[Zope-dev] Zope 2.4 crashes -- possible fix identified, other solutions also suggested

Matthew T. Kromer matt@zope.com
Fri, 14 Dec 2001 15:07:58 -0500


We've found a problem in the restricted python compiler on Python 2.1 
which can significantly undercalculate the stack size of a dynamically 
generated python code object (such as those used for DTML and Python 
scripts in Zope).

What that means is that when such an object overflows its stack, it 
begins clobbering things in memory.  As the amount of entropy in the 
system increases, it heads for a crash.

We've got a patch into the Zope 2.4 branch and 2.5 branch which corrects 
a large number of misestimations (although we believe there are a few 
cases yet unhandled) and has resulted in a "fix" for our test case 
reproducing the problem.

You can download an "on-the-fly" tarball from our cvs.zope.org server, 
the URL for this is

http://cvs.zope.org/Zope/Zope.tar.gz?tarball=1&only_with_tag=Zope-2_4-branch

We intend on integrating a few further refinements early next week and 
putting out an official release at that time; however, applying the new 
code earlier may significantly reduce your exposure to the bug.

Also, we believe that anyone using Python 2.1 with garbage collection 
turned on should recompile Python to turn off garbage collection, using 
the flags --without-pymalloc and --without-cycle-gc to avoid additional 
exposures caused by these options.

We are evaluating a modification at this time to z2.py which would also 
disable garbage collection if it is enabled; users who cannot rebuild 
Python could modify z2.py to include the additonal lines

    import gc
    gc.disable()

to disable garbage collection at runtime.