STINNER Victor added the comment:
It sounds like the reporter didn't use Valgrind properly. See last comments. If
Valgrind still reports issues when it's used properly, please reopen the issue
(or open a new issue). I close the issue for now.
--
resolution: -> not a bug
stage: ->
Charalampos Stratakis added the comment:
Another thing also, is to be sure to utilize the python's suppression file by
adding the --suppressions= to valgrind's command line invocation.
--
nosy: +cstratak
___
Python tracker
STINNER Victor added the comment:
By default, Python is optimized for performance but its pymalloc memory
allocator causes false alarms in Valgrind.
> https://github.com/python/cpython/blob/master/Misc/README.valgrind
This or you can disable pymalloc at runtime using:
PYTHONMALLOC=malloc
Tim Peters added the comment:
You're probably chasing ghosts ;-) Please read about what needs to be done to
use valgrind successfully with Python:
https://github.com/python/cpython/blob/master/Misc/README.valgrind
--
nosy: +tim.peters
title: Use After Free: PyObject_Free -> Use
Chiaki Ishikawa added the comment:
I found that the inlined functions are used by other functions and resulted in
similar issues. Once obmalloc.c is fixed, I think such problems are
automatically fixed.
--
___
Python tracker
Chiaki Ishikawa added the comment:
PyMem_Free and PyMem_Realloc also suffer from similar "Use After Free" issue.
The standard version of Python3.7 interpreter does not seem to have debug
symbol and so I installed a debug version of it. Now it seems to have a shadow
symbol of inlined
Chiaki Ishikawa added the comment:
Addtion:
PyObject_Realloc also has the issue of Use After Free: this may be more serious.
==31128== Invalid read of size 4
==31128==at 0x5A48CA: PyObject_Realloc (in /usr/bin/python3.7)
==31128==by 0x5DD8FB: _PyBytes_Resize (in /usr/bin/python3.7)
New submission from Chiaki Ishikawa :
Hi,
I am new to Python bug tracker, so my setting of the fields may be inadequate.
If so, apologies in advance.
I think Use After Free bug is a potential security issue and so wanted to
report ASAP.
First my environment: I am using Debian GNU/Linux, and