Bug 532552 - Segfault using gdbinit from python-devel
Summary: Segfault using gdbinit from python-devel
Alias: None
Product: Fedora
Classification: Fedora
Component: python
Version: 12
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Dave Malcolm
QA Contact: Fedora Extras Quality Assurance
Whiteboard: abrt_hash:143ce5bbc1e3d0a2954e261b1ef...
Depends On:
TreeView+ depends on / blocked
Reported: 2009-11-02 19:25 UTC by Zack Cerza
Modified: 2010-01-08 21:48 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-01-08 21:48:24 UTC
Type: ---

Attachments (Terms of Use)
File: backtrace (803 bytes, text/plain)
2009-11-02 19:25 UTC, Zack Cerza
no flags Details
log from initial session (4.07 KB, text/plain)
2009-11-02 19:32 UTC, Zack Cerza
no flags Details
log from session with "set unwindonsignal on" (3.69 KB, text/plain)
2009-11-02 19:32 UTC, Zack Cerza
no flags Details

Description Zack Cerza 2009-11-02 19:25:09 UTC
abrt detected a crash.

How to reproduce

This was inside gdb. I'll paste the log of the session.

Additional information

Attached files






Process was terminated by signal 11

Comment 1 Zack Cerza 2009-11-02 19:25:12 UTC
Created attachment 367187 [details]
File: backtrace

Comment 2 Zack Cerza 2009-11-02 19:31:08 UTC
I was attempting to use the gdbinit file supplied with python-devel. I started with a simple scenario, and I'm getting segfaults. I'll attach logs of two sessions with gdb.

Comment 3 Zack Cerza 2009-11-02 19:32:02 UTC
Created attachment 367188 [details]
log from initial session

Comment 4 Zack Cerza 2009-11-02 19:32:39 UTC
Created attachment 367189 [details]
log from session with "set unwindonsignal on"

Comment 5 Bug Zapper 2009-11-16 14:54:55 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:

Comment 6 Dave Malcolm 2010-01-08 21:48:24 UTC
Thanks for filing this report.

Looking over attachment 367188 [details], what I believe happened here is:
  - you ran python under gdb
  - you started the inferior python process, which brought up the interactive console
  - you created a python variable in the interactive console ("a=1")
  - you used Ctrl-C to break back into gdb.
  - you then ran "pyo a" (in gdb)
  - gdb found a variable named "a" at the C level (which bears no relationship to the naming at the Python level), and attempted to interpret it as a (struct PyObject*), running the "pyo" command defined in the gdbinit file.
  - this ran "print _PyObject_Dump($arg0)" upon this "a"
  - this caused gdb to inject a call to _PyObject_Dump(a) into the inferior process, casting the value of "a" (in gdb) to a struct PyObject*, when it probably isn't one.
  - inferior process tries to run this code upon arbitrary data -> SEGFAULT

You can see this in the backtrace: frame 3 and below is where the inferior process was halted, frame 2 is the injected call from gdb, and frame 1 and 0 are the attempt to run _PyObject_Dump upon op=0x3e4bb67a00000000

So I believe this was user-error, but clearly this feature is fragile and hard-to-use.  I'm hoping to improve the debuggability of Python, see:

Note You need to log in before you can comment on or make changes to this bug.