Bug 532552

Summary: Segfault using gdbinit from python-devel
Product: [Fedora] Fedora Reporter: Zack Cerza <zcerza>
Component: pythonAssignee: Dave Malcolm <dmalcolm>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: dmalcolm, ivazqueznet, james.antill, jonathansteffan, katzj
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: abrt_hash:143ce5bbc1e3d0a2954e261b1ef1725776a1f469
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-01-08 16:48:24 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
File: backtrace
none
log from initial session
none
log from session with "set unwindonsignal on" none

Description Zack Cerza 2009-11-02 14:25:09 EST
abrt detected a crash.


How to reproduce
-----
1.
2.
3.


Comment
-----
This was inside gdb. I'll paste the log of the session.

Additional information
======


Attached files
----
backtrace

cmdline
-----
/usr/bin/python 


component
-----
python


executable
-----
/usr/bin/python


kernel
-----
2.6.31.5-96.fc12.x86_64


package
-----
python-2.6.2-2.fc12


reason
-----
Process was terminated by signal 11
Comment 1 Zack Cerza 2009-11-02 14:25:12 EST
Created attachment 367187 [details]
File: backtrace
Comment 2 Zack Cerza 2009-11-02 14:31:08 EST
I was attempting to use the gdbinit file supplied with python-devel. I started with a simple scenario, and I'm getting segfaults. I'll attach logs of two sessions with gdb.
Comment 3 Zack Cerza 2009-11-02 14:32:02 EST
Created attachment 367188 [details]
log from initial session
Comment 4 Zack Cerza 2009-11-02 14:32:39 EST
Created attachment 367189 [details]
log from session with "set unwindonsignal on"
Comment 5 Bug Zapper 2009-11-16 09:54:55 EST
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 6 Dave Malcolm 2010-01-08 16:48:24 EST
Thanks for filing this report.

Looking over attachment 367188 [details], what I believe happened here is:
  - you ran python under gdb
  - you started the inferior python process, which brought up the interactive console
  - you created a python variable in the interactive console ("a=1")
  - you used Ctrl-C to break back into gdb.
  - you then ran "pyo a" (in gdb)
  - gdb found a variable named "a" at the C level (which bears no relationship to the naming at the Python level), and attempted to interpret it as a (struct PyObject*), running the "pyo" command defined in the gdbinit file.
  - this ran "print _PyObject_Dump($arg0)" upon this "a"
  - this caused gdb to inject a call to _PyObject_Dump(a) into the inferior process, casting the value of "a" (in gdb) to a struct PyObject*, when it probably isn't one.
  - inferior process tries to run this code upon arbitrary data -> SEGFAULT

You can see this in the backtrace: frame 3 and below is where the inferior process was halted, frame 2 is the injected call from gdb, and frame 1 and 0 are the attempt to run _PyObject_Dump upon op=0x3e4bb67a00000000

So I believe this was user-error, but clearly this feature is fragile and hard-to-use.  I'm hoping to improve the debuggability of Python, see:
https://fedoraproject.org/wiki/DaveMalcolm/FeatureEasierPythonDebugging