Issue12755
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2011-08-16 06:25 by chandra, last changed 2022-04-11 14:57 by admin. This issue is now closed.
Messages (8) | |||
---|---|---|---|
msg142163 - (view) | Author: Chandra Sekhar Reddy (chandra) | Date: 2011-08-16 06:25 | |
Service application crashed in python25.dll, below are the environment details. Operating System : Windows server 2008 R2 (Virtual Machine) Application Type : Service Application FAULTING_IP: python25!PyObject_Malloc+2d 1e09603d 8b30 mov esi,dword ptr [eax] EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 1e09603d (python25!PyObject_Malloc+0x0000002d) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000000 Attempt to read from address 00000000 PROCESS_NAME: adem.exe ADDITIONAL_DEBUG_TEXT: Use '!findthebuild' command to search for the target build information. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. FAULTING_MODULE: 76f80000 ntdll DEBUG_FLR_IMAGE_TIMESTAMP: 4625bfe5 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 00000000 READ_ADDRESS: 00000000 FOLLOWUP_IP: python25!PyObject_Malloc+2d 1e09603d 8b30 mov esi,dword ptr [eax] FAULTING_THREAD: 00002474 BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_WRITE_NULL_POINTER_WRITE_NULL_POINTER_READ_WRONG_SYMBOLS PRIMARY_PROBLEM_CLASS: INVALID_POINTER_WRITE_NULL_POINTER_WRITE DEFAULT_BUCKET_ID: INVALID_POINTER_WRITE_NULL_POINTER_WRITE LAST_CONTROL_TRANSFER: from 1e0c1093 to 1e09603d STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. 0505f088 1e0c1093 00000025 04a128ea 04a128d0 python25!PyObject_Malloc+0x2d 00000000 00000000 00000000 00000000 00000000 python25!PyString_FromStringAndSize+0x43 STACK_COMMAND: ~4s; .ecxr ; kb SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: python25!PyObject_Malloc+2d FOLLOWUP_NAME: MachineOwner MODULE_NAME: python25 IMAGE_NAME: python25.dll BUCKET_ID: WRONG_SYMBOLS FAILURE_BUCKET_ID: INVALID_POINTER_WRITE_NULL_POINTER_WRITE_c0000005_python25.dll!PyObject_Malloc |
|||
msg142166 - (view) | Author: Amaury Forgeot d'Arc (amaury.forgeotdarc) * | Date: 2011-08-16 07:37 | |
Can you please give more context? From the information you gave: - Python is embedded in some program "adem.exe". - Memory seems corrupted, and a C call to PyString_FromStringAndSize() segfaults in PyObject_Malloc(). Most of the time, it will be an issue in the application, and not a python bug. |
|||
msg142180 - (view) | Author: Chandra Sekhar Reddy (chandra) | Date: 2011-08-16 10:00 | |
Hi Amaury, Thanks for your update on the issue. Here are few details of our application adem.exe 1. We have three c-projects namely, AdemCube, wv, CAM, the output of the build binaries will give us _ADEMCube.pyd, _wv.pyd, _cam.pyd 2. The main project is spider project which is in python, this python code will make us of the above libraries. The output of this project will result in adem.exe The adem.exe when it executes it internally calls methods to above libraries explained in point 1. Here in this library we use call to the method below PyErr_SetString(CubeError, errorString); The call to this method is internally calls PyString_FromStringAndSize() which internally calls PyObject_Malloc(). This is the place where it is crashing. Please let me know if you need any information. Thanks, -Chandra |
|||
msg142181 - (view) | Author: STINNER Victor (vstinner) * | Date: 2011-08-16 10:12 | |
Are you sure that errorString is not NULL? It looks like a bug in your application, not in Python. |
|||
msg142229 - (view) | Author: Martin v. Löwis (loewis) * | Date: 2011-08-16 21:58 | |
Notice that Python 2.5 is not supported for bug fixes anymore, so if you truly believe that there is a bug in Python that needs to be fixed, it would be better if you could reproduce it in 2.7. That said, the kind of information you provided really does suggest that the bug is in your application, and not in Python. Without having the full source of your application, it will be impossible to do anything meaningful about it. |
|||
msg142254 - (view) | Author: Chandra Sekhar Reddy (chandra) | Date: 2011-08-17 07:27 | |
Hi, Thanks for your valuable feedback, As per your suggestion I have re-verified the code for the possibility of NULL values, intrestingly I have observed that buffer overrun is happening in our application, where there is a character array declared with size 200 and a string is being copied without considering the null terminating character. static PyObject *eError; char errorString[200]; _snprintf(errorString, 200, "some message content"); PyErr_SetString(eError, errorString); I am not 100% sure if this may cause the PyObject_Malloc to fail. Thanks, -Chandra |
|||
msg142255 - (view) | Author: Amaury Forgeot d'Arc (amaury.forgeotdarc) * | Date: 2011-08-17 07:55 | |
With a buffer overrun anything can happen... Here, I would recommend PyErr_Format() instead. But it also may be some other corruption happening before! |
|||
msg142257 - (view) | Author: STINNER Victor (vstinner) * | Date: 2011-08-17 09:57 | |
I close this issue because it looks like a bug in your application (you say that there is a least a buffer overrun). If it's really a bug in Python and you use a usecase to reproduce it, please reopen the issue. |
History | |||
---|---|---|---|
Date | User | Action | Args |
2022-04-11 14:57:20 | admin | set | github: 56964 |
2011-08-17 09:57:31 | vstinner | set | status: open -> closed resolution: not a bug messages: + msg142257 |
2011-08-17 07:55:58 | amaury.forgeotdarc | set | messages: + msg142255 |
2011-08-17 07:27:11 | chandra | set | messages: + msg142254 |
2011-08-16 21:58:33 | loewis | set | nosy:
+ loewis messages: + msg142229 |
2011-08-16 10:12:43 | vstinner | set | nosy:
+ vstinner messages: + msg142181 |
2011-08-16 10:00:53 | chandra | set | messages: + msg142180 |
2011-08-16 07:37:16 | amaury.forgeotdarc | set | nosy:
+ amaury.forgeotdarc messages: + msg142166 |
2011-08-16 06:25:44 | chandra | create |