Long String crash libreadline in built-in function input() of Python

Bug #1922640 reported by Xinmeng Xia on 2021-04-06
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
readline5 (Ubuntu)
Undecided
Unassigned

Bug Description

In input() of Python(CPython), it calls rl_callback_handler_install (prompt, rlhandler) in libreadline. If prompt is a byte string of 60,000 bytes, it will cause crash. e.g. input([1,2]*10000)

System: Ubuntu 16.04

Step to Reproduce:
--------------------------------------------------------------------------------------------
Python 3.9.2 (default, Mar 12 2021, 15:08:35)
[GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> input([1,2]*10000)
*** Error in `/home/xxm/Desktop/apifuzz/Python-3.9.2/python': realloc(): invalid next size: 0x000000000135fd40 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777f5)[0x7f714431b7f5]
/lib/x86_64-linux-gnu/libc.so.6(+0x834da)[0x7f71443274da]
/lib/x86_64-linux-gnu/libc.so.6(realloc+0x199)[0x7f71443288a9]
/lib/x86_64-linux-gnu/libreadline.so.6(xrealloc+0xe)[0x7f71446a1ffe]
/lib/x86_64-linux-gnu/libreadline.so.6(rl_redisplay+0x125f)[0x7f714469451f]
/lib/x86_64-linux-gnu/libreadline.so.6(readline_internal_setup+0xb0)[0x7f7144681340]
/lib/x86_64-linux-gnu/libreadline.so.6(+0x2a4ac)[0x7f71446984ac]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x5d60b2]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyOS_Readline+0x116)[0x5da536]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x648495]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x613f26]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(_PyEval_EvalFrameDefault+0x54e2)[0x4267a2]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x4fa3e9]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyEval_EvalCode+0x36)[0x4fa746]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x543adf]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python[0x546d82]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyRun_InteractiveLoopFlags+0x8e)[0x54704e]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(PyRun_AnyFileExFlags+0x3c)[0x5478fc]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(Py_RunMain+0x8d7)[0x42b1e7]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(Py_BytesMain+0x56)[0x42b586]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f71442c4840]
/home/xxm/Desktop/apifuzz/Python-3.9.2/python(_start+0x29)[0x42a289]
======= Memory map: ========
00400000-00762000 r-xp 00000000 08:07 7740578 /home/xxm/Desktop/apifuzz/Python-3.9.2/python
00961000-00962000 r--p 00361000 08:07 7740578 /home/xxm/Desktop/apifuzz/Python-3.9.2/python
00962000-0099a000 rw-p 00362000 08:07 7740578 /home/xxm/Desktop/apifuzz/Python-3.9.2/python
0099a000-009be000 rw-p 00000000 00:00 0
012dc000-013ce000 rw-p 00000000 00:00 0 [heap]
7f713c000000-7f713c021000 rw-p 00000000 00:00 0
7f713c021000-7f7140000000 ---p 00000000 00:00 0
7f71439b5000-7f71439cc000 r-xp 00000000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f71439cc000-7f7143bcb000 ---p 00017000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f7143bcb000-7f7143bcc000 r--p 00016000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f7143bcc000-7f7143bcd000 rw-p 00017000 08:07 1966109 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f7143bf0000-7f714407b000 r--p 00000000 08:07 4326136 /usr/lib/locale/locale-archive
7f714407b000-7f71440a0000 r-xp 00000000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f71440a0000-7f714429f000 ---p 00025000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f714429f000-7f71442a3000 r--p 00024000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f71442a3000-7f71442a4000 rw-p 00028000 08:07 1970777 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f71442a4000-7f7144464000 r-xp 00000000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so
7f7144464000-7f7144664000 ---p 001c0000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so
7f7144664000-7f7144668000 r--p 001c0000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so
7f7144668000-7f714466a000 rw-p 001c4000 08:07 1966308 /lib/x86_64-linux-gnu/libc-2.23.so
7f714466a000-7f714466e000 rw-p 00000000 00:00 0
7f714466e000-7f71446ab000 r-xp 00000000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f71446ab000-7f71448ab000 ---p 0003d000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f71448ab000-7f71448ad000 r--p 0003d000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f71448ad000-7f71448b3000 rw-p 0003f000 08:07 1970756 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f71448b3000-7f71448b4000 rw-p 00000000 00:00 0
7f71448b4000-7f71449bc000 r-xp 00000000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so
7f71449bc000-7f7144bbb000 ---p 00108000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so
7f7144bbb000-7f7144bbc000 r--p 00107000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so
7f7144bbc000-7f7144bbd000 rw-p 00108000 08:07 1966312 /lib/x86_64-linux-gnu/libm-2.23.so
7f7144bbd000-7f7144bbf000 r-xp 00000000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so
7f7144bbf000-7f7144dbe000 ---p 00002000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so
7f7144dbe000-7f7144dbf000 r--p 00001000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so
7f7144dbf000-7f7144dc0000 rw-p 00002000 08:07 1966307 /lib/x86_64-linux-gnu/libutil-2.23.so
7f7144dc0000-7f7144dc3000 r-xp 00000000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so
7f7144dc3000-7f7144fc2000 ---p 00003000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so
7f7144fc2000-7f7144fc3000 r--p 00002000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so
7f7144fc3000-7f7144fc4000 rw-p 00003000 08:07 1966306 /lib/x86_64-linux-gnu/libdl-2.23.so
7f7144fc4000-7f7144fdc000 r-xp 00000000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so
7f7144fdc000-7f71451db000 ---p 00018000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so
7f71451db000-7f71451dc000 r--p 00017000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so
7f71451dc000-7f71451dd000 rw-p 00018000 08:07 1966309 /lib/x86_64-linux-gnu/libpthread-2.23.so
7f71451dd000-7f71451e1000 rw-p 00000000 00:00 0
7f71451e1000-7f7145207000 r-xp 00000000 08:07 1966319 /lib/x86_64-linux-gnu/ld-2.23.so
7f7145210000-7f71453e3000 rw-p 00000000 00:00 0
7f71453fe000-7f71453ff000 rw-p 00000000 00:00 0
7f71453ff000-7f7145406000 r--s 00000000 08:07 4589769 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
7f7145406000-7f7145407000 r--p 00025000 08:07 1966319 /lib/x86_64-linux-gnu/ld-2.23.so
7f7145407000-7f7145408000 rw-p 00026000 08:07 1966319 /lib/x86_64-linux-gnu/ld-2.23.so
7f7145408000-7f7145409000 rw-p 00000000 00:00 0
7ffefb5a0000-7ffefb5c1000 rw-p 00000000 00:00 0 [stack]
7ffefb5de000-7ffefb5e1000 r--p 00000000 00:00 0 [vvar]
7ffefb5e1000-7ffefb5e3000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted (core dumped)

Testing with gdb
--------------------------------------------------------------------------------------------------
$ gdb ./python
(gdb) run
Python 3.10.0a6+ (heads/pycore_symtable-dirty:27700e0c8b, Mar 18 2021, 03:11:22) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] on linux
>>> input([1,2]*10000)
realloc(): invalid next size

Program received signal SIGABRT, Aborted.
0x00007ffff7c629d5 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install libxcrypt-4.4.18-1.fc33.x86_64 ncurses-libs-6.2-3.20200222.fc33.x86_64 readline-8.0-5.fc33.x86_64

(gdb) where
#0 0x00007ffff7c629d5 in raise () from /lib64/libc.so.6
#1 0x00007ffff7c4b8a4 in abort () from /lib64/libc.so.6
#2 0x00007ffff7ca5177 in __libc_message () from /lib64/libc.so.6
#3 0x00007ffff7cace6c in malloc_printerr () from /lib64/libc.so.6
#4 0x00007ffff7cb111c in _int_realloc () from /lib64/libc.so.6
#5 0x00007ffff7cb22a6 in realloc () from /lib64/libc.so.6
#6 0x00007fffea4c9dc2 in xrealloc () from /lib64/libreadline.so.8
#7 0x00007fffea4bb7ab in rl_redisplay () from /lib64/libreadline.so.8
#8 0x00007fffea4a5727 in readline_internal_setup () from /lib64/libreadline.so.8
#9 0x00007fffea4c7489 in _rl_callback_newline () from /lib64/libreadline.so.8
#10 0x00007ffff7fbdb68 in readline_until_enter_or_signal (
    prompt=0xba9b40 "[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1"..., signal=0x7fffffffb7f4) at /home/vstinner/python/master/Modules/readline.c:1318
#11 0x00007ffff7fbde06 in call_readline (sys_stdin=0x7ffff7de9800 <_IO_2_1_stdin_>, sys_stdout=0x7ffff7dea520 <_IO_2_1_stdout_>,
    prompt=0xba9b40 "[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1"...) at /home/vstinner/python/master/Modules/readline.c:1396
#12 0x000000000071f7b3 in PyOS_Readline (sys_stdin=0x7ffff7de9800 <_IO_2_1_stdin_>, sys_stdout=0x7ffff7dea520 <_IO_2_1_stdout_>,
    prompt=0xba9b40 "[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1"...) at Parser/myreadline.c:393
#13 0x000000000069d23c in builtin_input_impl (module=<module at remote 0x7fffea69d590>,
    prompt=[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, ...(truncated)) at Python/bltinmodule.c:2096
#14 0x0000000000699156 in builtin_input (module=<module at remote 0x7fffea69d590>, args=0x7fffea62c7b8, nargs=1) at Python/clinic/bltinmodule.c.h:662
...

-----------------------------------------------------------------------------------------------
Testing with valgrind
$ PYTHONMALLOC=malloc_debug valgrind --log-file=valgrind.log ./python
>>> input([1,2]*10000)
[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, (...)
Erreur de segmentation (core dumped)

$ cat valgrind.log
==8025== Memcheck, a memory error detector
==8025== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==8025== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==8025== Command: ./python
==8025== Parent PID: 7434
==8025==
==8025== Invalid write of size 4
==8025== at 0x1297C410: rl_redisplay (display.c:865)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025== by 0x525A14: call_function (ceval.c:5931)
==8025== Address 0x4e5ef00 is 0 bytes after a block of size 1,024 alloc'd
==8025== at 0x4839809: malloc (vg_replace_malloc.c:307)
==8025== by 0x1298B7DC: xmalloc (xmalloc.c:59)
==8025== by 0x12974F1C: init_line_structures (display.c:641)
==8025== by 0x1297D856: rl_redisplay (display.c:680)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x6281D0: tok_nextc (tokenizer.c:894)
==8025== by 0x6298E5: tok_get (tokenizer.c:1236)
==8025== by 0x62B285: PyTokenizer_Get (tokenizer.c:1895)
==8025==
==8025== Invalid write of size 4
==8025== at 0x1297C425: rl_redisplay (display.c:862)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025== by 0x525A14: call_function (ceval.c:5931)
==8025== Address 0x4e5ef04 is 4 bytes after a block of size 1,024 alloc'd
==8025== at 0x4839809: malloc (vg_replace_malloc.c:307)
==8025== by 0x1298B7DC: xmalloc (xmalloc.c:59)
==8025== by 0x12974F1C: init_line_structures (display.c:641)
==8025== by 0x1297D856: rl_redisplay (display.c:680)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x6281D0: tok_nextc (tokenizer.c:894)
==8025== by 0x6298E5: tok_get (tokenizer.c:1236)
==8025== by 0x62B285: PyTokenizer_Get (tokenizer.c:1895)
==8025==
==8025== Conditional jump or move depends on uninitialised value(s)
==8025== at 0x1297AF01: update_line (display.c:1897)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025==
==8025== Conditional jump or move depends on uninitialised value(s)
==8025== at 0x1297AF0F: update_line (display.c:1921)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025==
==8025== Conditional jump or move depends on uninitialised value(s)
==8025== at 0x1297A8B2: UnknownInlinedFun (display.c:3144)
==8025== by 0x1297A8B2: update_line (display.c:2200)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025==
==8025== Conditional jump or move depends on uninitialised value(s)
==8025== at 0x483FC63: bcmp (vg_replace_strmem.c:1111)
==8025== by 0x129794C9: update_line (display.c:1656)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025==
==8025== Conditional jump or move depends on uninitialised value(s)
==8025== at 0x1297959C: update_line (display.c:1703)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025==
==8025== Conditional jump or move depends on uninitialised value(s)
==8025== at 0x1297AB9D: update_line (display.c:1704)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025==
==8025== Use of uninitialised value of size 8
==8025== at 0x129795EA: update_line (display.c:1704)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025==
==8025== Invalid read of size 1
==8025== at 0x129795EA: update_line (display.c:1704)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025== Address 0xfffffffff2213d9d is not stack'd, malloc'd or (recently) free'd
==8025==
==8025==
==8025== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==8025== Access not within mapped region at address 0xFFFFFFFFF2213D9D
==8025== at 0x129795EA: update_line (display.c:1704)
==8025== by 0x1297C8A4: rl_redisplay (display.c:1154)
==8025== by 0x12967726: readline_internal_setup (readline.c:447)
==8025== by 0x12989488: _rl_callback_newline (callback.c:100)
==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318)
==8025== by 0x4854E05: call_readline (readline.c:1396)
==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393)
==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096)
==8025== by 0x699155: builtin_input (bltinmodule.c.h:662)
==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426)
==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114)
==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123)
==8025== If you believe this happened as a result of a stack
==8025== overflow in your program's main thread (unlikely but
==8025== possible), you can try to increase the size of the
==8025== main thread stack using the --main-stacksize= flag.
==8025== The main thread stack size used in this run was 8388608.
==8025==
==8025== HEAP SUMMARY:
==8025== in use at exit: 6,501,013 bytes in 73,176 blocks
==8025== total heap usage: 151,328 allocs, 78,152 frees, 30,639,455 bytes allocated
==8025==
==8025== LEAK SUMMARY:
==8025== definitely lost: 0 bytes in 0 blocks
==8025== indirectly lost: 0 bytes in 0 blocks
==8025== possibly lost: 5,168,429 bytes in 32,868 blocks
==8025== still reachable: 1,332,584 bytes in 40,308 blocks
==8025== suppressed: 0 bytes in 0 blocks
==8025== Rerun with --leak-check=full to see details of leaked memory
==8025==
==8025== Use --track-origins=yes to see where uninitialised values come from
==8025== For lists of detected and suppressed errors, rerun with: -s
==8025== ERROR SUMMARY: 125 errors from 10 contexts (suppressed: 0 from 0)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers