#13719: Illegal free in graph_generators
-------------------------------------+--------------------------------------
Reporter: nbruin | Owner: rlm
Type: defect | Status: needs_review
Priority: critical | Milestone: sage-5.6
Component: graph theory | Resolution:
Keywords: graphs segfault | Work issues:
Report Upstream: N/A | Reviewers:
Authors: Jean-Pierre Flori | Merged in:
Dependencies: | Stopgaps:
-------------------------------------+--------------------------------------
Changes (by {'newvalue': u'Jean-Pierre Flori', 'oldvalue': ''}):
* keywords: => graphs segfault
* status: new => needs_review
* component: memleak => graph theory
* author: => Jean-Pierre Flori
Old description:
> On linux:
> {{{
> $ export MALLOC_CHECK_=3
> $ sage -t -gdb -force_lib "devel/sage/sage/graphs/graph_generators.py"
> }}}
> produces a SIGABRT. gdb traceback (first bit):
> {{{
> #0 0x00000031cfe36285 in raise () from /lib64/libc.so.6
> #1 0x00000031cfe37b9b in abort () from /lib64/libc.so.6
> #2 0x00000031cfe7774e in __libc_message () from /lib64/libc.so.6
> #3 0x00000031cfe7da76 in malloc_printerr () from /lib64/libc.so.6
> #4 0x00007fffbe7eeead in sage_free (ptr=<optimized out>) at
> /usr/local/sage/5.0/local/include/csage/memory.h:46
> #5 __pyx_pf_4sage_6graphs_5trees_12TreeIterator_1__dealloc__
> (__pyx_v_self=0x7fffbf10c930) at sage/graphs/trees.c:807
> #6 __pyx_tp_dealloc_4sage_6graphs_5trees_TreeIterator (o=0x7fffbf10c930)
> at sage/graphs/trees.c:2486
> #7 0x00007ffff7cc6bf3 in tupledealloc (op=0x7fffc3890450) at
> Objects/tupleobject.c:220
> #8 0x00007ffff7d12c49 in do_call (nk=<optimized out>, na=<optimized
> out>, pp_stack=0x7fffffffb990, func=0x7ffff7fc33e0) at
> Python/ceval.c:4233
> ...
> }}}
> This indicates a double free/other memory management problem. Refcount
> wrong?
New description:
On linux:
{{{
$ export MALLOC_CHECK_=3
$ sage -t -gdb -force_lib "devel/sage/sage/graphs/graph_generators.py"
}}}
produces a SIGABRT. gdb traceback (first bit):
{{{
#0 0x00000031cfe36285 in raise () from /lib64/libc.so.6
#1 0x00000031cfe37b9b in abort () from /lib64/libc.so.6
#2 0x00000031cfe7774e in __libc_message () from /lib64/libc.so.6
#3 0x00000031cfe7da76 in malloc_printerr () from /lib64/libc.so.6
#4 0x00007fffbe7eeead in sage_free (ptr=<optimized out>) at
/usr/local/sage/5.0/local/include/csage/memory.h:46
#5 __pyx_pf_4sage_6graphs_5trees_12TreeIterator_1__dealloc__
(__pyx_v_self=0x7fffbf10c930) at sage/graphs/trees.c:807
#6 __pyx_tp_dealloc_4sage_6graphs_5trees_TreeIterator (o=0x7fffbf10c930)
at sage/graphs/trees.c:2486
#7 0x00007ffff7cc6bf3 in tupledealloc (op=0x7fffc3890450) at
Objects/tupleobject.c:220
#8 0x00007ffff7d12c49 in do_call (nk=<optimized out>, na=<optimized out>,
pp_stack=0x7fffffffb990, func=0x7ffff7fc33e0) at Python/ceval.c:4233
...
}}}
For tree with no vertices, no memory was allocated (more or less as
intended, with a malloc with size 0), but the next routine of the iterator
tries to write something at the "allocated" address.
This is fixed by handling separately the 0 sized trees and not allocating
nor writing anything in this case.
--
Comment:
Updated patch with local doctest, feel free to devise a better one.
I just realized that I did not mention that this should go quite
undetectable unless one uses MALLOC_CHECK.
Nonetheless, as ones write something in memory which was not allocated for
this purpose, the fixed bug should potentially lead to segfaults (although
this obviously never happened since this code is in Sage, or not
frequently enough to be reported).
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/13719#comment:5>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.
