Title: sys.call_tracing segfaults
Type: crash
Components: Interpreter Core Versions: Python 3.0
Status: closed Resolution: accepted
Dependencies: Superseder:
Assigned To: Nosy List: ajaksu2, barry, benjamin.peterson, christian.heimes
Priority: release blocker

Created on 2008-08-24 19:29 by ajaksu2, last changed 2022-04-11 14:56 by admin. This issue is now closed.

File name Uploaded Description Edit
fix_call_tracing_segfault.patch benjamin.peterson, 2008-10-04 20:28
Messages (6)
msg71853 - (view) Author: Daniel Diniz (ajaksu2) * (Python triager) Date: 2008-08-24 19:29
The following code causes a segfault for me:

import sys; sys.call_tracing(type,2)

Running on:
Python 3.0b3+ (py3k:66015, Aug 24 2008, 16:21:19)
[GCC 4.1.3 20070929 (prerelease) (Ubuntu 4.1.2-16ubuntu2)] on linux2

gdb output:
[New Thread -1210857280 (LWP 8823)]
python: Objects/typeobject.c:1854: type_new: Assertion `args != ((void
*)0) && ((((((PyObject*)(args))->ob_type))->tp_flags & ((1L<<26))) !=
0)' failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread -1210857280 (LWP 8823)]
0xffffe410 in __kernel_vsyscall ()
(gdb) backtrace
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7d67875 in raise () from /lib/tls/i686/cmov/
#2  0xb7d69201 in abort () from /lib/tls/i686/cmov/
#3  0xb7d60b6e in __assert_fail () from /lib/tls/i686/cmov/
#4  0x0806e802 in type_new (metatype=0x81ba120, args=0x81fbda8,
kwds=0x0) at Objects/typeobject.c:1854
#5  0x0806bd0e in type_call (type=0x81ba120, args=0x81fbda8, kwds=0x0)
at Objects/typeobject.c:636
#6  0x08118ec5 in PyObject_Call (func=0x81ba120, arg=0x81fbda8, kw=0x0)
at Objects/abstract.c:2181
#7  0x080b2ac5 in _PyEval_CallTracing (func=0x81ba120, args=0x81fbda8)
at Python/ceval.c:3109
#8  0x080e7830 in sys_call_tracing (self=0xb7f073b4, args=0xb7a53bcc) at
#9  0x081626b1 in PyCFunction_Call (func=0xb7f081bc, arg=0xb7a53bcc,
kw=0x0) at Objects/methodobject.c:81
#10 0x080b378f in call_function (pp_stack=0xbf9b6b84, oparg=2) at
#11 0x080ae8d2 in PyEval_EvalFrameEx (f=0x829bb14, throwflag=0) at
#12 0x080b1c24 in PyEval_EvalCodeEx (co=0xb7a9b9e8, globals=0xb7f0b5d4,
locals=0xb7f0b5d4, args=0x0, argcount=0, kws=0x0,
    kwcount=0, defs=0x0, defcount=0, kwdefs=0x0, closure=0x0) at
#13 0x080a69cb in PyEval_EvalCode (co=0xb7a9b9e8, globals=0xb7f0b5d4,
locals=0xb7f0b5d4) at Python/ceval.c:519
#14 0x080df64b in run_mod (mod=0x82a2aa0, filename=0x819e3be "<string>",
globals=0xb7f0b5d4, locals=0xb7f0b5d4,
    flags=0xbf9b6f60, arena=0x82b1060) at Python/pythonrun.c:1560
#15 0x080df393 in PyRun_StringFlags (str=0x8203fd8 "import sys;
sys.call_tracing(type,2)\n", start=257, globals=0xb7f0b5d4,
    locals=0xb7f0b5d4, flags=0xbf9b6f60) at Python/pythonrun.c:1494
#16 0x080ddd37 in PyRun_SimpleStringFlags (command=0x8203fd8 "import
sys; sys.call_tracing(type,2)\n", flags=0xbf9b6f60)
    at Python/pythonrun.c:1073
#17 0x080ef5ca in Py_Main (argc=2, argv=0xb7ede028) at Modules/main.c:533
#18 0x0805a689 in main (argc=2, argv=0xbf9b80b4) at ./Modules/python.c:57
msg71856 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2008-08-24 19:58
The function call fails much earlier in debug builds. sys_call_tracing()
doesn't check the type of the second argument. It must be a tuple
because it's directly passed to the PyObject_Call() API.

Suggestion: Add an explicit type check for PyTupleType the
sys_call_tracing() function

Check 2.6, too
msg71857 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2008-08-24 20:03
Not applicable in 2.6:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: type() takes 1 or 3 arguments
msg72458 - (view) Author: Barry A. Warsaw (barry) * (Python committer) Date: 2008-09-04 02:02
This bug should be fixed for rc2, but it doesn't need to block rc1.
msg74320 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2008-10-04 20:28
Attaching patch.
msg74887 - (view) Author: Barry A. Warsaw (barry) * (Python committer) Date: 2008-10-17 01:30
