This program makes Python segfault - no other does
Tim Peters
tim.one at comcast.net
Mon May 17 15:28:02 EDT 2004
[Juho Saarikko]
> The function unQuoteBytea allocates memory with PyMem_Malloc, and frees it
> with PyMem_Free. The segfault happens at freeing the memory (as the
> backtrace shows). It seems to me that if Python's memory management
> routines fail to free an object they've allocated, it must be a bug in
> Python. That or some other bug corrupts memory structures,
Bingo.
> in which case it's almost impossible to track down. At this point
> I'm considering either switching to a different database plugin, or
> to Java.
>
> I tried the new Python version (3.3.4c1) and got the exact same behaviour.
> Aarrgghh.
>
> Here, I'll attach the unQuoteBytea function, it's a short one. Maybe you
> can find some problem in it I couldn't:
Yes.
> PyObject *unQuoteBytea(char *sin)
> {
> int i, j, slen, byte;
> char *sout;
> PyObject *result;
>
> slen = strlen(sin);
> sout = (char *)PyMem_Malloc(slen);
You're in trouble already here. strlen(sin) does not count the trailing NUL
byte, so you haven't allocated enough memory for sout to hold a
NUL-terminated copy of sin. There may or may not be other C bugs here, but
for starters change the last line to
> sout = (char *)PyMem_Malloc(slen + 1);
BTW, running under a debug-build Python would have told you that the program
wrote beyond the bounds of the memory allocated for sout.
More information about the Python-list
mailing list