This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Segfault when compiling many conditional expressions
Type: crash Stage: resolved
Components: Interpreter Core Versions: Python 3.7, Python 3.6, Python 2.7
process
Status: closed Resolution: duplicate
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, serhiy.storchaka, snordhausen
Priority: normal Keywords:

Created on 2017-12-18 16:29 by snordhausen, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (6)
msg308573 - (view) Author: Stefan Nordhausen (snordhausen) Date: 2017-12-18 16:29 
The following code reproducibly segfaults in version 2.7.13, 3.6.3 and the current git master (3.7.0a3+):


code = "42 if True else 43\n" * 200000
compile(code, "foobar", "exec")


This issue was originally found because the Jinja templating engine internally produces large tuples with many conditional expressions, thus triggering this bug (see https://github.com/pallets/jinja/issues/784 ).
msg308575 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-12-18 16:42 
Looks like 174,565 stack frames are a bit too much :)

(gdb) bt
#0  dfs (c=0x7fffffffcbe0, b=0x7fffea076d60, a=0x7fffffffcb50) at Python/compile.c:4903
#1  0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea076db0, a=0x7fffffffcb50) at Python/compile.c:4903
#2  0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea076cc0, a=0x7fffffffcb50) at Python/compile.c:4903
#3  0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea076d10, a=0x7fffffffcb50) at Python/compile.c:4903
#4  0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea076c20, a=0x7fffffffcb50) at Python/compile.c:4903
#5  0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea076c70, a=0x7fffffffcb50) at Python/compile.c:4903
#6  0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea076b80, a=0x7fffffffcb50) at Python/compile.c:4903
#7  0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea076bd0, a=0x7fffffffcb50) at Python/compile.c:4903
#8  0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea076ae0, a=0x7fffffffcb50) at Python/compile.c:4903
#9  0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea076b30, a=0x7fffffffcb50) at Python/compile.c:4903
#10 0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea076a40, a=0x7fffffffcb50) at Python/compile.c:4903
#11 0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea076a90, a=0x7fffffffcb50) at Python/compile.c:4903
#12 0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea0769a0, a=0x7fffffffcb50) at Python/compile.c:4903
#13 0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea0769f0, a=0x7fffffffcb50) at Python/compile.c:4903
#14 0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7fffea076900, a=0x7fffffffcb50) at Python/compile.c:4903

(gdb) bt -50
...
#174562 0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7ffff04609a0, a=0x7fffffffcb50) at Python/compile.c:4903
#174563 0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7ffff04609f0, a=0x7fffffffcb50) at Python/compile.c:4903
#174564 0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7ffff0460900, a=0x7fffffffcb50) at Python/compile.c:4903
#174565 0x00000000004e47a2 in dfs (c=0x7fffffffcbe0, b=0x7ffff0460950, a=0x7fffffffcb50) at Python/compile.c:4903
#174566 0x00000000004e47a2 in dfs (c=c@entry=0x7fffffffcbe0, b=b@entry=0x7ffff04608b0, a=a@entry=0x7fffffffcb50) at Python/compile.c:4903
#174567 0x00000000004e9844 in assemble (c=c@entry=0x7fffffffcbe0, addNone=<optimized out>) at Python/compile.c:5411
#174568 0x00000000004ed809 in compiler_mod (c=c@entry=0x7fffffffcbe0, mod=mod@entry=0x3523788) at Python/compile.c:1494
#174569 0x00000000004eda33 in PyAST_CompileObject (mod=0x3523788, filename=filename@entry='foobar', flags=flags@entry=0x7fffffffccb4, optimize=optimize@entry=-1, arena=arena@entry=0x7ffff0466f40)
    at Python/compile.c:345
#174570 0x000000000050fcaa in Py_CompileStringObject (
    str=0x7fffef9d1070 "42 if True else 43\n42 if True else 43\n42 if True else 43\n42 if True else 43\n42 if True else 43\n42 if True else 43\n42 if True else 43\n42 if True else 43\n42 if True else 43\n42 if True else 43\n42 if True"..., filename=filename@entry='foobar', start=start@entry=257, flags=flags@entry=0x7fffffffccb4, optimize=optimize@entry=-1) at Python/pythonrun.c:1098
#174571 0x00000000004d2146 in builtin_compile_impl (module=module@entry=<module at remote 0x7ffff7f5b658>,
msg308576 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-12-18 16:51 
Duplicate of issue31113?
msg308577 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-12-18 17:08 
I think so, too.
msg308634 - (view) Author: Stefan Nordhausen (snordhausen) Date: 2017-12-19 12:41 
I tried out PR 3015 of Serhiy and this fixes the segfaults. So it seems to be a duplicate.

As for backporting the fix: Is this a 'reliable' segfault (i.e. it always segfaults when the limit is exceeded) or could there be some silent data corruption? If data can be corrupted, I'd consider this bug very serious, otherwise it's a rather small annoyance.
msg311732 - (view) Author: Stefan Nordhausen (snordhausen) Date: 2018-02-06 16:44 
The fix for https://bugs.python.org/issue31113 also fixed this issue.
History
Date User Action Args
2022-04-11 14:58:55adminsetgithub: 76549
2018-02-06 16:44:22snordhausensetstatus: open -> closed
resolution: duplicate
messages: + msg311732

stage: resolved
2017-12-19 12:41:00snordhausensetmessages: + msg308634
2017-12-18 17:08:45christian.heimessetmessages: + msg308577
2017-12-18 16:51:06serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg308576
2017-12-18 16:42:20christian.heimessetnosy: + christian.heimes
messages: + msg308575
2017-12-18 16:29:23snordhausencreate