Segmentation fault when using a subclassed sqlite3.Cursor on 3.11.x #99886
Description
Crash report / Error messages
When using a custom Cursor object that sets attributes on itself as part of __init__, segfaults occur when the cursor is GC'ed. For example, given a repro.py like
import sqlite3
class MyCursor(sqlite3.Cursor):
# uncomment below to avoid the segfault
#__slots__ = ('some_attr',)
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
# this can go before or after the super call; doesn't matter
self.some_attr = None
conn = sqlite3.connect(':memory:')
cur = conn.cursor(MyCursor)
cur.close()
del cur
print('never get here with -X dev')running gdb -q -ex run -ex 'bt 40' -ex c --args python -X dev repro.py </dev/null gives me output like
Program received signal SIGSEGV, Segmentation fault.
Py_DECREF (op=0xdddddddddddddddd) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Include/object.h:537
537 if (--op->ob_refcnt == 0) {
#0 Py_DECREF (op=0xdddddddddddddddd) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Include/object.h:537
#1 0x00007ffff7c7aa2c in _PyObject_ClearInstanceAttributes (self=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Objects/dictobject.c:5566
#2 subtype_clear (self=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Objects/typeobject.c:1288
#3 0x00007fffe9dee26e in cursor_dealloc (self=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Modules/_sqlite/cursor.c:184
#4 0x00007ffff7bfede0 in subtype_dealloc (self=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Objects/typeobject.c:1472
#5 0x00007ffff7bd3b77 in _Py_Dealloc (op=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Objects/object.c:2389
#6 Py_DECREF (op=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Include/object.h:538
#7 delitem_common (mp=<optimized out>, hash=<optimized out>, ix=<optimized out>, old_value=0x7ffff78a7760) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Objects/dictobject.c:1986
#8 0x00007ffff7bc8019 in _PyEval_EvalFrameDefault (tstate=<optimized out>, frame=<optimized out>, throwflag=<optimized out>)
at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/ceval.c:2787
#9 0x00007ffff7bbe5da in _PyEval_EvalFrame (throwflag=0, frame=0x7ffff7fb3020, tstate=0x7ffff7f200d8 <_PyRuntime+166328>)
at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Include/internal/pycore_ceval.h:73
#10 _PyEval_Vector (tstate=0x7ffff7f200d8 <_PyRuntime+166328>, func=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kwnames=<optimized out>)
at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/ceval.c:6428
#11 0x00007ffff7c48bbc in PyEval_EvalCode (co=0x7fffe9f24810, globals=<optimized out>, locals=0x7fffe9f05970) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/ceval.c:1154
#12 0x00007ffff7c679b3 in run_eval_code_obj (tstate=0x7ffff7f200d8 <_PyRuntime+166328>, co=0x7fffe9f24810, globals=0x7fffe9f05970, locals=0x7fffe9f05970)
at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/pythonrun.c:1714
#13 0x00007ffff7c63dda in run_mod (mod=<optimized out>, filename=<optimized out>, globals=0x7fffe9f05970, locals=0x7fffe9f05970, flags=<optimized out>, arena=<optimized out>)
at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/pythonrun.c:1735
#14 0x00007ffff7c79d92 in pyrun_file (fp=fp@entry=0x555555567500, filename=filename@entry=0x7fffe9fdb940, start=start@entry=257, globals=globals@entry=0x7fffe9f05970,
locals=locals@entry=0x7fffe9f05970, closeit=closeit@entry=1, flags=0x7fffffffe078) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/pythonrun.c:1630
#15 0x00007ffff7c79559 in _PyRun_SimpleFileObject (fp=0x555555567500, filename=0x7fffe9fdb940, closeit=1, flags=0x7fffffffe078)
at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/pythonrun.c:440
#16 0x00007ffff7c79228 in _PyRun_AnyFileObject (fp=0x555555567500, filename=0x7fffe9fdb940, closeit=1, flags=0x7fffffffe078)
at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Python/pythonrun.c:79
#17 0x00007ffff7c72ecb in pymain_run_file_obj (skip_source_first_line=0, filename=0x7fffe9fdb940, program_name=0x7ffff78d3450)
at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Modules/main.c:360
#18 pymain_run_file (config=0x7ffff7f06120 <_PyRuntime+59904>) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Modules/main.c:379
#19 pymain_run_python (exitcode=0x7fffffffe074) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Modules/main.c:601
#20 Py_RunMain () at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Modules/main.c:680
#21 0x00007ffff7c389fb in Py_BytesMain (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/python3.11-3.11.0-1.fc36.x86_64/Modules/main.c:734
#22 0x00007ffff7629510 in __libc_start_call_main (main=main@entry=0x555555555160 <main>, argc=argc@entry=4, argv=argv@entry=0x7fffffffe2c8) at ../sysdeps/nptl/libc_start_call_main.h:58
#23 0x00007ffff76295c9 in __libc_start_main_impl (main=0x555555555160 <main>, argc=4, argv=0x7fffffffe2c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
stack_end=0x7fffffffe2b8) at ../csu/libc-start.c:389
#24 0x0000555555555095 in _start ()
Continuing.
Fatal Python error: Segmentation fault
Current thread 0x00007ffff7f9d740 (most recent call first):
File "/home/tburke/repro.py", line 14 in <module>
Program received signal SIGSEGV, Segmentation fault.
(Note that line 14 is del cur)
Your environment
- CPython versions tested on:
- Operating system and architecture:
- x86_64 Linux