpy/core/src/multiarray/buffer.c:
{{{
for (k = 0; k < PyTuple_GET_SIZE(descr->subarray->shape); ++k) {
if (k > 0) {
_append_char(str, ',');
}
item = PyTuple_GET_ITEM(descr->subarray->shape, k);
dim_size = PyNumber_AsSsize_t(item, NULL); /* <--
crash */
PyOS_snprintf(buf, sizeof(buf), "%ld", (long)dim_size);
_append_str(str, buf);
total_count *= dim_size;
}
}}}
It seems that `descr->subarray->shape` is not a valid tuple and the macros
`PyTuple_GET_SIZE` and `PyTuple_GET_ITEM` don't check for validity.
--
Ticket URL: <http://projects.scipy.org/numpy/ticket/1766#comment:1>
NumPy <http://projects.scipy.org/numpy>
My example project
More information about the NumPy-Tickets
mailing list