right list for SIGABRT python binary question ?

Karsten Hilbert Karsten.Hilbert at gmx.net
Wed Nov 1 06:45:07 EDT 2017 

On Wed, Nov 01, 2017 at 11:14:08AM +0100, Karsten Hilbert wrote:

> Or rather: I need to find out which "place" a given address
> refers to, check whether the changing addresses always belong
> to the same "place" between runs and _then_ map a "place" to
> its address and breakpoint that address on yet another run.
> 
> It might seem
> 
> 	gdb> info symbol <the address>
> 
> should give me the "place".

Given this:

	Debug memory block at address p=0x6aab7c: API ''
	    0 bytes originally requested
	    The 3 pad bytes at p-3 are not all FORBIDDENBYTE (0xfb):
	        at p-3: 0x33 *** OUCH
	        at p-2: 0x47 *** OUCH
	        at p-1: 0x00 *** OUCH
	    Because memory is corrupted at the start, the count of bytes requested
	       may be bogus, and checking the trailing pad bytes may segfault.
	    The 4 pad bytes at tail=0x6aab7c are not all FORBIDDENBYTE (0xfb):
	        at tail+0: 0x00 *** OUCH
	        at tail+1: 0x00 *** OUCH
	        at tail+2: 0x00 *** OUCH
	        at tail+3: 0x00 *** OUCH
	    The block was made by call #0 to debug malloc/realloc.
	Fatal Python error: bad ID: Allocated using API '', verified using API 'o'

	Program received signal SIGABRT, Aborted.
	0xb7fd9ce9 in __kernel_vsyscall ()
	(gdb) info symbol 0x6aab7c
	_Py_ZeroStruct in section .data of /usr/bin/python2.7-dbg
	(gdb)

my assumption would be that something clobbers 0x6aab7c,
which seems to be in (?) _Py_ZeroStruct in this run. I'll
re-run a few times to make sure the corruption "reliably"
hits _Py_ZeroStruct.

If so, I'll set a memory write breakpoint on _Py_ZeroStruct.

Am I on the right track ?

Thanks,
Karsten

BTW, the backtrace for this run was ...

	(gdb) bt
	#0  0xb7fd9ce9 in __kernel_vsyscall ()
	#1  0xb7d70dd0 in __libc_signal_restore_set (set=0xbfffee90) at ../sysdeps/unix/sysv/linux/nptl-signals.h:79
	#2  __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:48
	#3  0xb7d72297 in __GI_abort () at abort.c:89
	#4  0x0055fb74 in Py_FatalError (msg=0xbffff13c "bad ID: Allocated using API '\037', verified using API 'o'") at ../Python/pythonrun.c:1700
	#5  0x00499adb in _PyObject_DebugCheckAddressApi (api=111 'o', p=0x6aab7c <_Py_ZeroStruct>) at ../Objects/obmalloc.c:1640
	#6  0x004997a5 in _PyObject_DebugFreeApi (api=111 'o', p=0x6aab7c <_Py_ZeroStruct>) at ../Objects/obmalloc.c:1527
	#7  0x0049964f in _PyObject_DebugFree (p=0x6aab7c <_Py_ZeroStruct>) at ../Objects/obmalloc.c:1471
	#8  0x00471043 in int_dealloc (v=0x6aab7c <_Py_ZeroStruct>) at ../Objects/intobject.c:139

... so I could've known without "info symbol" :-)

	#9  0x00497bee in _Py_Dealloc (op=False) at ../Objects/object.c:2262
	#10 0x004885d7 in insertdict_by_entry (mp=0xb7fc5674, key='dont_write_bytecode', hash=591857026, ep=0x7c5c08, value=None) at ../Objects/dictobject.c:519
	#11 0x00488857 in insertdict (mp=0xb7fc5674, key='dont_write_bytecode', hash=591857026, value=None) at ../Objects/dictobject.c:556
	#12 0x0048910f in dict_set_item_by_hash_or_entry (
		op={
	    	'setrecursionlimit': None,
	    	'dont_write_bytecode': None,
	    	'getfilesystemencoding': <built-in function getfilesystemencoding>,
	    	'long_info': <sys.long_info at remote 0xb7f936e8>,
	    	'path_importer_cache': None,
	    	'stdout': <file at remote 0xb7fcd098>,
	    	'getprofile': <built-in function getprofile>,
	    	'__stdin__': <file at remote 0xb7fcd028>,
	    	'version_info': <sys.version_info at remote 0xb7fcfd80>,
	    	'exc_clear': <built-in function exc_clear>, 'gettotalrefcount': <built-in function gettotalrefcount>, 'getrefcount': <built-in function getrefcount>, 'byteorder': 'little', '_clear_type_cache': None, 'excepthook': <built-in function excepthook>, 'subversion': ('CPython', '', ''), '_multiarch': None, 'exc_type': None, 'ps1': None, '__excepthook__': <built-in function excepthook>, 'executable': '/usr/bin/python2.7-dbg', 'float_info': None, 'copyright': 'Copyright (c) 2001-2017 Python Software Foundation.\nAll Rights Reserved.\n\nCopyright (c) 2000 BeOpen.com.\nAll Rights Reserved.\n\nCopyright (c) 1995-2001 Corporation for Nation...(truncated), key='dont_write_bytecode', hash=591857026, ep=0x0, value=None
		) at ../Objects/dictobject.c:795
	#13 0x00489285 in PyDict_SetItem (
	    op={'setrecursionlimit': None, 'dont_write_bytecode': None, 'getfilesystemencoding': <built-in function getfilesystemencoding>, 'long_info': <sys.long_info at remote
	    0xb7f936e8>, 'path_importer_cache': None, 'stdout': <file at remote 0xb7fcd098>, 'getprofile': <built-in function getprofile>, '__stdin__': <file at remote 0xb7fcd028>, 'version_info': <sys.version_info at remote 0xb7fcfd80>, 'exc_clear': <built-in function exc_clear>, 'gettotalrefcount': <built-in function gettotalrefcount>, 'getrefcount': <built-in function getrefcount>, 'byteorder': 'little', '_clear_type_cache': None, 'excepthook': <built-in function excepthook>, 'subversion': ('CPython', '', ''), '_multiarch': None, 'exc_type': None, 'ps1': None, '__excepthook__': <built-in function excepthook>, 'executable': '/usr/bin/python2.7-dbg', 'float_info': None, 'copyright': 'Copyright (c) 2001-2017 Python Software Foundation.\nAll Rights Reserved.\n\nCopyright (c) 2000 BeOpen.com.\nAll Rights Reserved.\n\nCopyright (c) 1995-2001 Corporation for Nation...(truncated), key='dont_write_bytecode', value=None) at ../Objects/dictobject.c:848
	#14 0x0049281f in _PyModule_Clear (m=<module at remote 0xb7f935d4>) at ../Objects/moduleobject.c:139
	#15 0x0054a3ec in PyImport_Cleanup () at ../Python/import.c:540
	#16 0x0055c53c in Py_Finalize () at ../Python/pythonrun.c:458
	#17 0x0055fe9c in Py_Exit (sts=1) at ../Python/pythonrun.c:1783
	#18 0x0055e0fc in handle_system_exit () at ../Python/pythonrun.c:1151
	#19 0x0055e152 in PyErr_PrintEx (set_sys_last_vars=1) at ../Python/pythonrun.c:1161
	#20 0x0055dd5b in PyErr_Print () at ../Python/pythonrun.c:1064
	#21 0x0055d61f in PyRun_SimpleFileExFlags (fp=0x7ee010, filename=0xbffff7e6 "./bootstrap_gm_db_system.py", closeit=1, flags=0xbffff4f4) at ../Python/pythonrun.c:952
	#22 0x0055cc4e in PyRun_AnyFileExFlags (fp=0x7ee010, filename=0xbffff7e6 "./bootstrap_gm_db_system.py", closeit=1, flags=0xbffff4f4) at ../Python/pythonrun.c:752
	#23 0x00577cb0 in Py_Main (argc=5, argv=0xbffff684) at ../Modules/main.c:645
	#24 0x004259c8 in main (argc=5, argv=0xbffff684) at ../Modules/python.c:20

--

More information about the Python-list mailing list