[New-bugs-announce] [issue11994] [2.7/gcc-4.4.3] Segfault under valgrind in string.split()

Stefan Krah report at bugs.python.org
Wed May 4 08:21:23 CEST 2011 

New submission from Stefan Krah <stefan-usenet at bytereef.org>:

I can reproduce this only with gcc-4.4.3, so it could also be
a compiler bug. Also, the segfault only occurs when python is
compiled with optimizations and run under valgrind.


hg up 2.7
make distclean
./configure
make
valgrind --suppressions=Misc/valgrind-python.supp ./python
>>> s = "-- -- --"
>>> s.split('--')
==29273== Invalid read of size 4
==29273==    at 0x456C73: PyObject_Free (obmalloc.c:969)
==29273==    by 0x4AD3BD: compiler_unit_free (compile.c:424)
==29273==    by 0x4B6785: compiler_mod (compile.c:521)
==29273==    by 0x4B69B5: PyAST_Compile (compile.c:289)
==29273==    by 0x4CD564: PyRun_InteractiveOneFlags (pythonrun.c:1343)
==29273==    by 0x4CD80D: PyRun_InteractiveLoopFlags (pythonrun.c:765)
==29273==    by 0x4CDFFA: PyRun_AnyFileExFlags (pythonrun.c:734)
==29273==    by 0x4172E9: Py_Main (main.c:599)
==29273==    by 0x56F2C4C: (below main) (libc-start.c:226)
==29273==  Address 0x61d3020 is not stack'd, malloc'd or (recently) free'd
==29273== 
==29273== Invalid read of size 4
==29273==    at 0x456C73: PyObject_Free (obmalloc.c:969)
==29273==    by 0x4B6785: compiler_mod (compile.c:521)
==29273==    by 0x4B69B5: PyAST_Compile (compile.c:289)
==29273==    by 0x4CD564: PyRun_InteractiveOneFlags (pythonrun.c:1343)
==29273==    by 0x4CD80D: PyRun_InteractiveLoopFlags (pythonrun.c:765)
==29273==    by 0x4CDFFA: PyRun_AnyFileExFlags (pythonrun.c:734)
==29273==    by 0x4172E9: Py_Main (main.c:599)
==29273==    by 0x56F2C4C: (below main) (libc-start.c:226)
==29273==  Address 0x61d3020 is not stack'd, malloc'd or (recently) free'd
==29273== 
==29273== Invalid read of size 8
==29273==    at 0x43E5A8: list_print (listobject.c:341)
==29273==    by 0x454CAF: internal_print (object.c:315)
==29273==    by 0x432128: PyFile_WriteObject (fileobject.c:110)
==29273==    by 0x4D3857: sys_displayhook (sysmodule.c:115)
==29273==    by 0x41BD66: PyObject_Call (abstract.c:2529)
==29273==    by 0x4A4CB2: PyEval_CallObjectWithKeywords (ceval.c:3882)
==29273==    by 0x4AA568: PyEval_EvalFrameEx (ceval.c:1739)
==29273==    by 0x4ACE90: PyEval_EvalCodeEx (ceval.c:3253)
==29273==    by 0x4ACFA1: PyEval_EvalCode (ceval.c:667)
==29273==    by 0x4CD57E: PyRun_InteractiveOneFlags (pythonrun.c:1346)
==29273==    by 0x4CD80D: PyRun_InteractiveLoopFlags (pythonrun.c:765)
==29273==    by 0x4CDFFA: PyRun_AnyFileExFlags (pythonrun.c:734)
==29273==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==29273== 
==29273== 
==29273== Process terminating with default action of signal 11 (SIGSEGV)
==29273==  Access not within mapped region at address 0x0
==29273==    at 0x43E5A8: list_print (listobject.c:341)
==29273==    by 0x454CAF: internal_print (object.c:315)
==29273==    by 0x432128: PyFile_WriteObject (fileobject.c:110)
==29273==    by 0x4D3857: sys_displayhook (sysmodule.c:115)
==29273==    by 0x41BD66: PyObject_Call (abstract.c:2529)
==29273==    by 0x4A4CB2: PyEval_CallObjectWithKeywords (ceval.c:3882)
==29273==    by 0x4AA568: PyEval_EvalFrameEx (ceval.c:1739)
==29273==    by 0x4ACE90: PyEval_EvalCodeEx (ceval.c:3253)
==29273==    by 0x4ACFA1: PyEval_EvalCode (ceval.c:667)
==29273==    by 0x4CD57E: PyRun_InteractiveOneFlags (pythonrun.c:1346)
==29273==    by 0x4CD80D: PyRun_InteractiveLoopFlags (pythonrun.c:765)
==29273==    by 0x4CDFFA: PyRun_AnyFileExFlags (pythonrun.c:734)
==29273==  If you believe this happened as a result of a stack
==29273==  overflow in your program's main thread (unlikely but
==29273==  possible), you can try to increase the size of the
==29273==  main thread stack using the --main-stacksize= flag.
==29273==  The main thread stack size used in this run was 8388608.
[''==29273== 
==29273== HEAP SUMMARY:
==29273==     in use at exit: 2,198,606 bytes in 1,256 blocks
==29273==   total heap usage: 7,315 allocs, 6,059 frees, 7,364,086 bytes allocated
==29273== 
==29273== LEAK SUMMARY:
==29273==    definitely lost: 0 bytes in 0 blocks
==29273==    indirectly lost: 0 bytes in 0 blocks
==29273==      possibly lost: 641,033 bytes in 353 blocks
==29273==    still reachable: 1,557,541 bytes in 902 blocks
==29273==         suppressed: 32 bytes in 1 blocks
==29273== Rerun with --leak-check=full to see details of leaked memory
==29273== 
==29273== For counts of detected and suppressed errors, rerun with: -v
==29273== Use --track-origins=yes to see where uninitialised values come from
==29273== ERROR SUMMARY: 416 errors from 28 contexts (suppressed: 13 from 7)
Segmentation fault

----------
components: Interpreter Core
messages: 135098
nosy: skrah
priority: normal
severity: normal
status: open
title: [2.7/gcc-4.4.3] Segfault under valgrind in string.split()
type: crash
versions: Python 2.7

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11994>
_______________________________________

More information about the New-bugs-announce mailing list