Issue 20893: ctypes crash during PyFinalize when librt used (original) (raw)

When interacting with librt via a ctypes.Structure object I can reliably cause the python interpreter to crash during Py_Finalize after all of my code has executed. It appears to only happen on structures that have been passed to the mq_getattributes call in librt. Below is the output of GDB showing the crash with python2.7-dbg:

(gdb) run show_ctypes_bug.py Starting program: /usr/bin/python2.7-dbg show_ctypes_bug.py [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". Starting example Creating queue Loading attributes Cleaning up Completed example Debug memory block at address p=0xb7ab5c28: API 'o' 80 bytes originally requested The 3 pad bytes at p-3 are FORBIDDENBYTE, as expected. The 4 pad bytes at tail=0xb7ab5c78 are not all FORBIDDENBYTE (0xfb): at tail+0: 0x00 *** OUCH at tail+1: 0x00 *** OUCH at tail+2: 0x00 *** OUCH at tail+3: 0x00 *** OUCH The block was made by call #0 to debug malloc/realloc. Data at p: 00 00 00 00 b8 dd ad b7 ... 00 00 00 00 00 00 00 00 Fatal Python error: bad trailing pad byte

Program received signal SIGABRT, Aborted. 0xb7fdd424 in __kernel_vsyscall () (gdb) where #0 0xb7fdd424 in __kernel_vsyscall () #1 0xb7be11df in raise () from /lib/i386-linux-gnu/libc.so.6 #2 0xb7be4825 in abort () from /lib/i386-linux-gnu/libc.so.6 #3 0x0817566a in Py_FatalError (msg=0x820a3a3 "bad trailing pad byte") at ../Python/pythonrun.c:1677 #4 0x080c2fab in _PyObject_DebugCheckAddressApi (api=111 'o', p=0xb7ab5c28) at ../Objects/obmalloc.c:1591 #5 0x080c2c8d in _PyObject_DebugFreeApi (api=111 'o', p=0xb7ab5c28) at ../Objects/obmalloc.c:1478 #6 0x080c2b62 in _PyObject_DebugFree (p=0xb7ab5c28) at ../Objects/obmalloc.c:1422 #7 0x0818d3d3 in PyObject_GC_Del (op=0xb7ab5c34) at ../Modules/gcmodule.c:1507 #8 0xb788e725 in PyCData_dealloc (self=<MessageQueueAttributes at remote 0xb7ab5c34>) at /build/buildd/python2.7-2.7.3/Modules/_ctypes/_ctypes.c:2544 #9 0x080e0251 in subtype_dealloc (self=<MessageQueueAttributes at remote 0xb7ab5c34>) at ../Objects/typeobject.c:1014 #10 0x080c12eb in _Py_Dealloc (op=<MessageQueueAttributes at remote 0xb7ab5c34>) at ../Objects/object.c:2243 #11 0x080b3e51 in insertdict (mp=0xb7bafdf4, key='attributes', hash=673635577, value=None) at ../Objects/dictobject.c:530 #12 0x080b47b4 in PyDict_SetItem (op=<unknown at remote 0x6>, key='attributes', value=None) at ../Objects/dictobject.c:775 #13 0x080bc924 in _PyModule_Clear (m=<module at remote 0xb7b72934>) at ../Objects/moduleobject.c:138 #14 0x08161cc9 in PyImport_Cleanup () at ../Python/import.c:445 #15 0x081726cd in Py_Finalize () at ../Python/pythonrun.c:454 #16 0x0818b4b1 in Py_Main (argc=2, argv=0xbfffef34) at ../Modules/main.c:664 #17 0x0805be8f in main (argc=2, argv=0xbfffef34) at ../Modules/python.c:23

The script being run above (show_ctypes_bug.py) is attached.