Service application crashed in python25.dll, below are the environment details.

Operating System : Windows server 2008 R2 (Virtual Machine)
Application Type : Service Application

FAULTING_IP: 
python25!PyObject_Malloc+2d
1e09603d 8b30            mov     esi,dword ptr [eax]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 1e09603d (python25!PyObject_Malloc+0x0000002d)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000000
Attempt to read from address 00000000

PROCESS_NAME:  adem.exe

ADDITIONAL_DEBUG_TEXT:  
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

FAULTING_MODULE: 76f80000 ntdll

DEBUG_FLR_IMAGE_TIMESTAMP:  4625bfe5

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000000

READ_ADDRESS:  00000000 

FOLLOWUP_IP: 
python25!PyObject_Malloc+2d
1e09603d 8b30            mov     esi,dword ptr [eax]

FAULTING_THREAD:  00002474

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE_NULL_POINTER_WRITE_NULL_POINTER_READ_WRONG_SYMBOLS

PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_WRITE_NULL_POINTER_WRITE

DEFAULT_BUCKET_ID:  INVALID_POINTER_WRITE_NULL_POINTER_WRITE

LAST_CONTROL_TRANSFER:  from 1e0c1093 to 1e09603d

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
0505f088 1e0c1093 00000025 04a128ea 04a128d0 python25!PyObject_Malloc+0x2d
00000000 00000000 00000000 00000000 00000000 python25!PyString_FromStringAndSize+0x43


STACK_COMMAND:  ~4s; .ecxr ; kb

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  python25!PyObject_Malloc+2d

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: python25

IMAGE_NAME:  python25.dll

BUCKET_ID:  WRONG_SYMBOLS

FAILURE_BUCKET_ID:  INVALID_POINTER_WRITE_NULL_POINTER_WRITE_c0000005_python25.dll!PyObject_Malloc

Can you please give more context? From the information you gave:
- Python is embedded in some program "adem.exe".
- Memory seems corrupted, and a C call to PyString_FromStringAndSize() segfaults in PyObject_Malloc().

Most of the time, it will be an issue in the application, and not a python bug.

Hi Amaury,

Thanks for your update on the issue.

Here are few details of our application adem.exe

1. We have three c-projects namely, AdemCube, wv, CAM, the output of the build binaries will give us _ADEMCube.pyd, _wv.pyd, _cam.pyd

2. The main project is spider project which is in python, this python code will make us of the above libraries. The output of this project will result in adem.exe

The adem.exe when it executes it internally calls methods to above libraries explained in point 1. Here in this library we use call to the method below

 PyErr_SetString(CubeError, errorString);

The call to this method is internally calls PyString_FromStringAndSize() which internally calls PyObject_Malloc(). This is the place where it is crashing.

Please let me know if you need any information.

Thanks,
-Chandra

Are you sure that errorString is not NULL? It looks like a bug in your application, not in Python.

Notice that Python 2.5 is not supported for bug fixes anymore, so if you truly believe that there is a bug in Python that needs to be fixed, it would be better if you could reproduce it in 2.7.

That said, the kind of information you provided really does suggest that the bug is in your application, and not in Python. Without having the full source of your application, it will be impossible to do anything meaningful about it.

Hi,

Thanks for your valuable feedback, 

As per your suggestion I have re-verified the code for the possibility of NULL values, intrestingly I have observed that buffer overrun is happening in our application, where there is a character array declared with size 200 and a string is being copied without considering the null terminating character.

static PyObject	*eError;
char errorString[200];
_snprintf(errorString, 200, "some message content");
PyErr_SetString(eError, errorString);

I am not 100% sure if this may cause the PyObject_Malloc to fail.

Thanks,
-Chandra

With a buffer overrun anything can happen...  Here, I would recommend PyErr_Format() instead.
But it also may be some other corruption happening before!

I close this issue because it looks like a bug in your application (you say that there is a least a buffer overrun). If it's really a bug in Python and you use a usecase to reproduce it, please reopen the issue.