This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: Py_GetPath, Py_SetPath memory corruption due to mixed PyMem_New micex with PyMem_Raw_Free
Type: crash Stage: resolved
Components: Interpreter Core Versions: Python 3.6
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: benjamin.peterson, htgoebel, nurelin, vstinner
Priority: normal Keywords: patch

Created on 2017-09-20 14:38 by htgoebel, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 3679 merged nurelin, 2017-09-20 19:48
PR 3681 merged python-dev, 2017-09-21 06:08
Messages (5)
msg302624 - (view) Author: Hartmut Goebel (htgoebel) Date: 2017-09-20 14:38
When using


near the beginning of a program, Py_SetPath crashes with memory corruption if run on a systems with glibc's MALLOC_CHECK enabled.

The reason is: Py_GetPath and Py_SetPath use different memory interfaces.

* Py_GetPath() calls calculate_path(), which uses PyMem_New() to allocate the memory (see, assigned to `buf` first)

* But Py_SetPath() uses PyMem_RawFree() to free the memory (see

This error DOES NOT occur on Windows, since for win32 there is a separate implementation, which uses PyMem_RawMalloc (see

This error also DOES NOT occur in Python <= 3.5, since PYMEM_FUNCS have been the same as PYRAW_FUNCS (see This was changed in v3.6.0: PYMEM_FUNCS now is PYOBJ_FUNCS, see

This error only occurs when running on a system with glibc's MALLOC_CHECK enabled, which seems to be the default st least on CentOS, Fedora and ArchLinux.

Example code and relevant source see below.

Example stack trace

*** glibc detected *** ./dist/jcollect3: double free or corruption (out): 0x00007fde271ab030 ***
======= Backtrace: =========
======= Memory map: ========

How to reproduce

An example for this problem is the bootloader of PyInstaller (as of 2017-08-01).

* Make sure you are running on a Linux distribution having glibc's MALLOC_CHECK enabled.

* Set up a virtual environment (just too keep your system clean)

pip install
echo 'print("Hello")' >
dist/test/test  # run the frozen script

The relevant source of PyInstaller's bootloader is at <>
msg302668 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2017-09-21 06:08
New changeset 3d1e2ab584ed0175592b5be2a0bc98dc1723776a by Benjamin Peterson (nurelin) in branch 'master':
bpo-31532: Fix memory corruption due to allocator mix (#3679)
msg302669 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2017-09-21 06:47
New changeset 88d0663005d258526496d1f8ee0acb7103c69e80 by Benjamin Peterson (Miss Islington (bot)) in branch '3.6':
[3.6] closes bpo-31532: Fix memory corruption due to allocator mix (GH-3679) (#3681)
msg302675 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017-09-21 09:09
I'm curious. Would you mind to try to run your frozen application using PYTHONMALLOC=debug environment variable on a Python without the fix, to see if you get an error? I'm not sure that the debug hooks on memory allocators are set early enough to detect your specific bug.
msg302676 - (view) Author: Vincent Gatine (nurelin) * Date: 2017-09-21 09:23
Tried your suggestion. Nothing is printed and program still crash.
Date User Action Args
2022-04-11 14:58:52adminsetgithub: 75713
2017-09-21 09:23:48nurelinsetmessages: + msg302676
2017-09-21 09:09:32vstinnersetnosy: + vstinner
messages: + msg302675
2017-09-21 06:47:14benjamin.petersonsetstatus: open -> closed
resolution: fixed
messages: + msg302669

stage: patch review -> resolved
2017-09-21 06:08:39python-devsetpull_requests: + pull_request3670
2017-09-21 06:08:25benjamin.petersonsetnosy: + benjamin.peterson
messages: + msg302668
2017-09-20 19:50:14nurelinsetnosy: + nurelin
2017-09-20 19:48:06nurelinsetkeywords: + patch
stage: patch review
pull_requests: + pull_request3668
2017-09-20 14:38:42htgoebelcreate