Issue 32629: PyImport_ImportModule occasionally cause access violation (original) (raw)

I found that calling PyImport_ImportModule frequently may cause access violation error.

here is call stack:

00 0354f610 67d01605 00000001 00000020 0000007f python36!_PyObject_Alloc+0x5e [c:\build\cpython36\objects\obmalloc.c @ 1258] 01 (Inline) -------- -------- -------- -------- python36!PyObject_Malloc+0x18 [c:\build\cpython36\objects\obmalloc.c @ 479] 02 0354f638 67d18070 00000008 0000007f 67e541e0 python36!PyUnicode_New+0xf5 [c:\build\cpython36\objects\unicodeobject.c @ 1281] 03 0354f654 67d0963a 0354f69c 00000008 0000007f python36!_PyUnicodeWriter_PrepareInternal+0x60 [c:\build\cpython36\objects\unicodeobject.c @ 13534] 04 0354f6c0 67d02a66 67e541e0 00000008 00000000 python36!PyUnicode_DecodeUTF8Stateful+0xca [c:\build\cpython36\objects\unicodeobject.c @ 5034] 05 0354f6e4 67d59183 67e541e0 02a09db8 02a09de0 python36!PyUnicode_FromString+0x46 [c:\build\cpython36\objects\unicodeobject.c @ 2077] 06 (Inline) -------- -------- -------- -------- python36!PyImport_ImportModuleLevel+0xa [c:\build\cpython36\python\import.c @ 1652] 07 0354f704 67d5878f 02a09de0 02a09db8 02a09dd0 python36!PyImport_Import+0xe3 [c:\build\cpython36\python\import.c @ 1732] 08 0354f718 00478639 02a09dd0 7651129a 00000000 python36!PyImport_ImportModule+0x1f [c:\build\cpython36\python\import.c @ 1257]

pointer bp's value is 0x00000001, which is NULL + 1. In this case, assert(bp != NULL) will not let application crash for assert failure, and application will continue run until the line pool->freeblock = *(block **)bp which is defrencing bp, causes access violation.

0:009> .frame 0 00 0354f610 67d01605 python36!_PyObject_Alloc+0x5e [c:\build\cpython36\objects\obmalloc.c @ 1258] 0:009> r eax=67ecfeb8 ebx=00000021 ecx=02a09000 edx=00000000 esi=00000001 edi=00000001 eip=67cdda4e esp=0354f5f8 ebp=0354f610 iopl=0 nv up ei pl nz na pe cy cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010207 python36!_PyObject_Alloc+0x5e: 67cdda4e 8b06 mov eax,dword ptr [esi] ds:002b:00000001=???????? 0:009> dv use_calloc = 0n0 nelem = 1 elsize = nbytes = 0x21 pool = 0x02a09000 size = 4 next = 0x67ecfeb8 bp = 0x00000001 "--- memory read error at address 0x00000001 ---" result = usable_arenas =

/* * There is a used pool for this size class. * Pick up the head block of its free list. */ ++pool->ref.count; bp = pool->freeblock; assert(bp != NULL); if ((pool->freeblock = *(block **)bp) != NULL) { UNLOCK(); if (use_calloc) memset(bp, 0, nbytes); return (void )bp; } /

This looks like you are accessing memory that has been corrupted, which can happen in any number of ways. I am closing this because there isn't enough information to do anything about it.

If you can show us how to reproduce the crash, and it occurs on a current version of python (>= 3.9), then please create a new issue.