-
-
Notifications
You must be signed in to change notification settings - Fork 33.2k
Closed
Closed
Copy link
Labels
3.11only security fixesonly security fixes3.12only security fixesonly security fixesinterpreter-core(Objects, Python, Grammar, and Parser dirs)(Objects, Python, Grammar, and Parser dirs)type-crashA hard crash of the interpreter, possibly with a core dumpA hard crash of the interpreter, possibly with a core dump
Description
The crash occurs while building the pikepdf documentation with Sphinx. Reproduce on Fedora 36 with these commands:
sudo dnf install qpdf-devel
python3.11 -m venv env
cd env
source ./bin/activate
python -m pip install IPython
python -m pip install sphinx sphinx_issues sphinx_design sphinx_rtd_theme
git clone https://github.com/pikepdf/pikepdf
cd pikepdf/
python -m pip install .
cd docs/
~/env/bin/sphinx-build . ../html
gdb traceback:
(gdb) py-bt
Traceback (most recent call first):
File "/home/vstinner/env/lib/python3.11/site-packages/pikepdf/_methods.py", line 798, in open
pdf._tmp_stream = tmp_stream
File "<ipython-input-5-851f84133ed8>", line 1, in <cell line: 0>
File "/home/vstinner/env/lib/python3.11/site-packages/IPython/core/interactiveshell.py", line 3398, in run_code
exec(code_obj, self.user_global_ns, self.user_ns)
File "/home/vstinner/env/lib/python3.11/site-packages/IPython/core/interactiveshell.py", line 3338, in run_ast_nodes
if await self.run_code(code, result, async_=asy):
(...)
(gdb) where
#0 0x00000000004a5af3 in _PyDictKeys_StringLookup (dk=0x0, key='_tmp_stream') at Objects/dictobject.c:1011
#1 0x00000000005805c1 in specialize_dict_access (owner=owner@entry=<pikepdf._qpdf.Pdf at remote 0x7fffdf2f35f0>, instr=instr@entry=0x1289664,
type=type@entry=0x11afa20, name=name@entry='_tmp_stream', values_op=values_op@entry=154, hint_op=hint_op@entry=159, base_op=95, kind=<optimized out>)
at Python/specialize.c:625
#2 0x0000000000580a42 in _Py_Specialize_StoreAttr (owner=<pikepdf._qpdf.Pdf at remote 0x7fffdf2f35f0>, instr=0x1289664, name='_tmp_stream')
at Python/specialize.c:813
#3 0x000000000041fbe7 in _PyEval_EvalFrameDefault (tstate=0x84d910 <_PyRuntime+166320>, frame=0x7ffff7fb51d0, throwflag=18545184) at Python/ceval.c:3597
#4 0x000000000053dc20 in _PyEval_EvalFrame (throwflag=0, frame=0x7ffff7fb5170, tstate=0x84d910 <_PyRuntime+166320>)
at ./Include/internal/pycore_ceval.h:73
(...)
Frame 0: crash in _PyDictKeys_StringLookup() because dk=NULL.
(gdb) frame 0
#0 0x00000000004a5af3 in _PyDictKeys_StringLookup (dk=0x0, key='_tmp_stream') at Objects/dictobject.c:1011
1011 if (!PyUnicode_CheckExact(key) || kind == DICT_KEYS_GENERAL) {
(gdb) l
1006 */
1007 Py_ssize_t
1008 _PyDictKeys_StringLookup(PyDictKeysObject* dk, PyObject *key)
1009 {
1010 DictKeysKind kind = dk->dk_kind;
1011 if (!PyUnicode_CheckExact(key) || kind == DICT_KEYS_GENERAL) {
1012 return DKIX_ERROR;
1013 }
1014 Py_hash_t hash = unicode_get_hash(key);
1015 if (hash == -1) {
(gdb) p dk
$10 = (PyDictKeysObject *) 0x0
Frame 1, specialize_dict_access(): call _PyDictKeys_StringLookup(NULL, name), keys is NULL:
(gdb) frame 1
#1 0x00000000005805c1 in specialize_dict_access (owner=owner@entry=<pikepdf._qpdf.Pdf at remote 0x7fffdf2f35f0>, instr=instr@entry=0x1289664,
type=type@entry=0x11afa20, name=name@entry='_tmp_stream', values_op=values_op@entry=154, hint_op=hint_op@entry=159, base_op=95, kind=<optimized out>)
at Python/specialize.c:625
(...)
622 // Virtual dictionary
623 PyDictKeysObject *keys = ((PyHeapTypeObject *)type)->ht_cached_keys;
624 assert(PyUnicode_CheckExact(name));
625 Py_ssize_t index = _PyDictKeys_StringLookup(keys, name);
(...)
(gdb) p type->tp_name
$7 = 0x11af850 "pikepdf._qpdf.Pdf"
(gdb) p type->tp_base->tp_name
$8 = 0x7fffe8614595 "pybind11_object"
(gdb) p ((PyHeapTypeObject *)type)->ht_cached_keys
$9 = (struct _dictkeysobject *) 0x0
Fedora bug report: https://bugzilla.redhat.com/show_bug.cgi?id=2118215
Metadata
Metadata
Assignees
Labels
3.11only security fixesonly security fixes3.12only security fixesonly security fixesinterpreter-core(Objects, Python, Grammar, and Parser dirs)(Objects, Python, Grammar, and Parser dirs)type-crashA hard crash of the interpreter, possibly with a core dumpA hard crash of the interpreter, possibly with a core dump
Projects
Status
Done