On Tue, Dec 30, 2008 at 10:41 PM, Daniel (ajax) Diniz
A reliable way to get that in a --with-pydebug build seems to be:
~/py3k$ ./python -c "import locale; locale.format_string(1,1)" * ob object :
type : tuple refcount: 0 address : 0x825c76c * op->_ob_prev->_ob_next NULL * op->_ob_next->_ob_prev object : type : tuple refcount: 0 address : 0x825c76c Fatal Python error: UNREF invalid object TypeError: expected string or buffer Aborted
Nice catch! I reduced your example to: "import _sre; _sre.compile(0, 0, [])". And, it doesn't seem to be an input validation problem with _sre. From what I saw, it's actually a bug in Py_TRACE_REFS's code. Now, it's getting interesting! It seems something is breaking the refchain. However, I don't know what is causing the problem exactly.
Found using Fusil in a very quick run on top of: Python 3.1a0 (py3k:68055M, Dec 31 2008, 01:34:52) [GCC 4.2.4 (Ubuntu 4.2.4-1ubuntu3)] on linux2
So kudos to Victor again :)
Could share the details on how you used Fusil to find another crasher? It sounds like a useful tool. Thanks! -- Alexandre