[Python-Dev] Invalid memory read in PyObject_Free

amaury.forgeotdarc@ubitrade.com amaury.forgeotdarc@ubitrade.com
Fri, 4 Jul 2003 17:04:10 +0200


Hello,

I have a problem with Python 2.3b2 and its new object allocator;
it appears when running Python under Purify, and can lead
to unpredictable behaviour in the general case.

When starting Python_d.exe
(2.3b2, Windows 200, MsDev 6, debug build from the PCBuild directory)
there are more than 50 messages like
"Invalid pointer read", "Unitialized memory read","Free memory read"...
even before the interactive prompt appears!
Python 2.2 has not this problem.

It is the first time that I open Python source code, but here is what I
found:

All errors are in PyObject_Free and Py_Object_Realloc (in obmalloc.c),
while calling the macro
        ADDRESS_IN_RANGE(p, pool->arenaindex)

This seems to occur every time the pointer was allocated outside
the memory pool, which happens for non-small requests (>256 bytes).

And here is my humble opinion about the cause :
if the pointer was malloc'ed outside a pool, then the
POOL_ADDR(p) expression is not a valid address in the general case
and pool->arenaindex will return unpredictable results !

The ADDRESS_IN_RANGE logic is obviously broken.
To detect whether an address belongs to a pool, we could
compare all the arenas[i] addresses, but I cannot find a (correct)
faster way to do this.

Is this a real problem? Should it be corrected?
I could  have Purify ignore the warning, but it is awful.

I remember a bug on SourceForge about a crash on an obscure platform,
is it related?

--
Amaury Forgeot d'Arc