Ticket #157 (closed defect: invalid)

Opened 5 years ago

Last modified 5 years ago

pyyaml-3.09 dumps core

Reported by: rich@… Owned by: xi
Priority: normal Component: pyyaml
Severity: critical Keywords:
Cc: rich@…

Description

I'm not sure how to provide a small demonstration here.

In the "spread" module, (SpreadModule? on pypi), there is a type spread.MembershipMsg? which contains a "group_id", spread.MembershipMsg?.group_id. The group_id is an opaque type. I'm not sure how to generate one of these easily aside from bringing up a spread system, which seems like overkill.

In any case, attempting to serialize this opaque type with pyyaml results in a python core dump.

I recognize that pyyaml can't possibly know how to serialize or unserialize this sort of object. However, I think that attempting to do so should result in a suitable exception rather than an interpreter core dump.

I'll find another way around my problem. But chasing down this dump took me a couple of days. If it had been an exception, I'd have found the problem in minutes.

Change History

comment:1 Changed 5 years ago by xi

  • Status changed from new to closed
  • Resolution set to invalid

I'm not convinced the crash is caused by PyYAML code. PyYAML uses the pickle protocol to serialize objects regardless whether they are implemented in Python or in C. It looks like a bug in the spread module.

comment:2 Changed 5 years ago by rich@…

The dump is in pyyaml. The "fault" or cause may lie in the programmer's naive mixture of pyyaml with SpreadModule? but the fact that pyyaml dumps core at all is problematic.

I grant that the SpreadModule? is also problematic in part due to this opaque type. However, I suspect that other opaque types will also cause pyyaml to dump.

A more robust library would recognize this situation and produce an exception rather than dumping core. Defensive programming is more useful than passing blame.

Your library, your choice. I just figured you'd appreciate a heads up.

comment:3 Changed 5 years ago by rich@…

If the pickle library also suffers from this same flaw then it might make sense to leave this unresolved in pyyaml until such time as it is resolved in pickle. If that's the case, then we should probably file a ticket against pickle for the same problem.

comment:4 Changed 5 years ago by xi

Why do you think the dump is in pyyaml? Could you provide a stack trace?

comment:5 Changed 5 years ago by rich@…

I don't have a stack trace as I don't have either pyyaml, libyaml, nor python built with symbols. I'm using standard packages. Ubuntu lucid for python and libyaml, pypi for pyyaml.

Using pdb, if I step over yaml.dump, I get the core dump. That's as fine grain as I've been able to narrow the dump.

comment:6 Changed 5 years ago by xi

Are you using pure Python or libyaml based emitter?

Note: See TracTickets for help on using tickets.