[New-bugs-announce] [issue20893] ctypes crash during PyFinalize when librt used

Greg Harris report at bugs.python.org
Wed Mar 12 01:29:02 CET 2014 

New submission from Greg Harris:

When interacting with librt via a ctypes.Structure object I can reliably cause the python interpreter to crash during Py_Finalize *after* all of my code has executed.  It appears to only happen on structures that have been passed to the mq_getattributes call in librt.  Below is the output of GDB showing the crash with python2.7-dbg:

(gdb) run show_ctypes_bug.py 
Starting program: /usr/bin/python2.7-dbg show_ctypes_bug.py
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
Starting example
Creating queue
Loading attributes
Cleaning up
Completed example
Debug memory block at address p=0xb7ab5c28: API 'o'
    80 bytes originally requested
    The 3 pad bytes at p-3 are FORBIDDENBYTE, as expected.
    The 4 pad bytes at tail=0xb7ab5c78 are not all FORBIDDENBYTE (0xfb):
        at tail+0: 0x00 *** OUCH
        at tail+1: 0x00 *** OUCH
        at tail+2: 0x00 *** OUCH
        at tail+3: 0x00 *** OUCH
    The block was made by call #0 to debug malloc/realloc.
    Data at p: 00 00 00 00 b8 dd ad b7 ... 00 00 00 00 00 00 00 00
Fatal Python error: bad trailing pad byte

Program received signal SIGABRT, Aborted.
0xb7fdd424 in __kernel_vsyscall ()
(gdb) where
#0  0xb7fdd424 in __kernel_vsyscall ()
#1  0xb7be11df in raise () from /lib/i386-linux-gnu/libc.so.6
#2  0xb7be4825 in abort () from /lib/i386-linux-gnu/libc.so.6
#3  0x0817566a in Py_FatalError (msg=0x820a3a3 "bad trailing pad byte") at ../Python/pythonrun.c:1677
#4  0x080c2fab in _PyObject_DebugCheckAddressApi (api=111 'o', p=0xb7ab5c28) at ../Objects/obmalloc.c:1591
#5  0x080c2c8d in _PyObject_DebugFreeApi (api=111 'o', p=0xb7ab5c28) at ../Objects/obmalloc.c:1478
#6  0x080c2b62 in _PyObject_DebugFree (p=0xb7ab5c28) at ../Objects/obmalloc.c:1422
#7  0x0818d3d3 in PyObject_GC_Del (op=0xb7ab5c34) at ../Modules/gcmodule.c:1507
#8  0xb788e725 in PyCData_dealloc (self=<MessageQueueAttributes at remote 0xb7ab5c34>) at /build/buildd/python2.7-2.7.3/Modules/_ctypes/_ctypes.c:2544
#9  0x080e0251 in subtype_dealloc (self=<MessageQueueAttributes at remote 0xb7ab5c34>) at ../Objects/typeobject.c:1014
#10 0x080c12eb in _Py_Dealloc (op=<MessageQueueAttributes at remote 0xb7ab5c34>) at ../Objects/object.c:2243
#11 0x080b3e51 in insertdict (mp=0xb7bafdf4, key='attributes', hash=673635577, value=None) at ../Objects/dictobject.c:530
#12 0x080b47b4 in PyDict_SetItem (op=<unknown at remote 0x6>, key='attributes', value=None) at ../Objects/dictobject.c:775
#13 0x080bc924 in _PyModule_Clear (m=<module at remote 0xb7b72934>) at ../Objects/moduleobject.c:138
#14 0x08161cc9 in PyImport_Cleanup () at ../Python/import.c:445
#15 0x081726cd in Py_Finalize () at ../Python/pythonrun.c:454
#16 0x0818b4b1 in Py_Main (argc=2, argv=0xbfffef34) at ../Modules/main.c:664
#17 0x0805be8f in main (argc=2, argv=0xbfffef34) at ../Modules/python.c:23

The script being run above (show_ctypes_bug.py) is attached.

----------
components: ctypes
files: show_ctypes_bug.py
messages: 213187
nosy: angrylogic
priority: normal
severity: normal
status: open
title: ctypes crash during PyFinalize when librt used
type: crash
versions: Python 2.7
Added file: http://bugs.python.org/file34365/show_ctypes_bug.py

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20893>
_______________________________________

More information about the New-bugs-announce mailing list