Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault when using a subclassed sqlite3.Cursor on 3.11.x #99886

Closed
tipabu opened this issue Nov 29, 2022 · 5 comments
Closed

Segmentation fault when using a subclassed sqlite3.Cursor on 3.11.x #99886

tipabu opened this issue Nov 29, 2022 · 5 comments
Labels
3.11 only security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@tipabu
Copy link
Contributor

tipabu commented Nov 29, 2022
edited by bedevere-bot
Loading

Crash report / Error messages

When using a custom Cursor object that sets attributes on itself as part of __init__, segfaults occur when the cursor is GC'ed. For example, given a repro.py like

import sqlite3

class MyCursor(sqlite3.Cursor):
    # uncomment below to avoid the segfault
    #__slots__ = ('some_attr',)
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        # this can go before or after the super call; doesn't matter
        self.some_attr = None

conn = sqlite3.connect(':memory:')
cur = conn.cursor(MyCursor)
cur.close()
del cur
print('never get here with -X dev')

running gdb -q -ex run -ex 'bt 40' -ex c --args python -X dev repro.py </dev/null gives me output like

Program received signal SIGSEGV, Segmentation fault.
Py_DECREF (op=0xdddddddddddddddd) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Include/object.h:537
537	    if (--op->ob_refcnt == 0) {
#0  Py_DECREF (op=0xdddddddddddddddd) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Include/object.h:537
#1  0x00007ffff7c7aa2c in _PyObject_ClearInstanceAttributes (self=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Objects/dictobject.c:5566
#2  subtype_clear (self=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Objects/typeobject.c:1288
#3  0x00007fffe9dee26e in cursor_dealloc (self=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Modules/_sqlite/cursor.c:184
#4  0x00007ffff7bfede0 in subtype_dealloc (self=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Objects/typeobject.c:1472
#5  0x00007ffff7bd3b77 in _Py_Dealloc (op=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Objects/object.c:2389
#6  Py_DECREF (op=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Include/object.h:538
#7  delitem_common (mp=<optimized out>, hash=<optimized out>, ix=<optimized out>, old_value=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Objects/dictobject.c:1986
#8  0x00007ffff7bc8019 in _PyEval_EvalFrameDefault (tstate=<optimized out>, frame=<optimized out>, throwflag=<optimized out>)
    at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/ceval.c:2787
#9  0x00007ffff7bbe5da in _PyEval_EvalFrame (throwflag=0, frame=0x7ffff7fb3020, tstate=0x7ffff7f200d8 <_PyRuntime+166328>)
    at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Include/internal/pycore_ceval.h:73
#10 _PyEval_Vector (tstate=0x7ffff7f200d8 <_PyRuntime+166328>, func=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kwnames=<optimized out>)
    at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/ceval.c:6428
#11 0x00007ffff7c48bbc in PyEval_EvalCode (co=0x7fffe9f24810, globals=<optimized out>, locals=0x7fffe9f05970) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/ceval.c:1154
#12 0x00007ffff7c679b3 in run_eval_code_obj (tstate=0x7ffff7f200d8 <_PyRuntime+166328>, co=0x7fffe9f24810, globals=0x7fffe9f05970, locals=0x7fffe9f05970)
    at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/pythonrun.c:1714
#13 0x00007ffff7c63dda in run_mod (mod=<optimized out>, filename=<optimized out>, globals=0x7fffe9f05970, locals=0x7fffe9f05970, flags=<optimized out>, arena=<optimized out>)
    at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/pythonrun.c:1735
#14 0x00007ffff7c79d92 in pyrun_file (fp=fp@entry=0x555555567500, filename=filename@entry=0x7fffe9fdb940, start=start@entry=257, globals=globals@entry=0x7fffe9f05970, 
    locals=locals@entry=0x7fffe9f05970, closeit=closeit@entry=1, flags=0x7fffffffe078) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/pythonrun.c:1630
#15 0x00007ffff7c79559 in _PyRun_SimpleFileObject (fp=0x555555567500, filename=0x7fffe9fdb940, closeit=1, flags=0x7fffffffe078)
    at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/pythonrun.c:440
#16 0x00007ffff7c79228 in _PyRun_AnyFileObject (fp=0x555555567500, filename=0x7fffe9fdb940, closeit=1, flags=0x7fffffffe078)
    at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/pythonrun.c:79
#17 0x00007ffff7c72ecb in pymain_run_file_obj (skip_source_first_line=0, filename=0x7fffe9fdb940, program_name=0x7ffff78d3450)
    at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Modules/main.c:360
#18 pymain_run_file (config=0x7ffff7f06120 <_PyRuntime+59904>) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Modules/main.c:379
#19 pymain_run_python (exitcode=0x7fffffffe074) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Modules/main.c:601
#20 Py_RunMain () at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Modules/main.c:680
#21 0x00007ffff7c389fb in Py_BytesMain (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Modules/main.c:734
#22 0x00007ffff7629510 in __libc_start_call_main (main=main@entry=0x555555555160 <main>, argc=argc@entry=4, argv=argv@entry=0x7fffffffe2c8) at ../sysdeps/nptl/libc_start_call_main.h:58
#23 0x00007ffff76295c9 in __libc_start_main_impl (main=0x555555555160 <main>, argc=4, argv=0x7fffffffe2c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7fffffffe2b8) at ../csu/libc-start.c:389
#24 0x0000555555555095 in _start ()
Continuing.
Fatal Python error: Segmentation fault

Current thread 0x00007ffff7f9d740 (most recent call first):
  File "/home/tburke/repro.py", line 14 in <module>

Program received signal SIGSEGV, Segmentation fault.

(Note that line 14 is del cur)

Your environment

  • CPython versions tested on:
    • v3.10.0 -- no crash
    • v3.11.0 -- crash
    • current main branch -- no crash
    • current 3.11 branch -- crash
    • bisecting, it seems to have been caused by a8b9350 and fixed by de388c0
  • Operating system and architecture:
    • x86_64 Linux

Linked PRs
@tipabu tipabu added the type-crash A hard crash of the interpreter, possibly with a core dump label Nov 29, 2022
@erlend-aasland erlend-aasland added interpreter-core (Objects, Python, Grammar, and Parser dirs) and removed topic-sqlite3 labels Nov 29, 2022
@erlend-aasland erlend-aasland mentioned this issue Nov 29, 2022
Closed
@erlend-aasland
Copy link
Contributor

cc. @markshannon

@erlend-aasland erlend-aasland added the 3.11 only security fixes label Nov 29, 2022
@Fidget-Spinner
Copy link
Member

I can repro the error on Python 3.11@head on Windows 11, and indeed not in 3.12.

I am looking into this.

@erlend-aasland
Copy link
Contributor

Thanks, Ken. Ditto; I've reproduced on 3.11 on WSL and on macOS 12; not on main. I haven't had time to verify the bisect yet, though.

@bedevere-bot bedevere-bot mentioned this issue Nov 30, 2022
Merged
Fidget-Spinner added a commit that referenced this issue Dec 4, 2022
@Fidget-Spinner @erlend-aasland
[3.11] gh-99886: Fix crash when freeing objects with managed dictiona…
9e38553 
…ries (#99902)

Co-authored-by: Erlend E. Aasland <[email protected]>
@tipabu
Copy link
Contributor Author

tipabu commented Dec 5, 2022

Can confirm #99902 addresses the issue -- thanks for the quick turnaround!

@Fidget-Spinner
Copy link
Member

Great! Thanks for reporting back.

openstack-mirroring pushed a commit to openstack/swift that referenced this issue Jul 4, 2023
@tipabu
CI: test under py311
f955e81 
Jammy only offers a py311 RC, so include the __slots__ hack to avoid
the segfault from python/cpython#99886.

Fix up a test to work with the slotted connection.

Change-Id: I0e928bcb3810e391297300f4949024db3cf87d05
openstack-mirroring pushed a commit to openstack/openstack that referenced this issue Jul 4, 2023
@openstack-gerrit
Update git submodules
f271183 
* Update swift from branch 'master'
  to 1b0d87179260a6b2dee4331d7b2840addc8aad35
  - Merge "CI: test under py311"
  - CI: test under py311
    
    Jammy only offers a py311 RC, so include the __slots__ hack to avoid
    the segfault from python/cpython#99886.
    
    Fix up a test to work with the slotted connection.
    
    Change-Id: I0e928bcb3810e391297300f4949024db3cf87d05
@xoriole xoriole mentioned this issue Nov 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.11 only security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tipabu @erlend-aasland @Fidget-Spinner @AlexWaygood