[New-bugs-announce] [issue45879] Access violation

vladexl report at bugs.python.org
Tue Nov 23 08:49:04 EST 2021 

New submission from vladexl <vladexl at yandex.ru>:

It seems object.c hasn't taken into account possible nullptr:

object.c: ...else if (Py_TYPE(v)->tp_as_number != NULL &&...

It seems Py_TYPE(v) returns null

StackTrace:

> python310.dll!PyObject_IsTrue(_object * v=0x1d91e2d4) Line 1444 C
  python310.dll!_PyEval_EvalFrameDefault(_ts * tstate=0x1db76f50, _frame * f=0x1c064028, int throwflag=0) Line 3793 C
  [Inline Frame] python310.dll!_PyEval_EvalFrame(_ts *) Line 46 C
  python310.dll!_PyEval_Vector(_ts * tstate=0x1db76f50, PyFrameConstructor * con=0x1bd91858, _object * locals=0x00000000, _object * const * args=0x1bdf86a8, unsigned int argcount=1, _object * kwnames=0x00000000) Line 5080 C
  python310.dll!_PyFunction_Vectorcall(_object * func=0x1bd91850, _object * const * stack=0x1bdf86a8, unsigned int nargsf=2147483649, _object * kwnames=0x00000000) Line 347 C
  [Inline Frame] python310.dll!_PyObject_VectorcallTstate(_ts *) Line 114 C
  python310.dll!PyObject_Vectorcall(_object * callable=0x1bd91850, _object * const * args, unsigned int nargsf=2147483649, _object * kwnames=0x00000000) Line 123 C
  python310.dll!call_function(_ts * tstate=0x1db76f50, PyTraceInfo * trace_info=0x1bf3f7a0, _object * * * pp_stack=0x1bf3f774, int oparg=1, _object * kwnames=0x00000000) Line 5888 C
  python310.dll!_PyEval_EvalFrameDefault(_ts * tstate=0x1db76f50, _frame * f=0x1bdf8568, int throwflag=0) Line 4222 C
  [Inline Frame] python310.dll!_PyEval_EvalFrame(_ts *) Line 46 C
  python310.dll!_PyEval_Vector(_ts * tstate=0x1db76f50, PyFrameConstructor * con=0x1bd918a0, _object * locals=0x00000000, _object * const * args=0x1bde5334, unsigned int argcount=2, _object * kwnames=0x00000000) Line 5080 C
  python310.dll!_PyFunction_Vectorcall(_object * func=0x1bd91898, _object * const * stack=0x1bde5334, unsigned int nargsf=2, _object * kwnames=0x00000000) Line 347 C
  python310.dll!PyVectorcall_Call(_object * callable=0x1bd91898, _object * tuple=0x1bde5328, _object * kwargs=0x1ef3d618) Line 272 C
  python310.dll!_PyObject_Call(_ts * tstate=0x1db76f50, _object * callable=0x1bd91898, _object * args=0x1bde5328, _object * kwargs=0x1ef3d618) Line 290 C
  [Inline Frame] python310.dll!PyObject_Call(_object *) Line 317 C
  python310.dll!do_call_core(_ts * tstate=0x1db76f50, PyTraceInfo * trace_info=0x1bf3f93c, _object * func=0x1bd91898, _object * callargs=0x1bde5328, _object * kwdict=0x1ef3d618) Line 5940 C
  python310.dll!_PyEval_EvalFrameDefault(_ts * tstate=0x1db76f50, _frame * f=0x1bd7ab28, int throwflag=0) Line 4286 C
  [Inline Frame] python310.dll!_PyEval_EvalFrame(_ts *) Line 46 C
  python310.dll!_PyEval_Vector(_ts * tstate=0x1db76f50, PyFrameConstructor * con=0x1bdef930, _object * locals=0x00000000, _object * const * args=0x1bdfa164, unsigned int argcount=1, _object * kwnames=0x00000000) Line 5080 C
  python310.dll!_PyFunction_Vectorcall(_object * func=0x1bdef928, _object * const * stack=0x1bdfa164, unsigned int nargsf=2147483649, _object * kwnames=0x00000000) Line 347 C
  [Inline Frame] python310.dll!_PyObject_VectorcallTstate(_ts *) Line 114 C
  python310.dll!PyObject_Vectorcall(_object * callable=0x1bdef928, _object * const * args, unsigned int nargsf=2147483649, _object * kwnames=0x00000000) Line 123 C
  python310.dll!call_function(_ts * tstate=0x1db76f50, PyTraceInfo * trace_info=0x1bf3fa94, _object * * * pp_stack=0x1bf3fa70, int oparg=1, _object * kwnames=0x00000000) Line 5888 C
  python310.dll!_PyEval_EvalFrameDefault(_ts * tstate=0x1db76f50, _frame * f=0x1bdfa028, int throwflag=0) Line 4207 C
  [Inline Frame] python310.dll!_PyEval_EvalFrame(_ts *) Line 46 C
  python310.dll!_PyEval_Vector(_ts * tstate=0x1db76f50, PyFrameConstructor * con=0x1bdefa98, _object * locals=0x00000000, _object * const * args=0x1bc9db04, unsigned int argcount=1, _object * kwnames=0x00000000) Line 5080 C
  python310.dll!_PyFunction_Vectorcall(_object * func=0x1bdefa90, _object * const * stack=0x1bc9db04, unsigned int nargsf=2147483649, _object * kwnames=0x00000000) Line 347 C
  [Inline Frame] python310.dll!_PyObject_VectorcallTstate(_ts *) Line 114 C
  python310.dll!PyObject_Vectorcall(_object * callable=0x1bdefa90, _object * const * args, unsigned int nargsf=2147483649, _object * kwnames=0x00000000) Line 123 C
  python310.dll!call_function(_ts * tstate=0x1db76f50, PyTraceInfo * trace_info=0x1bf3fbec, _object * * * pp_stack=0x1bf3fbc8, int oparg=1, _object * kwnames=0x00000000) Line 5888 C
  python310.dll!_PyEval_EvalFrameDefault(_ts * tstate=0x1db76f50, _frame * f=0x1bc9d9c8, int throwflag=0) Line 4207 C
  [Inline Frame] python310.dll!_PyEval_EvalFrame(_ts *) Line 46 C
  python310.dll!_PyEval_Vector(_ts * tstate=0x1db76f50, PyFrameConstructor * con=0x1bdef978, _object * locals=0x00000000, _object * const * args=0x1bf3fce8, unsigned int argcount=1, _object * kwnames=0x00000000) Line 5080 C
  python310.dll!_PyFunction_Vectorcall(_object * func=0x1bdef970, _object * const * stack=0x1bf3fce8, unsigned int nargsf=1, _object * kwnames=0x00000000) Line 347 C
  python310.dll!_PyObject_VectorcallTstate(_ts * tstate=0x1db76f50, _object * callable=0x1bdef970, _object * const * args=0x1bf3fce8, unsigned int nargsf=1, _object * kwnames=0x00000000) Line 115 C
  python310.dll!method_vectorcall(_object * method=0x1e8f56e8, _object * const * args=0x087b41e4, unsigned int nargsf=0, _object * kwnames=0x00000000) Line 61 C
  python310.dll!PyVectorcall_Call(_object * callable=0x1e8f56e8, _object * tuple=0x087b41d8, _object * kwargs=0x00000000) Line 272 C
  python310.dll!_PyObject_Call(_ts * tstate=0x1db76f50, _object * callable=0x1e8f56e8, _object * args=0x087b41d8, _object * kwargs=0x00000000) Line 290 C
  [Inline Frame] python310.dll!PyObject_Call(_object * callable, _object * args=0x087b41d8, _object * kwargs) Line 317 C
  python310.dll!thread_run(void * boot_raw=0x1bdf12d8) Line 1090 C
  python310.dll!bootstrap(void * call=0x1775b860) Line 183 C
  ucrtbase.dll!thread_start<unsigned int (__stdcall*)(void *),1>() Unknown
  kernel32.dll!@BaseThreadInitThunk at 12() Unknown
  ntdll.dll!__RtlUserThreadStart() Unknown
  ntdll.dll!__RtlUserThreadStart at 8() Unknown

----------
messages: 406841
nosy: vladexl
priority: normal
severity: normal
status: open
title: Access violation
type: crash
versions: Python 3.10

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue45879>
_______________________________________

More information about the New-bugs-announce mailing list