Closed
Description
Crash report
What happened?
It's possible to crash Python by simply calling the ._creturn_callback() or the ._ccall_callback() methods of the Profiler class in either _lsprof or cProfile.
from _lsprof import Profiler
Profiler()._creturn_callback()
Profiler()._ccall_callback()Backtrace looks like:
Program received signal SIGSEGV, Segmentation fault.
get_cfunc_from_callable (callable=0x0, self_arg=0x7ffff7bff710, missing=0x555555c53b80 <_PyInstrumentation_MISSING>) at ./Modules/_lsprof.c:628
628 if (PyCFunction_Check(callable)) {
(gdb) bt
#0 get_cfunc_from_callable (callable=0x0, self_arg=0x7ffff7bff710,
missing=0x555555c53b80 <_PyInstrumentation_MISSING>) at ./Modules/_lsprof.c:628
#1 0x00007ffff79dd610 in creturn_callback (self=0x7ffff7a91050, args=<optimized out>,
size=<optimized out>) at ./Modules/_lsprof.c:676
#2 0x000055555568f4b9 in method_vectorcall_FASTCALL (func=0x7ffff7aba630, args=0x7ffff7fb0078,
nargsf=<optimized out>, kwnames=<optimized out>) at Objects/descrobject.c:401
#3 0x000055555567ba55 in _PyObject_VectorcallTstate (tstate=0x555555cbbc70 <_PyRuntime+329232>,
callable=0x7ffff7aba630, args=0x7ffff7fb0078, nargsf=9223372036854775809, kwnames=0x0)
at ./Include/internal/pycore_call.h:167
#4 0x000055555567bb74 in PyObject_Vectorcall (callable=callable@entry=0x7ffff7aba630,
args=args@entry=0x7ffff7fb0078, nargsf=<optimized out>, kwnames=kwnames@entry=0x0)
at Objects/call.c:327
#5 0x0000555555827d24 in _PyEval_EvalFrameDefault (
tstate=tstate@entry=0x555555cbbc70 <_PyRuntime+329232>, frame=0x7ffff7fb0020,
throwflag=throwflag@entry=0) at Python/generated_cases.c.h:955
#6 0x0000555555852fb7 in _PyEval_EvalFrame (throwflag=0, frame=<optimized out>,
tstate=0x555555cbbc70 <_PyRuntime+329232>) at ./Include/internal/pycore_ceval.h:116
#7 _PyEval_Vector (tstate=tstate@entry=0x555555cbbc70 <_PyRuntime+329232>,
func=func@entry=0x7ffff7a46450, locals=locals@entry=0x7ffff7a55df0, args=args@entry=0x0,
argcount=argcount@entry=0, kwnames=kwnames@entry=0x0) at Python/ceval.c:1886
#8 0x0000555555853096 in PyEval_EvalCode (co=co@entry=0x7ffff7a58630,
globals=globals@entry=0x7ffff7a55df0, locals=locals@entry=0x7ffff7a55df0) at Python/ceval.c:662
#9 0x00005555559251f4 in run_eval_code_obj (tstate=tstate@entry=0x555555cbbc70 <_PyRuntime+329232>,
co=co@entry=0x7ffff7a58630, globals=globals@entry=0x7ffff7a55df0, locals=locals@entry=0x7ffff7a55df0)
at Python/pythonrun.c:1338Found using fusil by @vstinner.
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux, Windows
Output from running 'python -VV' on the command line:
No response
Linked PRs
- gh-126220: Adapt
_lsprofto Argument Clinic #126233 - gh-126220: Fix crash on calls to
_lsprof.Profilermethods with 0 args (backportable) #126271 - [3.13] gh-126220: Fix crash on calls to
_lsprof.Profilermethods with 0 args (backportable) (GH-126271) #126310 - [3.12] gh-126220: Fix crash on calls to
_lsprof.Profilermethods with 0 args (backportable) (GH-126271) #126311 - [3.13] gh-126220: Adapt
_lsprofto Argument Clinic (GH-126233) #126402
Metadata
Metadata
Assignees
Labels
only security fixesonly security fixesbugs and security fixesbugs and security fixesbugs and security fixesbugs and security fixesC modules in the Modules dirC modules in the Modules dirA hard crash of the interpreter, possibly with a core dumpA hard crash of the interpreter, possibly with a core dump