This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: Segfault in tuple_of_constants
Type: Stage:
Components: Interpreter Core Versions: Python 2.4
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: rhettinger Nosy List: dgrisby, rhettinger, tim.peters
Priority: critical Keywords:

Created on 2004-10-25 15:20 by dgrisby, last changed 2022-04-11 14:56 by admin. This issue is now closed.

File name Uploaded Description Edit dgrisby, 2004-10-25 15:20 File that causes a segfault rhettinger, 2004-10-26 07:54 Simplified killer
Messages (4)
msg22851 - (view) Author: Duncan Grisby (dgrisby) Date: 2004-10-25 15:20
2.4 beta 1 segfaults when compiling a file. The same
file works fine on 2.3 and earlier.

I have tracked the problem down to the
tuple_of_constants function, called by optimize_code.
Using valgrind (having turned off pymalloc), I see that
the consts list seems to be uninitialised. See the
following trace:

$ valgrind --tool=memcheck --db-attach=yes 
==13759== Memcheck, a memory error detector for x86-linux.
==13759== Copyright (C) 2002-2004, and GNU GPL'd, by
Julian Seward et al.
==13759== Using valgrind-2.2.0, a program supervision
framework for x86-linux.
==13759== Copyright (C) 2000-2004, and GNU GPL'd, by
Julian Seward et al.
==13759== For more details, rerun with: -v
==13759== Invalid read of size 4
==13759==    at 0x80B3BF5: tuple_of_constants
==13759==    by 0x80B433B: optimize_code (compile.c:607)
==13759==    by 0x80BD3F2: jcompile (compile.c:4988)
==13759==    by 0x80BD0B2: PyNode_CompileFlags
==13759==  Address 0x1BF100A0 is 12 bytes after a block
of size 36 alloc'd
==13759==    at 0x1B904A80: malloc
==13759==    by 0x80D8A4C: _PyObject_GC_Malloc
==13759==    by 0x80D8B31: _PyObject_GC_NewVar
==13759==    by 0x80854FF: PyTuple_New (tupleobject.c:68)
==13759== ---- Attach to debugger ? ---
[Return/N/n/Y/y/C/c] ---- y
starting debugger
==13759== starting debugger with cmd: /usr/bin/gdb -nw
/proc/13761/fd/821 13761
GNU gdb Red Hat Linux (6.0post-0.20040223.19rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public
License, and you are
welcome to change it and/or distribute copies of it
under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show
warranty" for details.
This GDB was configured as
"i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/tls/".

Attaching to program: /proc/13761/fd/821, process 13761
0x080b3bf5 in tuple_of_constants (codestr=0x1bf1ff90
"d", n=1, 
    consts=0x1badc9c4) at Python/compile.c:422
422                     constant =
PyList_GET_ITEM(consts, arg);
(gdb) bt
#0  0x080b3bf5 in tuple_of_constants
(codestr=0x1bf1ff90 "d", n=1, 
    consts=0x1badc9c4) at Python/compile.c:422
#1  0x080b433c in optimize_code (code=0x1becb3e8,
    names=0x1bf1ed5c, lineno_obj=0x1be7cd90) at
#2  0x080bd3f3 in jcompile (n=0x1bae6b10,
filename=0x52bfea51 "", 
    base=0x0, flags=0x52bfe808) at Python/compile.c:4988
#3  0x080bd0b3 in PyNode_CompileFlags (n=0x1bae6b10, 
    filename=0x52bfea51 "", flags=0x52bfe808)
at Python/compile.c:4894
#4  0x080d269a in run_node (n=0x1bae6b10,
filename=0x52bfea51 "", 
    globals=0x1b99a9ac, locals=0x1b99a9ac,
    at Python/pythonrun.c:1260
#5  0x080d2678 in run_err_node (n=0x1bae6b10,
filename=0x52bfea51 "", 
    globals=0x1b99a9ac, locals=0x1b99a9ac,
    at Python/pythonrun.c:1251
#6  0x080d2647 in PyRun_FileExFlags (fp=0x1b95b028, 
    filename=0x52bfea51 "", start=257,
    locals=0x1b99a9ac, closeit=1, flags=0x52bfe808) at
#7  0x080d1752 in PyRun_SimpleFileExFlags (fp=0x1b95b028, 
    filename=0x52bfea51 "", closeit=1,
    at Python/pythonrun.c:859
#8  0x080d10d4 in PyRun_AnyFileExFlags (fp=0x1b95b028, 
    filename=0x52bfea51 "", closeit=1,
    at Python/pythonrun.c:663
#9  0x08055a01 in Py_Main (argc=2, argv=0x52bfe8f4) at
#10 0x08054fc6 in main (argc=2, argv=0x52bfe8f4) at

I have attached the file. It's rather ugly
since it's code generated by omniORB's IDL compiler.
I've made it as minimal as I can by cutting things out.
If I cut any more out, the segfault no longer occurs.
Don't worry that the various things it tries to import
are not available for you -- it segfaults before it
tries to actually execute anything.
msg22852 - (view) Author: Tim Peters (tim.peters) * (Python committer) Date: 2004-10-26 02:50
Logged In: YES 

Confirmed the segfault with current Python CVS.  Boosted 
priority to the maximum.  Assigned to Raymond, since he 
probably knows most about this.

Dies in tuple_of_constants(), n=1, i=0, on the incref here:

for (i=0 ; i<n ; i++) {
	arg = GETARG(codestr, (i*3));
	constant = PyList_GET_ITEM(consts, arg);
	Py_INCREF(constant);  *** HERE ***
	PyTuple_SET_ITEM(newconst, i, constant);

constant is a NULL pointer at the time.
msg22853 - (view) Author: Raymond Hettinger (rhettinger) * (Python committer) Date: 2004-10-26 07:54
Logged In: YES 

The bug is intrinsic to the current approach which
misindentifies certain code sequences as looking like a
tuple of constants. 
Attaching a simplified example.

Unless I find a straight-forward fix in the next day or so,
will have to rip out the tuple of constant code entirely.
msg22854 - (view) Author: Raymond Hettinger (rhettinger) * (Python committer) Date: 2004-10-26 08:59
Logged In: YES 

Found a clean solution by counting consecutive runs of

   Python/compile.c 2.332
Date User Action Args
2022-04-11 14:56:07adminsetgithub: 41075
2004-10-25 15:20:49dgrisbycreate