python-cdb 0.32 (-5.2ubuntu2) with Python 2.5 causes double-free corruption crash on dealloc
I’ve recently started moving my linux box to a new x86_64 machine running Ubuntu 7.10. I searched for references to this bug but didn’t find anything with Google or launchpad, so I wanted to make a note of it so future victims can see what is going on and to remind me to report it. The symptom is a crash when your cdb object is deallocated usually with a “double-free” memory corruption error message. Assuming a .cdb file named “foo.cdb”, the following script will repro the bug:
#!/usr/bin/python import cdb c = cdb.init('foo.cdb') del c
with the following message:
fox@hercules:~$ python cdbrepro.py *** glibc detected *** python: free(): invalid pointer: 0x00002b56c25bd750 *** ======= Backtrace: ========= /lib/libc.so.6[0x2b56c300ab0a] /lib/libc.so.6(cfree+0x8c)[0x2b56c300e6fc] python(PyDict_DelItem+0xfa)[0x44370a] python(PyEval_EvalFrameEx+0x2e40)[0x485140] python(PyEval_EvalCodeEx+0x830)[0x489d60] python(PyEval_EvalCode+0x32)[0x489da2] python(PyRun_FileExFlags+0x10e)[0x4ab4fe] [...] Aborted (core dumped)
Some other searching suggests that python-cdb’s use of PyMem_DEL is no longer recommended. I haven’t verified that this doesn’t cause other problems, but replacing cdbmodule.c’s use of PyMem_DEL with PyObject_Del (and the PyObject_NEW with _New, to use consistent naming).
As soon as Ubuntu’s bug tracker (launchpad) works again for me I’ll report the bug. Launchpad is timing out with an error message for me now.