This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: python-2.6.6 coredump running newspipe
Type: crash Stage:
Components: Interpreter Core Versions: Python 2.6
process
Status: closed Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: r.david.murray, rbp, skrah, wiz
Priority: normal Keywords:

Created on 2010-10-07 22:51 by wiz, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Messages (7)
msg118150 - (view) Author: Thomas Klausner (wiz) * Date: 2010-10-07 22:51
I'm running newspipe-1.1.9, an RSS reader
(http://newspipe.sourceforge.net/), on NetBSD-5.99.11/amd64 using
Python-2.6.6.

Sometimes, it core dumps with particular feeds in the configuration (I
guess depending on the feed, because when I comment out the offending
feed in the opml file, it runs through to completion).

The backtrace looks like this:
Core was generated by `python'.
Program terminated with signal 10, Bus error.
#0  0x00007f7ffdc35a21 in PyOS_snprintf (str=0x7f7ff5dfe3d8 "@", size=120, format=0x1 <Address 0x1 out of bounds>) at Python/mysnprintf.c:43
43      {
(gdb) bt
#0  0x00007f7ffdc35a21 in PyOS_snprintf (str=0x7f7ff5dfe3d8 "@", size=120, format=0x1 <Address 0x1 out of bounds>) at Python/mysnprintf.c:43
#1  0x00007f7ffdc471a6 in PyOS_ascii_formatd (buffer=0x7f7ff5dfe3d8 "@", buf_size=120, format=0x7f7ff5dfe388 "%.2f", d=0.15256118774414062) at Python/pystrtod.c:455
#2  0x00007f7ffdbaa7fa in formatfloat (buf=0x7f7ff5dfe3d8 "@", buflen=120, flags=16, prec=2, type=102, v=0x7f7ffcc6d510) at Objects/stringobject.c:4378
#3  0x00007f7ffdbabd32 in PyString_Format (format=0x7f7ffc8144e0, args=0x7f7ffcc6d510) at Objects/stringobject.c:4943
#4  0x00007f7ffdbaa3b0 in string_mod (v=0x7f7ffc8144e0, w=0x7f7ffcc6d510) at Objects/stringobject.c:4116
#5  0x00007f7ffdb459db in binary_op1 (v=0x7f7ffc8144e0, w=0x7f7ffcc6d510, op_slot=32) at Objects/abstract.c:917
#6  0x00007f7ffdb45c81 in binary_op (v=0x7f7ffc8144e0, w=0x7f7ffcc6d510, op_slot=32, op_name=0x7f7ffdc6c089 "%") at Objects/abstract.c:969
#7  0x00007f7ffdb467ad in PyNumber_Remainder (v=0x7f7ffc8144e0, w=0x7f7ffcc6d510) at Objects/abstract.c:1221
#8  0x00007f7ffdc08a03 in PyEval_EvalFrameEx (f=0x7f7fefa1dab0, throwflag=0) at Python/ceval.c:1180
#9  0x00007f7ffdc1175f in fast_function (func=0x7f7ff8a9bed8, pp_stack=0x7f7ff5dfeae8, n=1, na=1, nk=0) at Python/ceval.c:3836
#10 0x00007f7ffdc11565 in call_function (pp_stack=0x7f7ff5dfeae8, oparg=1) at Python/ceval.c:3771
#11 0x00007f7ffdc0d81f in PyEval_EvalFrameEx (f=0x7f7fee920420, throwflag=0) at Python/ceval.c:2412
#12 0x00007f7ffdc0f715 in PyEval_EvalCodeEx (co=0x7f7ffcc247b0, globals=0x7f7ffd1c5880, locals=0x0, args=0x7f7ff5b0aac8, argcount=8, kws=0x7f7ff5b0ab08, kwcount=0, defs=0x7f7ff8d3c4e8,
    defcount=5, closure=0x0) at Python/ceval.c:3000
#13 0x00007f7ffdc1184a in fast_function (func=0x7f7ff8a9cc80, pp_stack=0x7f7ff5dfeff8, n=8, na=8, nk=0) at Python/ceval.c:3846
#14 0x00007f7ffdc11565 in call_function (pp_stack=0x7f7ff5dfeff8, oparg=7) at Python/ceval.c:3771
#15 0x00007f7ffdc0d81f in PyEval_EvalFrameEx (f=0x7f7ff5b0a820, throwflag=0) at Python/ceval.c:2412
#16 0x00007f7ffdc1175f in fast_function (func=0x7f7ff8a9e140, pp_stack=0x7f7ff5dff358, n=1, na=1, nk=0) at Python/ceval.c:3836
#17 0x00007f7ffdc11565 in call_function (pp_stack=0x7f7ff5dff358, oparg=0) at Python/ceval.c:3771
#18 0x00007f7ffdc0d81f in PyEval_EvalFrameEx (f=0x7f7ff5b0a420, throwflag=0) at Python/ceval.c:2412
#19 0x00007f7ffdc1175f in fast_function (func=0x7f7ffca1db90, pp_stack=0x7f7ff5dff6b8, n=1, na=1, nk=0) at Python/ceval.c:3836
#20 0x00007f7ffdc11565 in call_function (pp_stack=0x7f7ff5dff6b8, oparg=0) at Python/ceval.c:3771
#21 0x00007f7ffdc0d81f in PyEval_EvalFrameEx (f=0x7f7ff5b03190, throwflag=0) at Python/ceval.c:2412
#22 0x00007f7ffdc0f715 in PyEval_EvalCodeEx (co=0x7f7ffca0d4e0, globals=0x7f7ffca473a0, locals=0x0, args=0x7f7ff04d3e68, argcount=1, kws=0x0, kwcount=0, defs=0x0, defcount=0, closure=0x0)
    at Python/ceval.c:3000
#23 0x00007f7ffdb7a612 in function_call (func=0x7f7ffca1daa0, arg=0x7f7ff04d3e50, kw=0x0) at Objects/funcobject.c:524
#24 0x00007f7ffdb495e8 in PyObject_Call (func=0x7f7ffca1daa0, arg=0x7f7ff04d3e50, kw=0x0) at Objects/abstract.c:2492
#25 0x00007f7ffdb5eca0 in instancemethod_call (func=0x7f7ffca1daa0, arg=0x7f7ff04d3e50, kw=0x0) at Objects/classobject.c:2579
#26 0x00007f7ffdb495e8 in PyObject_Call (func=0x7f7ff8ac2a00, arg=0x7f7ffd112050, kw=0x0) at Objects/abstract.c:2492
#27 0x00007f7ffdc10cd3 in PyEval_CallObjectWithKeywords (func=0x7f7ff8ac2a00, arg=0x7f7ffd112050, kw=0x0) at Python/ceval.c:3619
#28 0x00007f7ffdc4e69f in t_bootstrap (boot_raw=0x7f7ffd1b4590) at ./Modules/threadmodule.c:428
#29 0x00007f7ffd90ba32 in pthread_setcancelstate () from /usr/lib/libpthread.so.1
#30 0x00007f7ffd26e9b0 in ___lwp_park50 () from /usr/lib/libc.so.12
#31 0x0000000000000000 in ?? ()
(gdb) fr 1
#1  0x00007f7ffdc471a6 in PyOS_ascii_formatd (buffer=0x7f7ff5dfe3d8 "@", buf_size=120, format=0x7f7ff5dfe388 "%.2f", d=0.15256118774414062) at Python/pystrtod.c:455
455         PyOS_snprintf(buffer, buf_size, format, d);
(gdb) l
450             format = tmp_format;
451         }
452
453
454         /* Have PyOS_snprintf do the hard work */
455         PyOS_snprintf(buffer, buf_size, format, d);
456
457         /* Do various fixups on the return string */
458
459         /* Get the current locale, and find the decimal point string.
(gdb) p format
$1 = 0x7f7ff5dfe388 "%.2f"
(gdb) fr 0
#0  0x00007f7ffdc35a21 in PyOS_snprintf (str=0x7f7ff5dfe3d8 "@", size=120, format=0x1 <Address 0x1 out of bounds>) at Python/mysnprintf.c:43
43      {
(gdb) l
38         CAUTION:  Unlike C99, str != NULL and size > 0 are required.
39      */
40
41      int
42      PyOS_snprintf(char *str, size_t size, const  char  *format, ...)
43      {
44          int rc;
45          va_list va;
46
47          va_start(va, format);
(gdb)

It seems that the format argument is corrupted while calling PyOS_snprintf.

Any ideas what could cause this or how to fix this?
msg118156 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2010-10-08 01:43
Indeed, newspipe appears to be a pure python package, so this looks like it is probably a bug in python somewhere.

You might want to report it to newspipe too, though.  They are likely to be able to figure out how to reduce the problem to a minimum cause faster than we are.
msg118157 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2010-10-08 01:45
Can you reproduce this using python2.7?  Python 2.6 is in security fix only mode now.
msg118173 - (view) Author: Stefan Krah (skrah) * (Python committer) Date: 2010-10-08 09:59
Can you reproduce it by executing this?

>>> format(0.15256118774414062, ".2f")
msg118203 - (view) Author: Thomas Klausner (wiz) * Date: 2010-10-08 14:56
# python2.6
Python 2.6.6 (r266:84292, Sep 23 2010, 08:13:08)
[GCC 4.1.3 20080704 prerelease (NetBSD nb2 20081120)] on netbsd5
Type "help", "copyright", "credits" or "license" for more information.
>>> format(0.15256118774414062, ".2f")
'0.15'
>>>
msg118205 - (view) Author: Rodrigo Bernardo Pimentel (rbp) (Python committer) Date: 2010-10-08 16:03
Does this always happen with a particular feed? Could you provide us with a configuration that reproduces the problem?

Also, as R. David Murray asked, does this happen with 2.7?
msg123061 - (view) Author: Thomas Klausner (wiz) * Date: 2010-12-02 07:40
I've updated the operating system to a 5.99.39, and the problem disappeared. Strange. Thanks for the suggestions.
History
Date User Action Args
2022-04-11 14:57:07adminsetgithub: 54256
2010-12-02 07:40:12wizsetstatus: open -> closed

messages: + msg123061
2010-10-08 16:03:32rbpsetnosy: + rbp
messages: + msg118205
2010-10-08 14:56:45wizsetmessages: + msg118203
2010-10-08 09:59:09skrahsetnosy: + skrah
messages: + msg118173
2010-10-08 01:45:47r.david.murraysetmessages: + msg118157
2010-10-08 01:43:19r.david.murraysetnosy: + r.david.murray
messages: + msg118156
2010-10-07 22:51:26wizcreate