Ubuntu
python-fam package

using PyMem_DEL() instead of PyObject_FREE() causes python 2.5 to double free or corrupt

  1. Feisty (7.04)
  2. Bug #115655
Bug #115655 reported by David Ross
6
Affects Status Importance Assigned to Milestone
python-fam (Ubuntu)
Fix Released
Medium
David Ross
Feisty
Fix Released
Undecided
Scott Kitterman

Bug Description

Binary package hint: python-fam

Please read:
http://effbot.org/pyfaq/why-does-my-c-extension-suddenly-crash-under-2.5.htm

Ubuntu Release: 7.04
Python Version: 2.5.1~rc1-0ubuntu3
Python-Fam: 1.1.1-2.1build1

Anybody running Python 2.5 and python-fam release or package 1.1.1-2.1build1 or lower will experience problems, specifically

To reproduce, use a program which utlizes Python 2.5 and python-fam. A webware example below.

apt-get install fam
apt-get install python-fam
wget http://www.webwareforpython.org/downloads/Webware/Webware-0.9.3.tar.gz
tar zxvf Webware-0.9.3.tar.gz
./Webware-0.9.3/bin/MakeAppWorkDir.py Crash
cd Crash
open Configs/AppServer.config for editing
change "AutoReload = False" to "AutoReload = True"
run ./AppServer

*** glibc detected *** python: double free or corruption (out): 0x084ff410 ***

the python instance is completely unresponsive.

Bug afflicts:
Python 2.5: unresponsive application
Python 2.4: unaffected

Tested the fix and it also allows the python-fam to use the libgamin supplied libfam which I accidently reported earlier as another issue.

See original description
David Ross (david-ross)
description: updated
Changed in python-fam:
status: Unconfirmed → Confirmed
Scott Kitterman (kitterman)
Changed in python-fam:
importance: Undecided → Medium
Revision history for this message
David Ross (david-ross) wrote :
Revision history for this message
Matthias Klose (doko) wrote : Re: [Bug 115655] Re: using PyMem_DEL() instead of PyObject_FREE() causes python 2.5 to segfault

David Ross schrieb:
> ** Attachment added: "python-fam-patch1.diff"
> http://librarian.launchpad.net/7715145/python-fam-patch1.diff
>

shouldn't PyObject_Del be used instead of PyObject_FREE ?

Revision history for this message
David Ross (david-ross) wrote : Re: using PyMem_DEL() instead of PyObject_FREE() causes python 2.5 to segfault

Please copy and paste the line to a comment with the line number if you see any error. I don't see any instance of Del and PyObject on the same line.

Revision history for this message
David Ross (david-ross) wrote :

I see what you were asking now.

http://svn.python.org/projects/python/branches/release24-maint/Include/objimpl.h
http://svn.python.org/projects/python/branches/release25-maint/Include/objimpl.h

Comments say...
 Unless you have specific memory management requirements, use
! PyObject_{New, NewVar, Del}.

I'll use Del, and change NEW to New for naming consistency.

Revision history for this message
Matthias Klose (doko) wrote : Re: [Bug 115655] Re: using PyMem_DEL() instead of PyObject_FREE() causes python 2.5 to segfault

David Ross schrieb:
> I see what you were asking now.
>
> http://svn.python.org/projects/python/branches/release24-maint/Include/objimpl.h
> http://svn.python.org/projects/python/branches/release25-maint/Include/objimpl.h
>
> Comments say...
> Unless you have specific memory management requirements, use
> ! PyObject_{New, NewVar, Del}.
>
> I'll use Del, and change NEW to New for naming consistency.

thanks! A fixed package for feisty-proposed would be appreciated as well.

Revision history for this message
David Ross (david-ross) wrote : Re: using PyMem_DEL() instead of PyObject_FREE() causes python 2.5 to segfault

A patch for feisty-proposed

David Ross (david-ross)
description: updated
Revision history for this message
David Ross (david-ross) wrote :

okay, the segfaulting when I was testing my application on another machine was because I didn't have FAM installed. Therefore, I changed the description to double free or corrupt.

description: updated
David Ross (david-ross)
description: updated
description: updated
Revision history for this message
Martin Pitt (pitti) wrote :

SRU: Please get this fixed in Gutsy first. About the patch: will that also work for Python 2.4?

Revision history for this message
David Ross (david-ross) wrote :

apologies for the file naming.

python-fam-patch2.diff is a patch for gutsy
python-fam-feisty-proposed-p1.diff is for the feisty updates

Python 2.4 still maps PyMem_DEL() to PyObject_ methods. The patch just changes bad code to correct code. The objects were originally created using PyObject, they SHOULD have been deleted using PyObject, instead the author used PyMem. I have no idea why, but PyObject is the correct method. Since feisty only supports 2.4 and 2.5, I tested both using webware as my test. Webware using python-fam quite a bit.

Revision history for this message
Matthias Klose (doko) wrote : Re: [Bug 115655] Re: using PyMem_DEL() instead of PyObject_FREE() causes python 2.5 to double free or corrupt

Martin Pitt schrieb:
> SRU: Please get this fixed in Gutsy first. About the patch: will that
> also work for Python 2.4?

yes

Revision history for this message
Martin Pitt (pitti) wrote :

Setting to needsinfo to get it out of the focus of ubutu-sru. Please set it back to confirmed once it is fixed in gutsy.

Changed in python-fam:
status: Unconfirmed → Needs Info
Scott Kitterman (kitterman)
Changed in python-fam:
assignee: nobody → kitterman
status: Confirmed → In Progress
Revision history for this message
Scott Kitterman (kitterman) wrote :

Patched and uploaded for Gutsy. You need to mention the maintainer change in debian/changelog (I fixed it this time). Please monitor and make sure it builds correctly. Once it's built, you can pick up work on your SRU.

Changed in python-fam:
assignee: kitterman → david-ross
status: In Progress → Fix Committed
Scott Kitterman (kitterman)
Changed in python-fam:
status: Fix Committed → Fix Released
Revision history for this message
Scott Kitterman (kitterman) wrote :

Uploaded for feisty-proposed.

Changed in python-fam:
status: Incomplete → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

Accpeted into -proposed. Please go ahead with QA testing

Changed in python-fam:
status: In Progress → Fix Committed
Revision history for this message
Scott Kitterman (kitterman) wrote :

To test, please add:

deb http://archive.ubuntu.com/ubuntu/ feisty-proposed universe

to your sources.list(5). Then, update and upgrade (or install) python-fam.

Then leave a comment here about if the fix works or not.

Changed in python-fam:
assignee: nobody → kitterman
Revision history for this message
David Ross (david-ross) wrote :

the package appears to be fine. Thanks.

Revision history for this message
Martin Pitt (pitti) wrote :

Copied to feisty-updates, got one confirmation.

Changed in python-fam:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.