Python Segfaults in PyObject_Malloc

No matter what version of Python I try (2.7, 3.2, 3.4), I get a segfault on this line of code:

Program received signal SIGSEGV, Segmentation fault.
_PyObject_Malloc (ctx=0x0, nbytes=50) at Objects/obmalloc.c:1159
1159                if ((pool->freeblock = *(block **)bp) != NULL) {


My app is mod_wsgi app and I am using C extension with OpenSSL (But I don't see errors in C extension even with vagrind). I cannot reproduce the error with valgrind, but valgrind gives a ton of errors that are not suppressed by the filed python suppression file. For example:

==4800== Use of uninitialised value of size 8
==4800==    at 0xD95E42A: PyEval_EvalFrameEx (ceval.c:2430)
==4800==    by 0xD964614: PyEval_EvalCodeEx (ceval.c:3585)
==4800==    by 0xD8C092F: function_call (funcobject.c:632)
==4800==    by 0xD89411E: PyObject_Call (abstract.c:2067)
==4800==    by 0xD95FC23: PyEval_EvalFrameEx (ceval.c:4558)
==4800==    by 0xD964614: PyEval_EvalCodeEx (ceval.c:3585)
==4800==    by 0xD8C080E: function_call (funcobject.c:632)
==4800==    by 0xD89411E: PyObject_Call (abstract.c:2067)
==4800==    by 0xD95FC23: PyEval_EvalFrameEx (ceval.c:4558)
==4800==    by 0xD963BE0: PyEval_EvalFrameEx (ceval.c:4331)
==4800==    by 0xD963BE0: PyEval_EvalFrameEx (ceval.c:4331)
==4800==    by 0xD964614: PyEval_EvalCodeEx (ceval.c:3585)


I am using mod_wsgi version 4.3.0 and Python 3.4.2 on this particular instance, but other versions don't work either. It is always on the line if ((pool->freeblock = *(block **)bp) != NULL) {



source to share

1 answer

It's very easy to crash the CPython runtime with a buggy C extension.

A very small error in reference counting or a slight corruption in memory processing can lead to system instability. The actual location of the accident usually does not provide any viable hint of the true cause of the problem, as many times the real failure occurs much later, after the cause.

I can't say much about valgrind errors, but I would also say that no valgrind errors in an extension mean there are no errors. For example, Valgrind does not know the reference counting system in the Python runtime, and small errors in reference counting are often the cause of crashes. Also, the point at which you get "uninitialized value" errors in the Python runtime could be caused by a reference count error. When the C extension creates this situation, the runtime code can cause problems - the reason is not at runtime, but the extension than.

Without seeing the C extension, further diagnostics is not possible I guess. Did you implement the extension yourself or is it some kind of open source software? Widespread?

I would try to narrow down the extension functions which, when used, will create a problem. If you're lucky, it can be narrowed down to a single function call with a special set of parameters. Maybe the author can help find the error?



All Articles