Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bytearray double free or corruption #68956

Closed
pidpawel mannequin opened this issue Jul 31, 2015 · 4 comments
Closed

Bytearray double free or corruption #68956

pidpawel mannequin opened this issue Jul 31, 2015 · 4 comments
Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@pidpawel
Copy link
Mannequin

pidpawel mannequin commented Jul 31, 2015

BPO 24768
Nosy @pitrou, @benjaminp, @vadmium, @1st1
Files
  • deltest.py: Used test
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2015-07-31.23:50:44.947>
created_at = <Date 2015-07-31.21:28:56.665>
labels = ['interpreter-core', 'type-crash']
title = 'Bytearray double free or corruption'
updated_at = <Date 2015-08-01.00:13:24.090>
user = 'https://bugs.python.org/pidpawel'

    bugs.python.org fields:

    activity = <Date 2015-08-01.00:13:24.090>
actor = 'martin.panter'
assignee = 'none'
closed = True
closed_date = <Date 2015-07-31.23:50:44.947>
closer = 'pitrou'
components = ['Interpreter Core']
creation = <Date 2015-07-31.21:28:56.665>
creator = 'pidpawel'
dependencies = []
files = ['40087']
hgrepos = []
issue_num = 24768
keywords = []
message_count = 4.0
messages = ['247774', '247789', '247790', '247793']
nosy_count = 5.0
nosy_names = ['pitrou', 'benjamin.peterson', 'martin.panter', 'yselivanov', 'pidpawel']
pr_nums = []
priority = 'normal'
resolution = 'out of date'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'crash'
url = 'https://bugs.python.org/issue24768'
versions = ['Python 3.4']
    @pidpawel
    Copy link
    Mannequin Author

    pidpawel mannequin commented Jul 31, 2015

    I've managed to isolate some code whish results in core dump/heap corruption. I've tested it on Python 3.4 and 2.7. On 2.7 works fine, on 3.4.3 bug exists.

    Example backtraces:

    ⌠ aqua ~ Error!
    ⌡ <%pidpawel> time ./deltest.py
    *** Error in `python3': malloc(): memory corruption: 0x0000000001ef0940 ***

    Then process hangs, or:

    ⌠ aqua ~ Error!
    ⌡ <%pidpawel> time ./deltest.py
    *** Error in `python3': double free or corruption (!prev): 0x00000000009a7370 ***
    ======= Backtrace: =========
    /lib64/libc.so.6(+0x7233b)[0x7f90baca633b]
    /lib64/libc.so.6(+0x7780e)[0x7f90bacab80e]
    /lib64/libc.so.6(+0x77ffb)[0x7f90bacabffb]
    /usr/lib64/libpython3.4.so.1.0(PyByteArray_Resize+0xd2)[0x7f90bb256c22]
    /usr/lib64/libpython3.4.so.1.0(+0x6cc82)[0x7f90bb257c82]
    /usr/lib64/libpython3.4.so.1.0(+0x6d5d0)[0x7f90bb2585d0]
    /usr/lib64/libpython3.4.so.1.0(PyEval_EvalFrameEx+0xcb5)[0x7f90bb2f9be5]
    /usr/lib64/libpython3.4.so.1.0(PyEval_EvalCodeEx+0x85e)[0x7f90bb3015ce]
    /usr/lib64/libpython3.4.so.1.0(PyEval_EvalCode+0x3b)[0x7f90bb30169b]
    /usr/lib64/libpython3.4.so.1.0(+0x1319e4)[0x7f90bb31c9e4]
    /usr/lib64/libpython3.4.so.1.0(PyRun_FileExFlags+0x9d)[0x7f90bb31e99d]
    /usr/lib64/libpython3.4.so.1.0(PyRun_SimpleFileExFlags+0x101)[0x7f90bb31f871]
    /usr/lib64/libpython3.4.so.1.0(Py_Main+0xd6c)[0x7f90bb334f5c]
    python3(main+0x169)[0x400b09]
    /lib64/libc.so.6(__libc_start_main+0xf0)[0x7f90bac547b0]
    python3[0x400bb6]
    ======= Memory map: ========
    00400000-00401000 r-xp 0000000 08:02 7177593 /usr/bin/python3.4
    00601000-00602000 r--p 00001000 08:02 7177593 /usr/bin/python3.4
    00602000-00603000 rw-p 00002000 08:02 7177593 /usr/bin/python3.4
    008c0000-009d5000 rw-p 0000000 00:00 0 [heap]
    7f90b94c9000-7f90b94df000 r-xp 0000000 08:02 4729096 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.9.3/libgcc_s.so.1
    7f90b94df000-7f90b96de000 ---p 00016000 08:02 4729096 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.9.3/libgcc_s.so.1
    7f90b96de000-7f90b96df000 r--p 00015000 08:02 4729096 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.9.3/libgcc_s.so.1
    7f90b96df000-7f90b96e0000 rw-p 00016000 08:02 4729096 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.9.3/libgcc_s.so.1
    7f90b96e0000-7f90b96e2000 r-xp 0000000 08:02 4255845 /usr/lib64/python3.4/lib-dynload/_random.cpython-34.so
    7f90b96e2000-7f90b98e2000 ---p 00002000 08:02 4255845 /usr/lib64/python3.4/lib-dynload/_random.cpython-34.so
    7f90b98e2000-7f90b98e3000 r--p 00002000 08:02 4255845 /usr/lib64/python3.4/lib-dynload/_random.cpython-34.so
    7f90b98e3000-7f90b98e4000 rw-p 00003000 08:02 4255845 /usr/lib64/python3.4/lib-dynload/_random.cpython-34.so
    7f90b98e4000-7f90b98f9000 r-xp 0000000 08:02 2496055 /lib64/libz.so.1.2.8
    7f90b98f9000-7f90b9af8000 ---p 00015000 08:02 2496055 /lib64/libz.so.1.2.8
    7f90b9af8000-7f90b9af9000 r--p 00014000 08:02 2496055 /lib64/libz.so.1.2.8
    7f90b9af9000-7f90b9afa000 rw-p 00015000 08:02 2496055 /lib64/libz.so.1.2.8
    7f90b9afa000-7f90b9d0d000 r-xp 0000000 08:02 4067396 /usr/lib64/libcrypto.so.1.0.0
    7f90b9d0d000-7f90b9f0c000 ---p 00213000 08:02 4067396 /usr/lib64/libcrypto.so.1.0.0
    7f90b9f0c000-7f90b9f2a000 r--p 00212000 08:02 4067396 /usr/lib64/libcrypto.so.1.0.0
    7f90b9f2a000-7f90b9f36000 rw-p 00230000 08:02 4067396 /usr/lib64/libcrypto.so.1.0.0
    7f90b9f36000-7f90b9f3a000 rw-p 0000000 00:00 0
    7f90b9f70000-7f90b9f75000 r-xp 0000000 08:02 4218152 /usr/lib64/python3.4/lib-dynload/_hashlib.cpython-34.so
    7f90b9f75000-7f90ba174000 ---p 0000500 08:02 4218152 /usr/lib64/python3.4/lib-dynload/_hashlib.cpython-34.so
    7f90ba174000-7f90ba175000 r--p 00004000 08:02 4218152 /usr/lib64/python3.4/lib-dynload/_hashlib.cpython-34.so
    7f90ba175000-7f90ba176000 rw-p 0000500 08:02 4218152 /usr/lib64/python3.4/lib-dynload/_hashlib.cpython-34.so
    7f90ba176000-7f90ba17e000 r-xp 0000000 08:02 4255848 /usr/lib64/python3.4/lib-dynload/math.cpython-34.so
    7f90ba17e000-7f90ba37d000 ---p 00008000 08:02 4255848 /usr/lib64/python3.4/lib-dynload/math.cpython-34.so
    7f90ba37d000-7f90ba37e000 r--p 00007000 08:02 4255848 /usr/lib64/python3.4/lib-dynload/math.cpython-34.so
    7f90ba37e000-7f90ba380000 rw-p 00008000 08:02 4255848 /usr/lib64/python3.4/lib-dynload/math.cpython-34.so
    7f90ba380000-7f90ba531000 rw-p 0000000 00:00 0
    7f90ba531000-7f90ba62c000 r-xp 0000000 08:02 2497839 /lib64/libm-2.21.so
    7f90ba62c000-7f90ba82b000 ---p 000fb000 08:02 2497839 /lib64/libm-2.21.so
    7f90ba82b000-7f90ba82c000 r--p 000fa000 08:02 2497839 /lib64/libm-2.21.so
    7f90ba82c000-7f90ba82d000 rw-p 000fb000 08:02 2497839 /lib64/libm-2.21.so
    7f90ba82d000-7f90ba82f000 r-xp 0000000 08:02 2497844 /lib64/libutil-2.21.so
    7f90ba82f000-7f90baa2e000 ---p 00002000 08:02 2497844 /lib64/libutil-2.21.so
    7f90baa2e000-7f90baa2f000 r--p 00001000 08:02 2497844 /lib64/libutil-2.21.so
    7f90baa2f000-7f90baa30000 rw-p 00002000 08:02 2497844 /lib64/libutil-2.21.so
    7f90baa30000-7f90baa32000 r-xp 0000000 08:02 2497833 /lib64/libdl-2.21.so
    7f90baa32000-7f90bac32000 ---p 00002000 08:02 2497833 /lib64/libdl-2.21.so
    7f90bac32000-7f90bac33000 r--p 00002000 08:02 2497833 /lib64/libdl-2.21.so
    7f90bac33000-7f90bac34000 rw-p 00003000 08:02 2497833 /lib64/libdl-2.21.so
    7f90bac34000-7f90badc6000 r-xp 0000000 08:02 2497854 /lib64/libc-2.21.so
    7f90badc6000-7f90bafc5000 ---p 00192000 08:02 2497854 /lib64/libc-2.21.so
    7f90bafc5000-7f90bafc9000 r--p 00191000 08:02 2497854 /lib64/libc-2.21.so
    7f90bafc9000-7f90bafcb000 rw-p 00195000 08:02 2497854 /lib64/libc-2.21.so
    7f90bafcb000-7f90bafcf000 rw-p 0000000 00:00 0
    7f90bafcf000-7f90bafe6000 r-xp 0000000 08:02 2497856 /lib64/libpthread-2.21.so
    7f90bafe6000-7f90bb1e5000 ---p 00017000 08:02 2497856 /lib64/libpthread-2.21.so
    7f90bb1e5000-7f90bb1e6000 r--p 00016000 08:02 2497856 /lib64/libpthread-2.21.so
    7f90bb1e6000-7f90bb1e7000 rw-p 00017000 08:02 2497856 /lib64/libpthread-2.21.so
    7f90bb1e7000-7f90bb1eb000 rw-p 0000000 00:00 0
    7f90bb1eb000-7f90bb3fc000 r-xp 0000000 08:02 4072268 /usr/lib64/libpython3.4.so.1.0
    7f90bb3fc000-7f90bb5fc000 ---p 00211000 08:02 4072268 /usr/lib64/libpython3.4.so.1.0
    7f90bb5fc000-7f90bb5fe000 r--p 00211000 08:02 4072268 /usr/lib64/libpython3.4.so.1.0
    7f90bb5fe000-7f90bb65a000 rw-p 00213000 08:02 4072268 /usr/lib64/libpython3.4.so.1.0
    7f90bb65a000-7f90bb675000 rw-p 0000000 00:00 0
    7f90bb675000-7f90bb697000 r-xp 0000000 08:02 2497855 /lib64/ld-2.21.so
    7f90bb6b6000-7f90bb85a000 r--p 0000000 08:02 4590880 /usr/lib64/locale/locale-archive
    7f90bb85a000-7f90bb85f000 rw-p 0000000 00:00 0
    7f90bb88d000-7f90bb88e000 rw-p 0000000 00:00 0
    7f90bb88e000-7f90bb895000 r--s 0000000 08:02 4343229 /usr/lib64/gconv/gconv-modules.cache
    7f90bb895000-7f90bb896000 rw-p 0000000 00:00 0
    7f90bb896000-7f90bb897000 r--p 00021000 08:02 2497855 /lib64/ld-2.21.so
    7f90bb897000-7f90bb898000 rw-p 00022000 08:02 2497855 /lib64/ld-2.21.so
    7f90bb898000-7f90bb899000 rw-p 0000000 00:00 0
    7fff3a184000-7fff3a1a5000 rw-p 0000000 00:00 0 [stack]
    7fff3a1c4000-7fff3a1c6000 r--p 0000000 00:00 0 [vvar]
    7fff3a1c6000-7fff3a1c8000 r-xp 0000000 00:00 0 [vdso]
    ffffffffff600000-ffffffffff601000 r-xp 0000000 00:00 0 [vsyscall]
    zsh: abort ./deltest.py
    ./deltest.py 0,06s user 0,01s system 97% cpu 0,075 total

    @pidpawel pidpawel mannequin added interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump labels Jul 31, 2015
    @vadmium
    Copy link
    Member

    vadmium commented Jul 31, 2015

    Reproduceable on 32 bit x86 Arch Linux.

    FTR this is not bpo-23985, since that was fixed in 3.4.3. I have not investigated, but maybe it shares the same cause (bpo-19087). Also, it may be helpful to build with “./configure --with-pydebug” to pinpoint the problem.

    @pitrou
    Copy link
    Member

    pitrou commented Jul 31, 2015

    This was actually fixed in 98c1201d8eea, which didn't make it into 3.4.3.

    @pitrou pitrou closed this as completed Jul 31, 2015
    @vadmium
    Copy link
    Member

    vadmium commented Aug 1, 2015

    Ah yes, I was confused. The bug fix isn’t actually in 3.4.3.

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @vadmium @pitrou