On Wed, Nov 01, 2017 at 11:14:08AM +0100, Karsten Hilbert wrote:
> Or rather: I need to find out which "place" a given address
> refers to, check whether the changing addresses always belong
> to the same "place" between runs and _then_ map a "place" to
> its address and breakpoint that address on yet another run.
>
> It might seem
>
> gdb> info symbol <the address>
>
> should give me the "place".
Given this:
Debug memory block at address p=0x6aab7c: API ''
0 bytes originally requested
The 3 pad bytes at p-3 are not all FORBIDDENBYTE (0xfb):
at p-3: 0x33 *** OUCH
at p-2: 0x47 *** OUCH
at p-1: 0x00 *** OUCH
Because memory is corrupted at the start, the count of bytes
requested
may be bogus, and checking the trailing pad bytes may segfault.
The 4 pad bytes at tail=0x6aab7c are not all FORBIDDENBYTE (0xfb):
at tail+0: 0x00 *** OUCH
at tail+1: 0x00 *** OUCH
at tail+2: 0x00 *** OUCH
at tail+3: 0x00 *** OUCH
The block was made by call #0 to debug malloc/realloc.
Fatal Python error: bad ID: Allocated using API '', verified using API
'o'
Program received signal SIGABRT, Aborted.
0xb7fd9ce9 in __kernel_vsyscall ()
(gdb) info symbol 0x6aab7c
_Py_ZeroStruct in section .data of /usr/bin/python2.7-dbg
(gdb)
my assumption would be that something clobbers 0x6aab7c,
which seems to be in (?) _Py_ZeroStruct in this run. I'll
re-run a few times to make sure the corruption "reliably"
hits _Py_ZeroStruct.
If so, I'll set a memory write breakpoint on _Py_ZeroStruct.
Am I on the right track ?
Thanks,
Karsten
BTW, the backtrace for this run was ...
(gdb) bt
#0 0xb7fd9ce9 in __kernel_vsyscall ()
#1 0xb7d70dd0 in __libc_signal_restore_set (set=0xbfffee90) at
../sysdeps/unix/sysv/linux/nptl-signals.h:79
#2 __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:48
#3 0xb7d72297 in __GI_abort () at abort.c:89
#4 0x0055fb74 in Py_FatalError (msg=0xbffff13c "bad ID: Allocated
using API '\037', verified using API 'o'") at ../Python/pythonrun.c:1700
#5 0x00499adb in _PyObject_DebugCheckAddressApi (api=111 'o',
p=0x6aab7c <_Py_ZeroStruct>) at ../Objects/obmalloc.c:1640
#6 0x004997a5 in _PyObject_DebugFreeApi (api=111 'o', p=0x6aab7c
<_Py_ZeroStruct>) at ../Objects/obmalloc.c:1527
#7 0x0049964f in _PyObject_DebugFree (p=0x6aab7c <_Py_ZeroStruct>) at
../Objects/obmalloc.c:1471
#8 0x00471043 in int_dealloc (v=0x6aab7c <_Py_ZeroStruct>) at
../Objects/intobject.c:139
... so I could've known without "info symbol" :-)
#9 0x00497bee in _Py_Dealloc (op=False) at ../Objects/object.c:2262
#10 0x004885d7 in insertdict_by_entry (mp=0xb7fc5674,
key='dont_write_bytecode', hash=591857026, ep=0x7c5c08, value=None) at
../Objects/dictobject.c:519
#11 0x00488857 in insertdict (mp=0xb7fc5674, key='dont_write_bytecode',
hash=591857026, value=None) at ../Objects/dictobject.c:556
#12 0x0048910f in dict_set_item_by_hash_or_entry (
op={
'setrecursionlimit': None,
'dont_write_bytecode': None,
'getfilesystemencoding': <built-in function
getfilesystemencoding>,
'long_info': <sys.long_info at remote 0xb7f936e8>,
'path_importer_cache': None,
'stdout': <file at remote 0xb7fcd098>,
'getprofile': <built-in function getprofile>,
'__stdin__': <file at remote 0xb7fcd028>,
'version_info': <sys.version_info at remote 0xb7fcfd80>,
'exc_clear': <built-in function exc_clear>, 'gettotalrefcount':
<built-in function gettotalrefcount>, 'getrefcount': <built-in function
getrefcount>, 'byteorder': 'little', '_clear_type_cache': None, 'excepthook':
<built-in function excepthook>, 'subversion': ('CPython', '', ''),
'_multiarch': None, 'exc_type': None, 'ps1': None, '__excepthook__': <built-in
function excepthook>, 'executable': '/usr/bin/python2.7-dbg', 'float_info':
None, 'copyright': 'Copyright (c) 2001-2017 Python Software Foundation.\nAll
Rights Reserved.\n\nCopyright (c) 2000 BeOpen.com.\nAll Rights
Reserved.\n\nCopyright (c) 1995-2001 Corporation for Nation...(truncated),
key='dont_write_bytecode', hash=591857026, ep=0x0, value=None
) at ../Objects/dictobject.c:795
#13 0x00489285 in PyDict_SetItem (
op={'setrecursionlimit': None, 'dont_write_bytecode': None,
'getfilesystemencoding': <built-in function getfilesystemencoding>,
'long_info': <sys.long_info at remote
0xb7f936e8>, 'path_importer_cache': None, 'stdout': <file at remote
0xb7fcd098>, 'getprofile': <built-in function getprofile>, '__stdin__': <file
at remote 0xb7fcd028>, 'version_info': <sys.version_info at remote 0xb7fcfd80>,
'exc_clear': <built-in function exc_clear>, 'gettotalrefcount': <built-in
function gettotalrefcount>, 'getrefcount': <built-in function getrefcount>,
'byteorder': 'little', '_clear_type_cache': None, 'excepthook': <built-in
function excepthook>, 'subversion': ('CPython', '', ''), '_multiarch': None,
'exc_type': None, 'ps1': None, '__excepthook__': <built-in function
excepthook>, 'executable': '/usr/bin/python2.7-dbg', 'float_info': None,
'copyright': 'Copyright (c) 2001-2017 Python Software Foundation.\nAll Rights
Reserved.\n\nCopyright (c) 2000 BeOpen.com.\nAll Rights Reserved.\n\nCopyright
(c) 1995-2001 Corporation for Nation...(truncated), key='dont_write_bytecode',
value=None) at ../Objects/dictobject.c:848
#14 0x0049281f in _PyModule_Clear (m=<module at remote 0xb7f935d4>) at
../Objects/moduleobject.c:139
#15 0x0054a3ec in PyImport_Cleanup () at ../Python/import.c:540
#16 0x0055c53c in Py_Finalize () at ../Python/pythonrun.c:458
#17 0x0055fe9c in Py_Exit (sts=1) at ../Python/pythonrun.c:1783
#18 0x0055e0fc in handle_system_exit () at ../Python/pythonrun.c:1151
#19 0x0055e152 in PyErr_PrintEx (set_sys_last_vars=1) at
../Python/pythonrun.c:1161
#20 0x0055dd5b in PyErr_Print () at ../Python/pythonrun.c:1064
#21 0x0055d61f in PyRun_SimpleFileExFlags (fp=0x7ee010,
filename=0xbffff7e6 "./bootstrap_gm_db_system.py", closeit=1, flags=0xbffff4f4)
at ../Python/pythonrun.c:952
#22 0x0055cc4e in PyRun_AnyFileExFlags (fp=0x7ee010,
filename=0xbffff7e6 "./bootstrap_gm_db_system.py", closeit=1, flags=0xbffff4f4)
at ../Python/pythonrun.c:752
#23 0x00577cb0 in Py_Main (argc=5, argv=0xbffff684) at
../Modules/main.c:645
#24 0x004259c8 in main (argc=5, argv=0xbffff684) at
../Modules/python.c:20
--
--
https://mail.python.org/mailman/listinfo/python-list
