_pyrepl._minimal_curses.tigetstr segfaults #126456
Description
Crash report
What happened?
Calling tigetstr from the _pyrepl._minimal_curses module segfaults, on free-threading or normal builds:
python -c "from _pyrepl._minimal_curses import tigetstr; tigetstr('')"
Segmentation fault
It happens in the return line of the function, on access of the .value attribute:
cpython/Lib/_pyrepl/_minimal_curses.py
Lines 55 to 61 in 5e91684
Backtrace looks like:
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:510
#1 0x00007ffff7c335ff in z_get (ptr=<optimized out>, size=<optimized out>) at ./Modules/_ctypes/cfield.c:1382
#2 0x00007ffff7c20f0a in Simple_get_value (self=0x200009b0fe0, _unused_ignored=<optimized out>) at ./Modules/_ctypes/_ctypes.c:5062
#3 0x0000555555691b7a in getset_get (self=self@entry=<getset_descriptor at remote 0x20000ac5410>,
obj=obj@entry=<c_char_p() at remote 0x200009b0fe0>, type=<optimized out>) at Objects/descrobject.c:193
#4 0x000055555570a99d in _PyObject_GenericGetAttrWithDict (obj=<c_char_p() at remote 0x200009b0fe0>, name='value',
dict=dict@entry=0x0, suppress=suppress@entry=0) at Objects/object.c:1659
#5 0x000055555570b538 in PyObject_GenericGetAttr (obj=<optimized out>, name=<optimized out>) at Objects/object.c:1741
#6 0x000055555570a740 in PyObject_GetAttr (v=v@entry=<c_char_p() at remote 0x200009b0fe0>, name='value') at Objects/object.c:1255
#7 0x000055555585be7e in _PyEval_EvalFrameDefault (tstate=tstate@entry=0x555555d2c2a0 <_PyRuntime+359904>, frame=0x7ffff7fb0088,
throwflag=throwflag@entry=0) at ./Include/internal/pycore_stackref.h:74
#8 0x000055555586fb1f in _PyEval_EvalFrame (throwflag=0, frame=<optimized out>, tstate=0x555555d2c2a0 <_PyRuntime+359904>)
at ./Include/internal/pycore_ceval.h:116
#9 _PyEval_Vector (tstate=tstate@entry=0x555555d2c2a0 <_PyRuntime+359904>, func=func@entry=0x20000ad32d0,
locals=locals@entry={'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': <type at remote 0x20000276e10>, '__spec__': None, '__builtins__': <module at remote 0x2000025c640>, 'tigetstr': <function at remote 0x200008b24d0>},
args=args@entry=0x0, argcount=argcount@entry=0, kwnames=kwnames@entry=0x0) at Python/ceval.c:1886
#10 0x000055555586fd6c in PyEval_EvalCode (co=co@entry=<code at remote 0x20000a87450>,
globals=globals@entry={'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': <type at remote 0x20000276e10>, '__spec__': None, '__builtins__': <module at remote 0x2000025c640>, 'tigetstr': <function at remote 0x200008b24d0>},
locals=locals@entry={'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': <type at remote 0x20000276e10>, '__spec__': None, '__builtins__': <module at remote 0x2000025c640>, 'tigetstr': <function at remote 0x200008b24d0>})
at Python/ceval.c:662
#11 0x000055555595452a in run_eval_code_obj (tstate=tstate@entry=0x555555d2c2a0 <_PyRuntime+359904>, co=co@entry=0x20000a87450,
globals=globals@entry={'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': <type at remote 0x20000276e10>, '__spec__': None, '__builtins__': <module at remote 0x2000025c640>, 'tigetstr': <function at remote 0x200008b24d0>},
locals=locals@entry={'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': <type at remote 0x20000276e10>, '__spec__': None, '__builtins__': <module at remote 0x2000025c640>, 'tigetstr': <function at remote 0x200008b24d0>})
at Python/pythonrun.c:1338This issue doesn't affect curses.tigetstr.
Found using fusil by @vstinner.
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux
Output from running 'python -VV' on the command line:
Python 3.14.0a1+ experimental free-threading build (heads/main-dirty:bfc1d2504c, Nov 4 2024, 07:55:58) [GCC 11.4.0]