Ubuntu
readline5 package

Long String crash libreadline in built-in function input() of Python

Bug #1922640 reported by Xinmeng Xia
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
readline5 (Ubuntu)
New
Undecided
Unassigned

Bug Description

In input() of Python(CPython), it calls rl_callback_handler_install (prompt, rlhandler) in libreadline. If prompt is a byte string of 60,000 bytes, it will cause crash. e.g. input([1,2]*10000)

System: Ubuntu 16.04

Step to Reproduce:
--------------------------------------------------------------------------------------------
Python 3.9.2 (default, Mar 12 2021, 15:08:35)
[GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> input([1,2]*10000)
*** Error in `/home/xxm/Desktop/apifuzz/Python-3.9.2/python': realloc(): invalid next size: 0x000000000135fd40 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777f5)[0x7f714431b7f5]
/lib/x86_64-linux-gnu/libc.so.6(+0x834da)[0x7f71443274da]
/lib/x86_64-linux-gnu/libc.so.6(realloc+0x199)[0x7f71443288a9]
/lib/x86_64-linux-gnu/libreadline.so.6(xrealloc+0xe)[0x7f71446a1ffe]
/lib/x86_64-linux-gnu/libreadline.so.6(rl_redisplay+0x125f)[0x7f714469451f]
/lib/x86_64-linux-gnu/libreadline.so.6(readline_internal_setup+0xb0)[0x7f7144681340]
/lib/x86_64-linux-gnu/libreadline.so.6(+0x2a4ac)[0x7f71446984ac]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x5d60b2]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyOS_Readline+0x116)[0x5da536]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x648495]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x613f26]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(_PyEval_EvalFrameDefault+0x54e2)[0x4267a2]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x4fa3e9]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyEval_EvalCode+0x36)[0x4fa746]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x543adf]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x546d82]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyRun_InteractiveLoopFlags+0x8e)[0x54704e]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyRun_AnyFileExFlags+0x3c)[0x5478fc]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(Py_RunMain+0x8d7)[0x42b1e7]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(Py_BytesMain+0x56)[0x42b586]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f71442c4840]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(_start+0x29)[0x42a289]
======= Memory map: ========
00400000-00762000 r-xp 00000000 08:07 7740578 /home/xxm/Desktop/apifuzz/Python-3.9.2/python
00961000-00962000 r--p 00361000 08:07 7740578 /home/xxm/Desktop/apifuzz/Python-3.9.2/python
00962000-0099a000 rw-p 00362000 08:07 7740578 /home/xxm/Desktop/apifuzz/Python-3.9.2/python
0099a000-009be000 rw-p 00000000 00:00 0
012dc000-013ce000 rw-p 00000000 00:00 0 [heap]
7f713c000000-7f713c021000 rw-p 00000000 00:00 0
7f713c021000-7f7140000000 ---p 00000000 00:00 0
7f71439b5000-7f71439cc000 r-xp 00000000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f71439cc000-7f7143bcb000 ---p 00017000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f7143bcb000-7f7143bcc000 r--p 00016000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f7143bcc000-7f7143bcd000 rw-p 00017000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f7143bf0000-7f714407b000 r--p 00000000 08:07 4326136 /usr/lib/locale/locale-archive
7f714407b000-7f71440a0000 r-xp 00000000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f71440a0000-7f714429f000 ---p 00025000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f714429f000-7f71442a3000 r--p 00024000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f71442a3000-7f71442a4000 rw-p 00028000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f71442a4000-7f7144464000 r-xp 00000000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so
7f7144464000-7f7144664000 ---p 001c0000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so
7f7144664000-7f7144668000 r--p 001c0000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so
7f7144668000-7f714466a000 rw-p 001c4000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so
7f714466a000-7f714466e000 rw-p 00000000 00:00 0
7f714466e000-7f71446ab000 r-xp 00000000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f71446ab000-7f71448ab000 ---p 0003d000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f71448ab000-7f71448ad000 r--p 0003d000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f71448ad000-7f71448b3000 rw-p 0003f000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f71448b3000-7f71448b4000 rw-p 00000000 00:00 0
7f71448b4000-7f71449bc000 r-xp 00000000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so
7f71449bc000-7f7144bbb000 ---p 00108000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so
7f7144bbb000-7f7144bbc000 r--p 00107000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so
7f7144bbc000-7f7144bbd000 rw-p 00108000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so
7f7144bbd000-7f7144bbf000 r-xp 00000000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so
7f7144bbf000-7f7144dbe000 ---p 00002000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so
7f7144dbe000-7f7144dbf000 r--p 00001000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so
7f7144dbf000-7f7144dc0000 rw-p 00002000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so
7f7144dc0000-7f7144dc3000 r-xp 00000000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so
7f7144dc3000-7f7144fc2000 ---p 00003000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so
7f7144fc2000-7f7144fc3000 r--p 00002000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so
7f7144fc3000-7f7144fc4000 rw-p 00003000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so
7f7144fc4000-7f7144fdc000 r-xp 00000000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so
7f7144fdc000-7f71451db000 ---p 00018000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so
7f71451db000-7f71451dc000 r--p 00017000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so
7f71451dc000-7f71451dd000 rw-p 00018000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so
7f71451dd000-7f71451e1000 rw-p 00000000 00:00 0
7f71451e1000-7f7145207000 r-xp 00000000 08:07 1966319 /lib/x86_64-linux-gnu/ld-2.23.so
7f7145210000-7f71453e3000 rw-p 00000000 00:00 0
7f71453fe000-7f71453ff000 rw-p 00000000 00:00 0
7f71453ff000-7f7145406000 r--s 00000000 08:07 4589769 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
7f7145406000-7f7145407000 r--p 00025000 08:07 1966319 /lib/x86_64-linux-gnu/ld-2.23.so
7f7145407000-7f7145408000 rw-p 00026000 08:07 1966319 /lib/x86_64-linux-gnu/ld-2.23.so
7f7145408000-7f7145409000 rw-p 00000000 00:00 0
7ffefb5a0000-7ffefb5c1000 rw-p 00000000 00:00 0 [stack]
7ffefb5de000-7ffefb5e1000 r--p 00000000 00:00 0 [vvar]
7ffefb5e1000-7ffefb5e3000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted (core dumped)

Testing with gdb
--------------------------------------------------------------------------------------------------
$ gdb ./python
(gdb) run
Python 3.10.0a6+ (heads/pycore_symtable-dirty:27700e0c8b, Mar 18 2021, 03:11:22) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] on linux
>>> input([1,2]*10000)
realloc(): invalid next size

Program received signal SIGABRT, Aborted.
0x00007ffff7c629d5 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install libxcrypt-4.4.18-1.fc33.x86_64 ncurses-libs-6.2-3.20200222.fc33.x86_64 readline-8.0-5.fc33.x86_64

(gdb) where
#0 0x00007ffff7c629d5 in raise () from /lib64/libc.so.6
#1 0x00007ffff7c4b8a4 in abort () from /lib64/libc.so.6
#2 0x00007ffff7ca5177 in __libc_message () from /lib64/libc.so.6
#3 0x00007ffff7cace6c in malloc_printerr () from /lib64/libc.so.6
#4 0x00007ffff7cb111c in _int_realloc () from /lib64/libc.so.6
#5 0x00007ffff7cb22a6 in realloc () from /lib64/libc.so.6
#6 0x00007fffea4c9dc2 in xrealloc () from /lib64/libreadline.so.8
#7 0x00007fffea4bb7ab in rl_redisplay () from /lib64/libreadline.so.8
#8 0x00007fffea4a5727 in readline_internal_setup () from /lib64/libreadline.so.8
#9 0x00007fffea4c7489 in _rl_callback_newline () from /lib64/libreadline.so.8
#10 0x00007ffff7fbdb68 in readline_until_enter_or_signal (
    prompt=0xba9b40 "[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1"..., signal=0x7fffffffb7f4) at /home/vstinner/python/master/Modules/readline.c:1318
#11 0x00007ffff7fbde06 in call_readline (sys_stdin=0x7ffff7de9800 <_IO_2_1_stdin_>, sys_stdout=0x7ffff7dea520 <_IO_2_1_stdout_>,
    prompt=0xba9b40 "[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1"...) at /home/vstinner/python/master/Modules/readline.c:1396
#12 0x000000000071f7b3 in PyOS_Readline (sys_stdin=0x7ffff7de9800 <_IO_2_1_stdin_>, sys_stdout=0x7ffff7dea520 <_IO_2_1_stdout_>,
    prompt=0xba9b40 "[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1"...) at Parser/myreadline.c:393
#13 0x000000000069d23c in builtin_input_impl (module=<module at remote 0x7fffea69d590>,
    prompt=[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, ...(truncated)) at Python/bltinmodule.c:2096
#14 0x0000000000699156 in builtin_input (module=<module at remote 0x7fffea69d590>, args=0x7fffea62c7b8, nargs=1) at Python/clinic/bltinmodule.c.h:662
...

-----------------------------------------------------------------------------------------------
Testing with valgrind
$ PYTHONMALLOC=malloc_debug valgrind --log-file=valgrind.log ./python
>>> input([1,2]*10000)
[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, (...)
Erreur de segmentation (core dumped)

$ cat valgrind.log
==8025== Memcheck, a memory error detector
==8025== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==8025== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==8025== Command: ./python
==8025== Parent PID: 7434
==8025==
==8025== Invalid write of size 4
==8025== at 0x1297C410: rl_redisplay (display.c:865)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025== by 0x525A14: call_function (ceval.c:5931)
==8025== Address 0x4e5ef00 is 0 bytes after a block of size 1,024 alloc'd
==8025== at 0x4839809: malloc (vg_replace_malloc.c:307)
==8025== by 0x1298B7DC: xmalloc (xmalloc.c:59)
==8025== by 0x12974F1C: init_line_structures (display.c:641)
==8025== by 0x1297D856: rl_redisplay (display.c:680)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x6281D0: tok_nextc (tokenizer.c:894)
==8025== by 0x6298E5: tok_get (tokenizer.c:1236)
==8025== by 0x62B285: PyTokenizer_Get (tokenizer.c:1895)
==8025==
==8025== Invalid write of size 4
==8025== at 0x1297C425: rl_redisplay (display.c:862)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025== by 0x525A14: call_function (ceval.c:5931)
==8025== Address 0x4e5ef04 is 4 bytes after a block of size 1,024 alloc'd
==8025== at 0x4839809: malloc (vg_replace_malloc.c:307)
==8025== by 0x1298B7DC: xmalloc (xmalloc.c:59)
==8025== by 0x12974F1C: init_line_structures (display.c:641)
==8025== by 0x1297D856: rl_redisplay (display.c:680)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x6281D0: tok_nextc (tokenizer.c:894)
==8025== by 0x6298E5: tok_get (tokenizer.c:1236)
==8025== by 0x62B285: PyTokenizer_Get (tokenizer.c:1895)
==8025==
==8025== Conditional jump or move depends on uninitialised value(s)
==8025== at 0x1297AF01: update_line (display.c:1897)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025==
==8025== Conditional jump or move depends on uninitialised value(s)
==8025== at 0x1297AF0F: update_line (display.c:1921)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025==
==8025== Conditional jump or move depends on uninitialised value(s)
==8025== at 0x1297A8B2: UnknownInlinedFun (display.c:3144)
==8025== by 0x1297A8B2: update_line (display.c:2200)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025==
==8025== Conditional jump or move depends on uninitialised value(s)
==8025== at 0x483FC63: bcmp (vg_replace_strmem.c:1111)
==8025== by 0x129794C9: update_line (display.c:1656)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025==
==8025== Conditional jump or move depends on uninitialised value(s)
==8025== at 0x1297959C: update_line (display.c:1703)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025==
==8025== Conditional jump or move depends on uninitialised value(s)
==8025== at 0x1297AB9D: update_line (display.c:1704)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025==
==8025== Use of uninitialised value of size 8
==8025== at 0x129795EA: update_line (display.c:1704)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025==
==8025== Invalid read of size 1
==8025== at 0x129795EA: update_line (display.c:1704)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025== Address 0xfffffffff2213d9d is not stack'd, malloc'd or (recently) free'd
==8025==
==8025==
==8025== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==8025== Access not within mapped region at address 0xFFFFFFFFF2213D9D
==8025== at 0x129795EA: update_line (display.c:1704)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025== If you believe this happened as a result of a stack
==8025== overflow in your program's main thread (unlikely but
==8025== possible), you can try to increase the size of the
==8025== main thread stack using the --main-stacksize= flag.
==8025== The main thread stack size used in this run was 8388608.
==8025==
==8025== HEAP SUMMARY:
==8025== in use at exit: 6,501,013 bytes in 73,176 blocks
==8025== total heap usage: 151,328 allocs, 78,152 frees, 30,639,455 bytes allocated
==8025==
==8025== LEAK SUMMARY:
==8025== definitely lost: 0 bytes in 0 blocks
==8025== indirectly lost: 0 bytes in 0 blocks
==8025== possibly lost: 5,168,429 bytes in 32,868 blocks
==8025== still reachable: 1,332,584 bytes in 40,308 blocks
==8025== suppressed: 0 bytes in 0 blocks
==8025== Rerun with --leak-check=full to see details of leaked memory
==8025==
==8025== Use --track-origins=yes to see where uninitialised values come from
==8025== For lists of detected and suppressed errors, rerun with: -s
==8025== ERROR SUMMARY: 125 errors from 10 contexts (suppressed: 0 from 0)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.