search

wangtongada / gmpy

Automatically exported from code.google.com/p/gmpy
GNU Lesser General Public License v3.0
0 stars 0 forks source link

Segmentation fault in mpz.__format__() when specifying 'X' instead of 'x' hex output format #97

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
The mpz.__format__() method has an undocumented feature, which lets you specify 
'X' instead of 'x' to produce hexadecimal output with capital letters.

This works fine for small mpz numbers, however for large numbers there seems to 
be an off-by-one error.

What steps will reproduce the problem?

1. run the attached python script

What is the expected output?

For increasing length of hexadezimal digits of the mpz number p, 
it shows the output of format(p, "x") and format(p, "X"), respectively

What do you see instead?

- for short numbers, the output is o.k.
- starting with 46 hexdigits, an extra ')' appears in the output
  (python3 only; with python2, its "garbage" instead, starting at length 45)
- a python exception occurs at length 79
- a segmentation fault occurs at length 81
What version of the product are you using? On what operating system?

python version 3.3.5 (default, Sep 23 2014, 13:33:23) and 
python version 2.7.9 (default, Jan  2 2015, 10:37:51)

gmpy version 2.0.3

OS is Gentoo Linux, 64 bit:
Linux msppc 3.18.11-gentoo #3 SMP PREEMPT Wed May 6 16:40:22 CEST 2015 x86_64 
Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz GenuineIntel GNU/Linux

Original issue reported on code.google.com by Matthias...@gmail.com on 9 Jun 2015 at 11:01

Attachments:

GoogleCodeExporter commented 8 years ago 
I repeated the test with gmpy 2.0.5 and got a stack backtrace, see attached log.

(...)
length 56
x = abcdef0123456789abcdef0123456789abcdef0123456789abcdef01
*** stack smashing detected ***: /usr/bin/python3.3 terminated
======= Backtrace: =========
/lib64/libc.so.6(+0x72c8f)[0x7efd4d7cfc8f]
/lib64/libc.so.6(__fortify_fail+0x37)[0x7efd4d854657]
/lib64/libc.so.6(__fortify_fail+0x0)[0x7efd4d854620]
/usr/lib64/python3.3/site-packages/gmpy2.cpython-33.so(+0x1116e)[0x7efd4663716e]
/usr/lib64/python3.3/site-packages/gmpy2.cpython-33.so(+0x112de)[0x7efd466372de]
/usr/lib64/libpython3.3.so.1.0(PyObject_Call+0x7a)[0x7efd4dd7191a]
/usr/lib64/libpython3.3.so.1.0(PyObject_CallFunctionObjArgs+0xae)[0x7efd4dd7235e
]
/usr/lib64/libpython3.3.so.1.0(PyObject_Format+0x53)[0x7efd4dd72403]
/usr/lib64/libpython3.3.so.1.0(+0x10523c)[0x7efd4de1523c]
/usr/lib64/libpython3.3.so.1.0(PyEval_EvalFrameEx+0x64a1)[0x7efd4de1e461]
/usr/lib64/libpython3.3.so.1.0(PyEval_EvalCodeEx+0x84c)[0x7efd4de1fecc]
/usr/lib64/libpython3.3.so.1.0(PyEval_EvalCode+0x3b)[0x7efd4de1ff9b]
/usr/lib64/libpython3.3.so.1.0(+0x1296ef)[0x7efd4de396ef]
/usr/lib64/libpython3.3.so.1.0(PyRun_FileExFlags+0x9c)[0x7efd4de3b5bc]
/usr/lib64/libpython3.3.so.1.0(PyRun_SimpleFileExFlags+0x115)[0x7efd4de3c265]
/usr/lib64/libpython3.3.so.1.0(Py_Main+0xdd5)[0x7efd4de50e65]
/usr/bin/python3.3(main+0x1a1)[0x400e01]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7efd4d77eaa5]

Original comment by Matthias...@gmail.com on 9 Jun 2015 at 11:42

Attachments:

GoogleCodeExporter commented 8 years ago 
I've verified the bug and identified the cause.

In the function mpz_ascii(), the line

size = mpz_sizeinbase(z, base) + 11;

should be using the absolute value of base. I'll work on a patch.

Original comment by casevh on 9 Jun 2015 at 5:57

GoogleCodeExporter commented 8 years ago 
Thank you for the quick reply! And thanks for sharing gmpy2!

Original comment by Matthias...@gmail.com on 9 Jun 2015 at 6:49

GoogleCodeExporter commented 8 years ago 
I forgot to ask: if you are working on a fix now anyway, maybe you want to add 
the missing documentation for the 'X' format specifier, too?

Original comment by Matthias...@gmail.com on 9 Jun 2015 at 7:36

GoogleCodeExporter commented 8 years ago 
Hi,

I've fixed the bug in the development code which will become the 2.1.0 release. 
It is located at https://github.com/aleaxit/gmpy

Are you will to test the 2.1.0 version? Most of the changes are related to MPFR 
and MPC support and the context manager is now thread-safe.

Since Google will shutting down Google Code, the development has moved to 
Github. This makes it a bit more difficult to make a 2.0.6 release but I'll try 
to do it within a week or two.

BTW, the fix is just the following line:

size = mpz_sizeinbase(z, (base < 0 ? -base : base)) + 11;

Original comment by casevh on 10 Jun 2015 at 7:01

GoogleCodeExporter commented 8 years ago 
Thank you for the fix and sorry for not answering earlier.

As for your question: I use gmpy only occasionally, so I'm probably not a good 
tester 
for the upcoming release. However, I will keep reporting bugs as I find them... 
;-)

Original comment by Matthias...@gmail.com on 22 Jun 2015 at 8:17

GoogleCodeExporter commented 8 years ago 
I have released version 2.0.6 which fixes the issues.

Thanks for the report.

Original comment by casevh on 6 Jul 2015 at 6:10