[New-bugs-announce] [issue5091] Segfault in PyObject_Malloc(), address out of bounds

Christian Heimes report at bugs.python.org
Wed Jan 28 15:21:07 CET 2009

New submission from Christian Heimes <lists at cheimes.de>:

One of our application recently started to segfault in
PyObject_Malloc(). The cause of the problem could be tracked down to an
overflowing internal cache.

However I was astonished that Python was segfaulting instead of raising
a memory exception. I did some post mortem debugging with gdb and found
an address out of bounds problem. I think the issue is caused by the
limited heap of a 32bit Python process.

(gdb) bt
#7  <signal handler called>
#8  PyObject_Malloc (nbytes=40) at Objects/obmalloc.c:747
#9  0xb7edfba5 in _PyObject_GC_Malloc (basicsize=28) at
#10 0xb7e79867 in PyType_GenericAlloc (type=0xb7606d40, nitems=0) at

(gdb) up 8
#8  PyObject_Malloc (nbytes=40) at Objects/obmalloc.c:747
747                             if ((pool->freeblock = *(block **)bp) !=
(gdb) print pool
$1 = (poolp) 0x17ecc000
(gdb) print pool->freeblock
$2 = (block *) 0xecc778b7 <Address 0xecc778b7 out of bounds>
(gdb) print bp
$3 = (block *) 0xecc778b7 <Address 0xecc778b7 out of bounds>

Python: 2.5.2 (32bit)
OS: SuSE Linux

components: Interpreter Core
messages: 80711
nosy: christian.heimes
priority: normal
severity: normal
stage: test needed
status: open
title: Segfault in PyObject_Malloc(), address out of bounds
type: crash
versions: Python 2.5

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list