[issue14334] Invalid free in _PyUnicode_Ready()

Stefan Krah report at bugs.python.org
Fri Mar 16 13:33:41 CET 2012

New submission from Stefan Krah <stefan-usenet at bytereef.org>:

Hi -- I'm getting a segfault running the attached crasher.py script.
Valgrind traces it down to an Invalid free() / delete / delete[] in


Rev: 870c0ef7e8a2
Build: ./configure --without-pymalloc CFLAGS="-O0 -g" && make

$ ./python crasher.py 
Segmentation fault

$ valgrind --db-attach=yes --suppressions=./Misc/valgrind-python.supp ./python crasher.py
==3476== Memcheck, a memory error detector
==3476== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==3476== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==3476== Command: ./python crasher.py
==3476== Invalid free() / delete / delete[]
==3476==    at 0x4C2748D: free (vg_replace_malloc.c:366)
==3476==    by 0x44763C: _PyUnicode_Ready (unicodeobject.c:1405)
==3476==    by 0x44ACF8: PyUnicode_FromFormatV (unicodeobject.c:2500)
==3476==    by 0x4A1CF4: PyErr_Format (errors.c:621)
==3476==    by 0x42F8FE: type_getattro (typeobject.c:2551)
==3476==    by 0x43493A: wrap_binaryfunc (typeobject.c:4317)
==3476==    by 0x550008: wrapper_call (descrobject.c:1067)
==3476==    by 0x532C93: PyObject_Call (abstract.c:2150)
==3476==    by 0x49012B: PyEval_CallObjectWithKeywords (ceval.c:3920)
==3476==    by 0x54F136: wrapperdescr_call (descrobject.c:309)
==3476==    by 0x532C93: PyObject_Call (abstract.c:2150)
==3476==    by 0x491A1E: ext_do_call (ceval.c:4355)
==3476==  Address 0x4 is not stack'd, malloc'd or (recently) free'd

components: Interpreter Core
files: crasher.py
messages: 156017
nosy: haypo, loewis, skrah
priority: high
severity: normal
stage: needs patch
status: open
title: Invalid free in _PyUnicode_Ready()
type: crash
versions: Python 3.3
Added file: http://bugs.python.org/file24886/crasher.py

Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list