Issue13096
Created on 2011-10-04 03:47 by meador.inge, last changed 2019-03-04 15:40 by vstinner. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| issue13096.patch | meador.inge, 2011-11-29 03:01 | Patch against tip (3.3.0a0) | review | |
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 12100 | merged | cstratak, 2019-02-28 17:52 | |
| Messages (11) | |||
|---|---|---|---|
| msg144850 - (view) | Author: Meador Inge (meador.inge) * | Date: 2011-10-04 03:47 | |
Reproducible in 2.7 and tip: [meadori@motherbrain cpython]$ ./python Python 3.3.0a0 (default:61de28fa5537+d05350c14e77+, Oct 3 2011, 21:47:04) [GCC 4.6.0 20110603 (Red Hat 4.6.0-10)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from ctypes import * >>> T = type('x' * 2 ** 25, (Structure,), {}) >>> p = POINTER(T) Segmentation fault (core dumped) |
|||
| msg144851 - (view) | Author: Meador Inge (meador.inge) * | Date: 2011-10-04 03:51 | |
There is similar crasher to this one that can be reproduced like: [meadori@motherbrain cpython]$ ./python Python 3.3.0a0 (default:61de28fa5537+d05350c14e77+, Oct 3 2011, 21:47:04) [GCC 4.6.0 20110603 (Red Hat 4.6.0-10)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from ctypes import * >>> p = POINTER('x' * 2 ** 25) Segmentation fault (core dumped) It should be fixed as well. |
|||
| msg145257 - (view) | Author: Brian Brazil (bbrazil) * | Date: 2011-10-09 14:27 | |
The problem is around line 1734 of callproc.c in tip:
} else if (PyType_Check(cls)) {
typ = (PyTypeObject *)cls;
buf = alloca(strlen(typ->tp_name) + 3 + 1);
sprintf(buf, "LP_%s", typ->tp_name); <-- segfault is here
Replacing the alloca with a malloc fixes it, so I presume it's hitting the stack size limit as 2^25 is 32MB (my stack limit is 8MB).
|
|||
| msg145258 - (view) | Author: Meador Inge (meador.inge) * | Date: 2011-10-09 14:36 | |
Yup, it is the 'alloca' call. This issue and issue13097 are both 'alloca' related as mentioned in issue12881. |
|||
| msg148539 - (view) | Author: Meador Inge (meador.inge) * | Date: 2011-11-29 03:01 | |
Here is a small patch against tip. OK? |
|||
| msg217341 - (view) | Author: Jessica McKellar (jesstess) * | Date: 2014-04-28 04:03 | |
Thanks for the report and patch, meador.inge. I'd prefer not to add more globals that are only used in one place, but doing so is consistent with the existing style of test_pointers.py, and there's plenty in this file that could be cleaned up in another ticket. * The patch passes `make patchcheck`. * The full test suite passes with this patch. * The reproducers in this issue segfault for me without this patch and do not segfault with this patch. lgtm! => commit review |
|||
| msg217367 - (view) | Author: Meador Inge (meador.inge) * | Date: 2014-04-28 11:53 | |
Thanks for the review and reminder about this issue, jesstess. I will apply the patch later today. |
|||
| msg229186 - (view) | Author: Roundup Robot (python-dev) | Date: 2014-10-12 18:27 | |
New changeset e940bb13d010 by R David Murray in branch '3.4': #13096: Fix segfault in CTypes POINTER handling of large values. https://hg.python.org/cpython/rev/e940bb13d010 New changeset 02c9c3204a04 by R David Murray in branch 'default': Merge: #13096: Fix segfault in CTypes POINTER handling of large values. https://hg.python.org/cpython/rev/02c9c3204a04 New changeset ff59b0f9e142 by R David Murray in branch '2.7': #13096: Fix segfault in CTypes POINTER handling of large values. https://hg.python.org/cpython/rev/ff59b0f9e142 |
|||
| msg229187 - (view) | Author: R. David Murray (r.david.murray) * | Date: 2014-10-12 18:27 | |
Committed. |
|||
| msg336858 - (view) | Author: Charalampos Stratakis (cstratak) * | Date: 2019-02-28 17:53 | |
It seems the python2 backport was incomplete as a PyMem_Free is missing, making buf leak. |
|||
| msg337132 - (view) | Author: STINNER Victor (vstinner) * | Date: 2019-03-04 15:40 | |
New changeset 710dcfd2f4bee034894a39026388f9c21ea976f1 by Victor Stinner (stratakis) in branch '2.7': [2.7] bpo-13096: Fix memory leak in ctypes POINTER handling of large values (GH-12100) https://github.com/python/cpython/commit/710dcfd2f4bee034894a39026388f9c21ea976f1 |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2019-03-04 15:40:28 | vstinner | set | messages: + msg337132 |
| 2019-02-28 17:53:21 | cstratak | set | nosy:
+ vstinner |
| 2019-02-28 17:53:00 | cstratak | set | nosy:
+ cstratak messages: + msg336858 |
| 2019-02-28 17:52:38 | cstratak | set | pull_requests: + pull_request12107 |
| 2014-10-12 18:27:40 | r.david.murray | set | status: open -> closed versions:
+ Python 3.4 messages:
+ msg229187 |
| 2014-10-12 18:27:00 | python-dev | set | nosy:
+ python-dev messages: + msg229186 |
| 2014-04-28 11:53:48 | meador.inge | set | messages: + msg217367 |
| 2014-04-28 04:03:29 | jesstess | set | versions:
+ Python 3.5, - Python 3.2, Python 3.3 nosy: + jesstess messages: + msg217341 keywords:
+ needs review |
| 2011-11-29 03:01:17 | meador.inge | set | files:
+ issue13096.patch keywords: + patch messages: + msg148539 stage: needs patch -> patch review |
| 2011-11-29 02:33:45 | meador.inge | set | assignee: meador.inge |
| 2011-10-09 14:36:03 | meador.inge | set | messages: + msg145258 |
| 2011-10-09 14:27:02 | bbrazil | set | nosy:
+ bbrazil messages: + msg145257 |
| 2011-10-04 03:51:56 | meador.inge | set | messages: + msg144851 |
| 2011-10-04 03:47:38 | meador.inge | create | |