STINNER Victor <vstin...@python.org> added the comment:
It looks like a bug in libreadline. Python only calls rl_callback_handler_install (prompt, rlhandler); where prompt is a byte string of 60,000 bytes: len(repr([1,2]*10000)). $ gdb ./python (gdb) run Python 3.10.0a6+ (heads/pycore_symtable-dirty:27700e0c8b, Mar 18 2021, 03:11:22) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] on linux >>> input([1,2]*10000) realloc(): invalid next size Program received signal SIGABRT, Aborted. 0x00007ffff7c629d5 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: dnf debuginfo-install libxcrypt-4.4.18-1.fc33.x86_64 ncurses-libs-6.2-3.20200222.fc33.x86_64 readline-8.0-5.fc33.x86_64 (gdb) where #0 0x00007ffff7c629d5 in raise () from /lib64/libc.so.6 #1 0x00007ffff7c4b8a4 in abort () from /lib64/libc.so.6 #2 0x00007ffff7ca5177 in __libc_message () from /lib64/libc.so.6 #3 0x00007ffff7cace6c in malloc_printerr () from /lib64/libc.so.6 #4 0x00007ffff7cb111c in _int_realloc () from /lib64/libc.so.6 #5 0x00007ffff7cb22a6 in realloc () from /lib64/libc.so.6 #6 0x00007fffea4c9dc2 in xrealloc () from /lib64/libreadline.so.8 #7 0x00007fffea4bb7ab in rl_redisplay () from /lib64/libreadline.so.8 #8 0x00007fffea4a5727 in readline_internal_setup () from /lib64/libreadline.so.8 #9 0x00007fffea4c7489 in _rl_callback_newline () from /lib64/libreadline.so.8 #10 0x00007ffff7fbdb68 in readline_until_enter_or_signal ( prompt=0xba9b40 "[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1"..., signal=0x7fffffffb7f4) at /home/vstinner/python/master/Modules/readline.c:1318 #11 0x00007ffff7fbde06 in call_readline (sys_stdin=0x7ffff7de9800 <_IO_2_1_stdin_>, sys_stdout=0x7ffff7dea520 <_IO_2_1_stdout_>, prompt=0xba9b40 "[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1"...) at /home/vstinner/python/master/Modules/readline.c:1396 #12 0x000000000071f7b3 in PyOS_Readline (sys_stdin=0x7ffff7de9800 <_IO_2_1_stdin_>, sys_stdout=0x7ffff7dea520 <_IO_2_1_stdout_>, prompt=0xba9b40 "[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1"...) at Parser/myreadline.c:393 #13 0x000000000069d23c in builtin_input_impl (module=<module at remote 0x7fffea69d590>, prompt=[1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, ...(truncated)) at Python/bltinmodule.c:2096 #14 0x0000000000699156 in builtin_input (module=<module at remote 0x7fffea69d590>, args=0x7fffea62c7b8, nargs=1) at Python/clinic/bltinmodule.c.h:662 ... Valgrind also sees many memory errors: $ PYTHONMALLOC=malloc_debug valgrind --log-file=valgrind.log ./python >>> input([1,2]*10000) [1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, 1, 2, (...) Erreur de segmentation (core dumped) $ cat valgrind.log ==8025== Memcheck, a memory error detector ==8025== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==8025== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info ==8025== Command: ./python ==8025== Parent PID: 7434 ==8025== ==8025== Invalid write of size 4 ==8025== at 0x1297C410: rl_redisplay (display.c:865) ==8025== by 0x12967726: readline_internal_setup (readline.c:447) ==8025== by 0x12989488: _rl_callback_newline (callback.c:100) ==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318) ==8025== by 0x4854E05: call_readline (readline.c:1396) ==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393) ==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096) ==8025== by 0x699155: builtin_input (bltinmodule.c.h:662) ==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426) ==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114) ==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123) ==8025== by 0x525A14: call_function (ceval.c:5931) ==8025== Address 0x4e5ef00 is 0 bytes after a block of size 1,024 alloc'd ==8025== at 0x4839809: malloc (vg_replace_malloc.c:307) ==8025== by 0x1298B7DC: xmalloc (xmalloc.c:59) ==8025== by 0x12974F1C: init_line_structures (display.c:641) ==8025== by 0x1297D856: rl_redisplay (display.c:680) ==8025== by 0x12967726: readline_internal_setup (readline.c:447) ==8025== by 0x12989488: _rl_callback_newline (callback.c:100) ==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318) ==8025== by 0x4854E05: call_readline (readline.c:1396) ==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393) ==8025== by 0x6281D0: tok_nextc (tokenizer.c:894) ==8025== by 0x6298E5: tok_get (tokenizer.c:1236) ==8025== by 0x62B285: PyTokenizer_Get (tokenizer.c:1895) ==8025== ==8025== Invalid write of size 4 ==8025== at 0x1297C425: rl_redisplay (display.c:862) ==8025== by 0x12967726: readline_internal_setup (readline.c:447) ==8025== by 0x12989488: _rl_callback_newline (callback.c:100) ==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318) ==8025== by 0x4854E05: call_readline (readline.c:1396) ==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393) ==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096) ==8025== by 0x699155: builtin_input (bltinmodule.c.h:662) ==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426) ==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114) ==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123) ==8025== by 0x525A14: call_function (ceval.c:5931) ==8025== Address 0x4e5ef04 is 4 bytes after a block of size 1,024 alloc'd ==8025== at 0x4839809: malloc (vg_replace_malloc.c:307) ==8025== by 0x1298B7DC: xmalloc (xmalloc.c:59) ==8025== by 0x12974F1C: init_line_structures (display.c:641) ==8025== by 0x1297D856: rl_redisplay (display.c:680) ==8025== by 0x12967726: readline_internal_setup (readline.c:447) ==8025== by 0x12989488: _rl_callback_newline (callback.c:100) ==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318) ==8025== by 0x4854E05: call_readline (readline.c:1396) ==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393) ==8025== by 0x6281D0: tok_nextc (tokenizer.c:894) ==8025== by 0x6298E5: tok_get (tokenizer.c:1236) ==8025== by 0x62B285: PyTokenizer_Get (tokenizer.c:1895) ==8025== ==8025== Conditional jump or move depends on uninitialised value(s) ==8025== at 0x1297AF01: update_line (display.c:1897) ==8025== by 0x1297C8A4: rl_redisplay (display.c:1154) ==8025== by 0x12967726: readline_internal_setup (readline.c:447) ==8025== by 0x12989488: _rl_callback_newline (callback.c:100) ==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318) ==8025== by 0x4854E05: call_readline (readline.c:1396) ==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393) ==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096) ==8025== by 0x699155: builtin_input (bltinmodule.c.h:662) ==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426) ==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114) ==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123) ==8025== ==8025== Conditional jump or move depends on uninitialised value(s) ==8025== at 0x1297AF0F: update_line (display.c:1921) ==8025== by 0x1297C8A4: rl_redisplay (display.c:1154) ==8025== by 0x12967726: readline_internal_setup (readline.c:447) ==8025== by 0x12989488: _rl_callback_newline (callback.c:100) ==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318) ==8025== by 0x4854E05: call_readline (readline.c:1396) ==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393) ==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096) ==8025== by 0x699155: builtin_input (bltinmodule.c.h:662) ==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426) ==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114) ==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123) ==8025== ==8025== Conditional jump or move depends on uninitialised value(s) ==8025== at 0x1297A8B2: UnknownInlinedFun (display.c:3144) ==8025== by 0x1297A8B2: update_line (display.c:2200) ==8025== by 0x1297C8A4: rl_redisplay (display.c:1154) ==8025== by 0x12967726: readline_internal_setup (readline.c:447) ==8025== by 0x12989488: _rl_callback_newline (callback.c:100) ==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318) ==8025== by 0x4854E05: call_readline (readline.c:1396) ==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393) ==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096) ==8025== by 0x699155: builtin_input (bltinmodule.c.h:662) ==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426) ==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114) ==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123) ==8025== ==8025== Conditional jump or move depends on uninitialised value(s) ==8025== at 0x483FC63: bcmp (vg_replace_strmem.c:1111) ==8025== by 0x129794C9: update_line (display.c:1656) ==8025== by 0x1297C8A4: rl_redisplay (display.c:1154) ==8025== by 0x12967726: readline_internal_setup (readline.c:447) ==8025== by 0x12989488: _rl_callback_newline (callback.c:100) ==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318) ==8025== by 0x4854E05: call_readline (readline.c:1396) ==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393) ==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096) ==8025== by 0x699155: builtin_input (bltinmodule.c.h:662) ==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426) ==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114) ==8025== ==8025== Conditional jump or move depends on uninitialised value(s) ==8025== at 0x1297959C: update_line (display.c:1703) ==8025== by 0x1297C8A4: rl_redisplay (display.c:1154) ==8025== by 0x12967726: readline_internal_setup (readline.c:447) ==8025== by 0x12989488: _rl_callback_newline (callback.c:100) ==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318) ==8025== by 0x4854E05: call_readline (readline.c:1396) ==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393) ==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096) ==8025== by 0x699155: builtin_input (bltinmodule.c.h:662) ==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426) ==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114) ==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123) ==8025== ==8025== Conditional jump or move depends on uninitialised value(s) ==8025== at 0x1297AB9D: update_line (display.c:1704) ==8025== by 0x1297C8A4: rl_redisplay (display.c:1154) ==8025== by 0x12967726: readline_internal_setup (readline.c:447) ==8025== by 0x12989488: _rl_callback_newline (callback.c:100) ==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318) ==8025== by 0x4854E05: call_readline (readline.c:1396) ==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393) ==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096) ==8025== by 0x699155: builtin_input (bltinmodule.c.h:662) ==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426) ==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114) ==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123) ==8025== ==8025== Use of uninitialised value of size 8 ==8025== at 0x129795EA: update_line (display.c:1704) ==8025== by 0x1297C8A4: rl_redisplay (display.c:1154) ==8025== by 0x12967726: readline_internal_setup (readline.c:447) ==8025== by 0x12989488: _rl_callback_newline (callback.c:100) ==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318) ==8025== by 0x4854E05: call_readline (readline.c:1396) ==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393) ==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096) ==8025== by 0x699155: builtin_input (bltinmodule.c.h:662) ==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426) ==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114) ==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123) ==8025== ==8025== Invalid read of size 1 ==8025== at 0x129795EA: update_line (display.c:1704) ==8025== by 0x1297C8A4: rl_redisplay (display.c:1154) ==8025== by 0x12967726: readline_internal_setup (readline.c:447) ==8025== by 0x12989488: _rl_callback_newline (callback.c:100) ==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318) ==8025== by 0x4854E05: call_readline (readline.c:1396) ==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393) ==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096) ==8025== by 0x699155: builtin_input (bltinmodule.c.h:662) ==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426) ==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114) ==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123) ==8025== Address 0xfffffffff2213d9d is not stack'd, malloc'd or (recently) free'd ==8025== ==8025== ==8025== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==8025== Access not within mapped region at address 0xFFFFFFFFF2213D9D ==8025== at 0x129795EA: update_line (display.c:1704) ==8025== by 0x1297C8A4: rl_redisplay (display.c:1154) ==8025== by 0x12967726: readline_internal_setup (readline.c:447) ==8025== by 0x12989488: _rl_callback_newline (callback.c:100) ==8025== by 0x4854B67: readline_until_enter_or_signal (readline.c:1318) ==8025== by 0x4854E05: call_readline (readline.c:1396) ==8025== by 0x71F7B2: PyOS_Readline (myreadline.c:393) ==8025== by 0x69D23B: builtin_input_impl (bltinmodule.c:2096) ==8025== by 0x699155: builtin_input (bltinmodule.c.h:662) ==8025== by 0x6635B2: cfunction_vectorcall_FASTCALL (methodobject.c:426) ==8025== by 0x50D168: _PyObject_VectorcallTstate (abstract.h:114) ==8025== by 0x50D1C7: PyObject_Vectorcall (abstract.h:123) ==8025== If you believe this happened as a result of a stack ==8025== overflow in your program's main thread (unlikely but ==8025== possible), you can try to increase the size of the ==8025== main thread stack using the --main-stacksize= flag. ==8025== The main thread stack size used in this run was 8388608. ==8025== ==8025== HEAP SUMMARY: ==8025== in use at exit: 6,501,013 bytes in 73,176 blocks ==8025== total heap usage: 151,328 allocs, 78,152 frees, 30,639,455 bytes allocated ==8025== ==8025== LEAK SUMMARY: ==8025== definitely lost: 0 bytes in 0 blocks ==8025== indirectly lost: 0 bytes in 0 blocks ==8025== possibly lost: 5,168,429 bytes in 32,868 blocks ==8025== still reachable: 1,332,584 bytes in 40,308 blocks ==8025== suppressed: 0 bytes in 0 blocks ==8025== Rerun with --leak-check=full to see details of leaked memory ==8025== ==8025== Use --track-origins=yes to see where uninitialised values come from ==8025== For lists of detected and suppressed errors, rerun with: -s ==8025== ERROR SUMMARY: 125 errors from 10 contexts (suppressed: 0 from 0) Line numbers of readline-8.0-5.fc33.x86_64 and the current master branch of Python. ---------- nosy: +vstinner _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue43537> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com