Package: python3 Version: 3.11.2-1 Dear maintainers,
I am getting a crash in the Python REPL in this scenario: 1. start "python3" in a terminal 2. type "2+2", enter 3. type (or copy-paste) "1234+5678", enter 4. arrow-up, remove "234", page-down, arrow-up, enter 5. arrow-up, arrow-up, add "000" (or whatever) after the 1, enter. this results in: free(): double free detected in tcache 2 [1] 2319820 IOT instruction python3 gdb log and stack trace attached.
gdb python3 GNU gdb (Debian 13.1-3) 13.1 Copyright (C) 2023 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from python3... Reading symbols from /usr/lib/debug/.build-id/ac/175ec7666754cf818b271b4fdc2761ac6865f2.debug... (gdb) run Starting program: /usr/bin/python3 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Python 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> 2+2 4 >>> 1234+5678 6912 >>> 2+2 4 >>> 1000+5678 free(): double free detected in tcache 2 Program received signal SIGABRT, Aborted. __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44 44 ./nptl/pthread_kill.c: Aucun fichier ou dossier de ce type. (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44 #1 0x00007ffff7d11d9f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78 #2 0x00007ffff7cc2f32 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007ffff7cad472 in __GI_abort () at ./stdlib/abort.c:79 #4 0x00007ffff7d06340 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7e20459 "%s\n") at ../sysdeps/posix/libc_fatal.c:155 #5 0x00007ffff7d1b6ba in malloc_printerr (str=str@entry=0x7ffff7e23098 "free(): double free detected in tcache 2") at ./malloc/malloc.c:5660 #6 0x00007ffff7d1d946 in _int_free (av=0x7ffff7e59c60 <main_arena>, p=0xe8e620, have_lock=have_lock@entry=0) at ./malloc/malloc.c:4469 #7 0x00007ffff7d1fd9f in __GI___libc_free (mem=<optimized out>) at ./malloc/malloc.c:3385 #8 0x00007ffff76ab7cf in rl_do_undo () from /lib/x86_64-linux-gnu/libreadline.so.8 #9 0x00007ffff76ab995 in rl_revert_line () from /lib/x86_64-linux-gnu/libreadline.so.8 #10 0x00007ffff768ef3d in readline_internal_teardown () from /lib/x86_64-linux-gnu/libreadline.so.8 #11 0x00007ffff76ad432 in rl_callback_read_char () from /lib/x86_64-linux-gnu/libreadline.so.8 #12 0x00007ffff7b1df18 in readline_until_enter_or_signal (signal=<synthetic pointer>, prompt=<optimized out>) at ./Modules/readline.c:1352 #13 call_readline (sys_stdin=<optimized out>, sys_stdout=<optimized out>, prompt=<optimized out>) at ./Modules/readline.c:1398 #14 0x00000000004748e0 in PyOS_Readline (sys_stdin=0x7ffff7e59a80 <_IO_2_1_stdin_>, sys_stdout=0x7ffff7e5a760 <_IO_2_1_stdout_>, prompt=0x7ffff77a7ba0 ">>> ") at ../Parser/myreadline.c:392 #15 0x0000000000538e87 in tok_underflow_interactive (tok=0xe8e740) at ../Parser/tokenizer.c:880 #16 tok_nextc (tok=0xe8e740) at ../Parser/tokenizer.c:1064 #17 0x0000000000529c76 in tok_get (tok=0xe8e740, p_start=0x7fffffffdc98, p_end=0x7fffffffdc90) at ../Parser/tokenizer.c:1419 #18 0x0000000000527ee6 in _PyTokenizer_Get (p_end=0x7fffffffdc90, p_start=0x7fffffffdc98, tok=0xe8e740) at ../Parser/tokenizer.c:2121 #19 _PyPegen_fill_token (p=p@entry=0x7ffff7c20490) at ../Parser/pegen.c:213 #20 0x0000000000633358 in statement_newline_rule (p=0x7ffff7c20490) at ../Parser/parser.c:1407 #21 interactive_rule (p=0x7ffff7c20490) at ../Parser/parser.c:1108 #22 _PyPegen_parse (p=p@entry=0x7ffff7c20490) at ../Parser/parser.c:38924 #23 0x0000000000632dfc in _PyPegen_run_parser (p=0x7ffff7c20490) at ../Parser/pegen.c:837 #24 0x00000000006510f7 in _PyPegen_run_parser_from_file_pointer (arena=0x7ffff7ba1bf0, errcode=0x7fffffffddfc, flags=0x7fffffffdf30, ps2=<optimized out>, ps1=0x7ffff77a7ba0 ">>> ", enc=0x7ffff7c79d60 "utf-8", filename_ob=<optimized out>, start_rule=256, fp=<optimized out>) at ../Parser/pegen.c:910 #25 _PyParser_ASTFromFile (fp=<optimized out>, filename_ob=<optimized out>, enc=0x7ffff7c79d60 "utf-8", mode=256, ps1=0x7ffff77a7ba0 ">>> ", ps2=<optimized out>, flags=0x7fffffffdf30, errcode=0x7fffffffddfc, arena=0x7ffff7ba1bf0) at ../Parser/peg_api.c:26 #26 0x0000000000483248 in PyRun_InteractiveOneObjectEx (fp=fp@entry=0x7ffff7e59a80 <_IO_2_1_stdin_>, filename=filename@entry='<stdin>', flags=flags@entry=0x7fffffffdf30) at ../Python/pythonrun.c:241 #27 0x0000000000482e19 in _PyRun_InteractiveLoopObject (fp=0x7ffff7e59a80 <_IO_2_1_stdin_>, filename='<stdin>', flags=0x7fffffffdf30) at ../Python/pythonrun.c:138 #28 0x0000000000463437 in _PyRun_AnyFileObject (fp=fp@entry=0x7ffff7e59a80 <_IO_2_1_stdin_>, filename=filename@entry='<stdin>', closeit=closeit@entry=0, flags=flags@entry=0x7fffffffdf30) at ../Python/pythonrun.c:73 #29 0x00000000004633ca in PyRun_AnyFileExFlags (fp=0x7ffff7e59a80 <_IO_2_1_stdin_>, filename=<optimized out>, closeit=0, flags=0x7fffffffdf30) at ../Python/pythonrun.c:105 #30 0x0000000000461ce4 in pymain_run_stdin (config=0xa6a120 <_PyRuntime+59904>) at ../Modules/main.c:509 #31 pymain_run_python (exitcode=0x7fffffffdf04) at ../Modules/main.c:604 #32 Py_RunMain () at ../Modules/main.c:680 #33 0x00000000006275c7 in Py_BytesMain (argc=<optimized out>, argv=<optimized out>) at ../Modules/main.c:734 #34 0x00007ffff7cae1ca in __libc_start_call_main (main=main@entry=0x627530 <main>, argc=argc@entry=1, argv=argv@entry=0x7fffffffe138) at ../sysdeps/nptl/libc_start_call_main.h:58 #35 0x00007ffff7cae285 in __libc_start_main_impl (main=0x627530 <main>, argc=1, argv=0x7fffffffe138, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe128) at ../csu/libc-start.c:360 #36 0x0000000000627461 in _start ()
OpenPGP_signature.asc
Description: OpenPGP digital signature
