Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 532552 - Segfault using gdbinit from python-devel
Segfault using gdbinit from python-devel
Product: Fedora
Classification: Fedora
Component: python (Show other bugs)
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Dave Malcolm
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-11-02 14:25 EST by Zack Cerza
Modified: 2010-01-08 16:48 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-01-08 16:48:24 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
File: backtrace (803 bytes, text/plain)
2009-11-02 14:25 EST, Zack Cerza
no flags Details
log from initial session (4.07 KB, text/plain)
2009-11-02 14:32 EST, Zack Cerza
no flags Details
log from session with "set unwindonsignal on" (3.69 KB, text/plain)
2009-11-02 14:32 EST, Zack Cerza
no flags Details

  None (edit)
Description Zack Cerza 2009-11-02 14:25:09 EST
abrt detected a crash.

How to reproduce

This was inside gdb. I'll paste the log of the session.

Additional information

Attached files






Process was terminated by signal 11
Comment 1 Zack Cerza 2009-11-02 14:25:12 EST
Created attachment 367187 [details]
File: backtrace
Comment 2 Zack Cerza 2009-11-02 14:31:08 EST
I was attempting to use the gdbinit file supplied with python-devel. I started with a simple scenario, and I'm getting segfaults. I'll attach logs of two sessions with gdb.
Comment 3 Zack Cerza 2009-11-02 14:32:02 EST
Created attachment 367188 [details]
log from initial session
Comment 4 Zack Cerza 2009-11-02 14:32:39 EST
Created attachment 367189 [details]
log from session with "set unwindonsignal on"
Comment 5 Bug Zapper 2009-11-16 09:54:55 EST
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
Comment 6 Dave Malcolm 2010-01-08 16:48:24 EST
Thanks for filing this report.

Looking over attachment 367188 [details], what I believe happened here is:
  - you ran python under gdb
  - you started the inferior python process, which brought up the interactive console
  - you created a python variable in the interactive console ("a=1")
  - you used Ctrl-C to break back into gdb.
  - you then ran "pyo a" (in gdb)
  - gdb found a variable named "a" at the C level (which bears no relationship to the naming at the Python level), and attempted to interpret it as a (struct PyObject*), running the "pyo" command defined in the gdbinit file.
  - this ran "print _PyObject_Dump($arg0)" upon this "a"
  - this caused gdb to inject a call to _PyObject_Dump(a) into the inferior process, casting the value of "a" (in gdb) to a struct PyObject*, when it probably isn't one.
  - inferior process tries to run this code upon arbitrary data -> SEGFAULT

You can see this in the backtrace: frame 3 and below is where the inferior process was halted, frame 2 is the injected call from gdb, and frame 1 and 0 are the attempt to run _PyObject_Dump upon op=0x3e4bb67a00000000

So I believe this was user-error, but clearly this feature is fragile and hard-to-use.  I'm hoping to improve the debuggability of Python, see:

Note You need to log in before you can comment on or make changes to this bug.