Message 388990 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	xxm
Recipients	xxm
Date	2021-03-18.06:48:01
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1616050088.79.0.477395111242.issue43537@roundup.psfhosted.org>
In-reply-to

Content
When the argument of input() is very long text, the interpreter crashes. This bug can be reproduced Python 3.9.2 and Python 2.7.18 on Ubuntu 3.9.2 with GCC7.5.0. I try to reproduce this bug on other version of Python and Operating System, but it fails. This bug seems to have a connection with the version of GCC. Python 3.9.2 (default, Mar 12 2021, 15:08:35) [GCC 7.5.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> input([1,2]10000) Error in `/home/xxm/Desktop/apifuzz/Python-3.9.2/python': realloc(): invalid next size: 0x000000000135fd40 * ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x777f5)[0x7f714431b7f5] /lib/x86_64-linux-gnu/libc.so.6(+0x834da)[0x7f71443274da] /lib/x86_64-linux-gnu/libc.so.6(realloc+0x199)[0x7f71443288a9] /lib/x86_64-linux-gnu/libreadline.so.6(xrealloc+0xe)[0x7f71446a1ffe] /lib/x86_64-linux-gnu/libreadline.so.6(rl_redisplay+0x125f)[0x7f714469451f] /lib/x86_64-linux-gnu/libreadline.so.6(readline_internal_setup+0xb0)[0x7f7144681340] /lib/x86_64-linux-gnu/libreadline.so.6(+0x2a4ac)[0x7f71446984ac] /home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x5d60b2] /home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyOS_Readline+0x116)[0x5da536] /home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x648495] /home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x613f26] /home/xxm/Desktop/apifuzz/Python-3.9.2/python(_PyEval_EvalFrameDefault+0x54e2)[0x4267a2] /home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x4fa3e9] /home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyEval_EvalCode+0x36)[0x4fa746] /home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x543adf] /home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x546d82] /home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyRun_InteractiveLoopFlags+0x8e)[0x54704e] /home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyRun_AnyFileExFlags+0x3c)[0x5478fc] /home/xxm/Desktop/apifuzz/Python-3.9.2/python(Py_RunMain+0x8d7)[0x42b1e7] /home/xxm/Desktop/apifuzz/Python-3.9.2/python(Py_BytesMain+0x56)[0x42b586] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f71442c4840] /home/xxm/Desktop/apifuzz/Python-3.9.2/python(_start+0x29)[0x42a289] ======= Memory map: ======== 00400000-00762000 r-xp 00000000 08:07 7740578 /home/xxm/Desktop/apifuzz/Python-3.9.2/python 00961000-00962000 r--p 00361000 08:07 7740578 /home/xxm/Desktop/apifuzz/Python-3.9.2/python 00962000-0099a000 rw-p 00362000 08:07 7740578 /home/xxm/Desktop/apifuzz/Python-3.9.2/python 0099a000-009be000 rw-p 00000000 00:00 0 012dc000-013ce000 rw-p 00000000 00:00 0 [heap] 7f713c000000-7f713c021000 rw-p 00000000 00:00 0 7f713c021000-7f7140000000 ---p 00000000 00:00 0 7f71439b5000-7f71439cc000 r-xp 00000000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f71439cc000-7f7143bcb000 ---p 00017000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f7143bcb000-7f7143bcc000 r--p 00016000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f7143bcc000-7f7143bcd000 rw-p 00017000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f7143bf0000-7f714407b000 r--p 00000000 08:07 4326136 /usr/lib/locale/locale-archive 7f714407b000-7f71440a0000 r-xp 00000000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9 7f71440a0000-7f714429f000 ---p 00025000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9 7f714429f000-7f71442a3000 r--p 00024000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9 7f71442a3000-7f71442a4000 rw-p 00028000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9 7f71442a4000-7f7144464000 r-xp 00000000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so 7f7144464000-7f7144664000 ---p 001c0000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so 7f7144664000-7f7144668000 r--p 001c0000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so 7f7144668000-7f714466a000 rw-p 001c4000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so 7f714466a000-7f714466e000 rw-p 00000000 00:00 0 7f714466e000-7f71446ab000 r-xp 00000000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3 7f71446ab000-7f71448ab000 ---p 0003d000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3 7f71448ab000-7f71448ad000 r--p 0003d000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3 7f71448ad000-7f71448b3000 rw-p 0003f000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3 7f71448b3000-7f71448b4000 rw-p 00000000 00:00 0 7f71448b4000-7f71449bc000 r-xp 00000000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so 7f71449bc000-7f7144bbb000 ---p 00108000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so 7f7144bbb000-7f7144bbc000 r--p 00107000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so 7f7144bbc000-7f7144bbd000 rw-p 00108000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so 7f7144bbd000-7f7144bbf000 r-xp 00000000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so 7f7144bbf000-7f7144dbe000 ---p 00002000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so 7f7144dbe000-7f7144dbf000 r--p 00001000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so 7f7144dbf000-7f7144dc0000 rw-p 00002000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so 7f7144dc0000-7f7144dc3000 r-xp 00000000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so 7f7144dc3000-7f7144fc2000 ---p 00003000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so 7f7144fc2000-7f7144fc3000 r--p 00002000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so 7f7144fc3000-7f7144fc4000 rw-p 00003000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so 7f7144fc4000-7f7144fdc000 r-xp 00000000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so 7f7144fdc000-7f71451db000 ---p 00018000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so 7f71451db000-7f71451dc000 r--p 00017000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so 7f71451dc000-7f71451dd000 rw-p 00018000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so 7f71451dd000-7f71451e1000 rw-p 00000000 00:00 0 7f71451e1000-7f7145207000 r-xp 00000000 08:07 1966319 /lib/x86_64-linux-gnu/ld-2.23.so 7f7145210000-7f71453e3000 rw-p 00000000 00:00 0 7f71453fe000-7f71453ff000 rw-p 00000000 00:00 0 7f71453ff000-7f7145406000 r--s 00000000 08:07 4589769 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache 7f7145406000-7f7145407000 r--p 00025000 08:07 1966319 /lib/x86_64-linux-gnu/ld-2.23.so 7f7145407000-7f7145408000 rw-p 00026000 08:07 1966319 /lib/x86_64-linux-gnu/ld-2.23.so 7f7145408000-7f7145409000 rw-p 00000000 00:00 0 7ffefb5a0000-7ffefb5c1000 rw-p 00000000 00:00 0 [stack] 7ffefb5de000-7ffefb5e1000 r--p 00000000 00:00 0 [vvar] 7ffefb5e1000-7ffefb5e3000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted (core dumped)

When the argument of input() is very long text, the interpreter crashes.  This bug can  be reproduced Python 3.9.2 and Python 2.7.18 on Ubuntu 3.9.2 with GCC7.5.0. I try to  reproduce this bug on other version of Python and Operating System, but it fails. This bug seems to have a connection with the version of GCC.


Python 3.9.2 (default, Mar 12 2021, 15:08:35)
[GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> input([1,2]*10000)
*** Error in `/home/xxm/Desktop/apifuzz/Python-3.9.2/python': realloc(): invalid next size: 0x000000000135fd40 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777f5)[0x7f714431b7f5]
/lib/x86_64-linux-gnu/libc.so.6(+0x834da)[0x7f71443274da]
/lib/x86_64-linux-gnu/libc.so.6(realloc+0x199)[0x7f71443288a9]
/lib/x86_64-linux-gnu/libreadline.so.6(xrealloc+0xe)[0x7f71446a1ffe]
/lib/x86_64-linux-gnu/libreadline.so.6(rl_redisplay+0x125f)[0x7f714469451f]
/lib/x86_64-linux-gnu/libreadline.so.6(readline_internal_setup+0xb0)[0x7f7144681340]
/lib/x86_64-linux-gnu/libreadline.so.6(+0x2a4ac)[0x7f71446984ac]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x5d60b2]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyOS_Readline+0x116)[0x5da536]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x648495]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x613f26]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(_PyEval_EvalFrameDefault+0x54e2)[0x4267a2]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x4fa3e9]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyEval_EvalCode+0x36)[0x4fa746]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x543adf]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x546d82]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyRun_InteractiveLoopFlags+0x8e)[0x54704e]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyRun_AnyFileExFlags+0x3c)[0x5478fc]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(Py_RunMain+0x8d7)[0x42b1e7]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(Py_BytesMain+0x56)[0x42b586]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f71442c4840]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(_start+0x29)[0x42a289]
======= Memory map: ========
00400000-00762000 r-xp 00000000 08:07 7740578 /home/xxm/Desktop/apifuzz/Python-3.9.2/python
00961000-00962000 r--p 00361000 08:07 7740578 /home/xxm/Desktop/apifuzz/Python-3.9.2/python
00962000-0099a000 rw-p 00362000 08:07 7740578 /home/xxm/Desktop/apifuzz/Python-3.9.2/python
0099a000-009be000 rw-p 00000000 00:00 0
012dc000-013ce000 rw-p 00000000 00:00 0 [heap]
7f713c000000-7f713c021000 rw-p 00000000 00:00 0
7f713c021000-7f7140000000 ---p 00000000 00:00 0
7f71439b5000-7f71439cc000 r-xp 00000000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f71439cc000-7f7143bcb000 ---p 00017000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f7143bcb000-7f7143bcc000 r--p 00016000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f7143bcc000-7f7143bcd000 rw-p 00017000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f7143bf0000-7f714407b000 r--p 00000000 08:07 4326136 /usr/lib/locale/locale-archive
7f714407b000-7f71440a0000 r-xp 00000000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f71440a0000-7f714429f000 ---p 00025000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f714429f000-7f71442a3000 r--p 00024000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f71442a3000-7f71442a4000 rw-p 00028000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f71442a4000-7f7144464000 r-xp 00000000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so
7f7144464000-7f7144664000 ---p 001c0000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so
7f7144664000-7f7144668000 r--p 001c0000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so
7f7144668000-7f714466a000 rw-p 001c4000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so
7f714466a000-7f714466e000 rw-p 00000000 00:00 0
7f714466e000-7f71446ab000 r-xp 00000000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f71446ab000-7f71448ab000 ---p 0003d000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f71448ab000-7f71448ad000 r--p 0003d000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f71448ad000-7f71448b3000 rw-p 0003f000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f71448b3000-7f71448b4000 rw-p 00000000 00:00 0
7f71448b4000-7f71449bc000 r-xp 00000000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so
7f71449bc000-7f7144bbb000 ---p 00108000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so
7f7144bbb000-7f7144bbc000 r--p 00107000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so
7f7144bbc000-7f7144bbd000 rw-p 00108000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so
7f7144bbd000-7f7144bbf000 r-xp 00000000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so
7f7144bbf000-7f7144dbe000 ---p 00002000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so
7f7144dbe000-7f7144dbf000 r--p 00001000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so
7f7144dbf000-7f7144dc0000 rw-p 00002000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so
7f7144dc0000-7f7144dc3000 r-xp 00000000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so
7f7144dc3000-7f7144fc2000 ---p 00003000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so
7f7144fc2000-7f7144fc3000 r--p 00002000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so
7f7144fc3000-7f7144fc4000 rw-p 00003000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so
7f7144fc4000-7f7144fdc000 r-xp 00000000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so
7f7144fdc000-7f71451db000 ---p 00018000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so
7f71451db000-7f71451dc000 r--p 00017000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so
7f71451dc000-7f71451dd000 rw-p 00018000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so
7f71451dd000-7f71451e1000 rw-p 00000000 00:00 0
7f71451e1000-7f7145207000 r-xp 00000000 08:07 1966319 /lib/x86_64-linux-gnu/ld-2.23.so
7f7145210000-7f71453e3000 rw-p 00000000 00:00 0
7f71453fe000-7f71453ff000 rw-p 00000000 00:00 0
7f71453ff000-7f7145406000 r--s 00000000 08:07 4589769 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
7f7145406000-7f7145407000 r--p 00025000 08:07 1966319 /lib/x86_64-linux-gnu/ld-2.23.so
7f7145407000-7f7145408000 rw-p 00026000 08:07 1966319 /lib/x86_64-linux-gnu/ld-2.23.so
7f7145408000-7f7145409000 rw-p 00000000 00:00 0
7ffefb5a0000-7ffefb5c1000 rw-p 00000000 00:00 0 [stack]
7ffefb5de000-7ffefb5e1000 r--p 00000000 00:00 0 [vvar]
7ffefb5e1000-7ffefb5e3000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted (core dumped)

History
Date	User	Action	Args
2021-03-18 06:48:08	xxm	set	recipients: + xxm
2021-03-18 06:48:08	xxm	set	messageid: <1616050088.79.0.477395111242.issue43537@roundup.psfhosted.org>
2021-03-18 06:48:08	xxm	link	issue43537 messages
2021-03-18 06:48:01	xxm	create