[issue42697] 3.8.7rc1 regression: 'free(): invalid pointer' after running backports-zoneinfo test suite

Pablo Galindo Salgado report at bugs.python.org
Sun Dec 20 19:41:21 EST 2020 

Pablo Galindo Salgado <pablogsal at gmail.com> added the comment:

The symptom is that we are now trying to free something in the small integer cache that we shouldn't. Running this under the address sanitizer shows a bit more of the problem:

==190303==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x564456357fe0 in thread T0
    #0 0x7f18ad2200e9 in __interceptor_free /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:123
    #1 0x564455b03283 in _PyMem_RawFree Objects/obmalloc.c:127
    #2 0x564455b0538d in PyObject_Free Objects/obmalloc.c:709
    #3 0x564455b3b820 in object_dealloc Objects/typeobject.c:3797
    #4 0x564455b03180 in _Py_Dealloc Objects/object.c:2215
    #5 0x564455b21308 in _Py_DECREF Include/object.h:478
    #6 0x564455b21336 in _Py_XDECREF Include/object.h:541
    #7 0x564455b2305f in tupledealloc Objects/tupleobject.c:247
    #8 0x564455b03180 in _Py_Dealloc Objects/object.c:2215
    #9 0x564455f1ef6b in _Py_DECREF Include/object.h:478
    #10 0x564455f1ef99 in _Py_XDECREF Include/object.h:541
    #11 0x564455f24ed4 in code_dealloc Objects/codeobject.c:552
    #12 0x564455b03180 in _Py_Dealloc Objects/object.c:2215
    #13 0x564455a85e3c in _Py_DECREF Include/object.h:478
    #14 0x564455a892f7 in func_clear Objects/funcobject.c:579
    #15 0x564455a89704 in func_dealloc Objects/funcobject.c:600
    #16 0x564455b03180 in _Py_Dealloc Objects/object.c:2215
    #17 0x564455ac025d in _Py_DECREF Include/object.h:478
    #18 0x564455ac02ad in _Py_XDECREF Include/object.h:541
    #19 0x564455ac3178 in free_keys_object Objects/dictobject.c:584
    #20 0x564455ac1f41 in dictkeys_decref Objects/dictobject.c:324
    #21 0x564455acb293 in PyDict_Clear Objects/dictobject.c:1729
    #22 0x564455b3b00b in type_clear Objects/typeobject.c:3607
    #23 0x564455d9afa6 in delete_garbage Modules/gcmodule.c:948
    #24 0x564455d9b9c3 in collect Modules/gcmodule.c:1123
    #25 0x564455d9ee3a in _PyGC_CollectNoFail Modules/gcmodule.c:1866
    #26 0x564455ce0fe3 in PyImport_Cleanup Python/import.c:599
    #27 0x564455d29245 in Py_FinalizeEx Python/pylifecycle.c:1229
    #28 0x564455a29e99 in Py_RunMain Modules/main.c:691
    #29 0x564455a2a236 in pymain_main Modules/main.c:719
    #30 0x564455a2a5e5 in Py_BytesMain Modules/main.c:743
    #31 0x564455a269b8 in main Programs/python.c:16
    #32 0x7f18ace5a151 in __libc_start_main (/usr/lib/libc.so.6+0x28151)
    #33 0x564455a268cd in _start (/home/pablogsal/github/python/3.8/python+0x1d48cd)

0x564456357fe0 is located 192 bytes inside of global variable 'small_ints' defined in 'Objects/longobject.c:43:21' (0x564456357f20) of size 8384
SUMMARY: AddressSanitizer

Still unclear how we have reached this situation

----------

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42697>
_______________________________________

More information about the Python-bugs-list mailing list