[CONPY-72] Crash in Connector/Python's MrdbPool_dealloc Created: 2020-06-09  Updated: 2020-06-14  Resolved: 2020-06-14

Status: Closed
Project: MariaDB Connector/Python
Component/s: Generic
Affects Version/s: 1.0.0
Fix Version/s: 1.0.0

Type: Bug Priority: Blocker
Reporter: Geoff Montee (Inactive) Assignee: Georg Richter
Resolution: Fixed Votes: 0
Labels: crash

Attachments: File connection_pool_test.py    
Issue Links:
Relates
relates to CONPY-73 Error from connection pool: No more c... Closed

 Description   

I've attached a simple test program that crashes.

For example:

$ python3 ./connection_pool_test.py 
Segmentation fault (core dumped)

With gdb:

$ gdb python3
 
GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
 
Copyright (C) 2018 Free Software Foundation, Inc.
 
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
 
This is free software: you are free to change and redistribute it.
 
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
 
and "show warranty" for details.
 
This GDB was configured as "x86_64-linux-gnu".
 
Type "show configuration" for configuration details.
 
For bug reporting instructions, please see:
 
<http://www.gnu.org/software/gdb/bugs/>.
 
Find the GDB manual and other documentation resources online at:
 
<http://www.gnu.org/software/gdb/documentation/>.
 
For help, type "help".
 
Type "apropos word" to search for commands related to "word"...
 
Reading symbols from python3...Reading symbols from /usr/lib/debug/.build-id/5f/4de7b7974f514b4d5baf54bc956904a450c144.debug...done.
 
done.
 
(gdb) run ./connection_pool_test.py
 
Starting program: /usr/bin/python3 ./connection_pool_test.py
 
[Thread debugging using libthread_db enabled]
 
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
 
 
 
Program received signal SIGSEGV, Segmentation fault.
 
0x00007ffff5f356da in MrdbPool_dealloc (self=0x7ffff50b92f0) at src/mariadb_pooling.c:311
 
311	src/mariadb_pooling.c: No such file or directory.
 
(gdb) where
 
#0  0x00007ffff5f356da in MrdbPool_dealloc (self=0x7ffff50b92f0) at src/mariadb_pooling.c:311
 
#1  0x000000000055146f in type_call.lto_priv () at ../Objects/typeobject.c:918
 
#2  0x00000000005a9cbc in _PyObject_FastCallDict (kwargs=<optimized out>, nargs=0, args=0xaefb40, func=<type at remote 0x7ffff61411a0>) at ../Objects/tupleobject.c:131
 
#3  _PyObject_FastCallKeywords () at ../Objects/abstract.c:2496
 
#4  0x000000000050a5c3 in call_function.lto_priv () at ../Python/ceval.c:4875
 
#5  0x000000000050cd96 in _PyEval_EvalFrameDefault () at ../Python/ceval.c:3351
 
#6  0x0000000000509758 in PyEval_EvalFrameEx (throwflag=0, f=Frame 0xaef9b8, for file ./connection_pool_test.py, line 16, in create_connection_pool ()) at ../Python/ceval.c:754
 
#7  _PyFunction_FastCall (globals=<optimized out>, nargs=11467192, args=<optimized out>, co=<optimized out>) at ../Python/ceval.c:4933
 
#8  fast_function.lto_priv () at ../Python/ceval.c:4968
 
#9  0x000000000050a48d in call_function.lto_priv () at ../Python/ceval.c:4872
 
#10 0x000000000050bfb4 in _PyEval_EvalFrameDefault () at ../Python/ceval.c:3335
 
#11 0x0000000000507d64 in PyEval_EvalFrameEx (throwflag=0, f=Frame 0xae00f8, for file ./connection_pool_test.py, line 24, in <module> ()) at ../Python/ceval.c:754
 
#12 _PyEval_EvalCodeWithName.lto_priv.1820 () at ../Python/ceval.c:4166
 
#13 0x000000000050ae13 in PyEval_EvalCodeEx (closure=0x0, kwdefs=0x0, defcount=0, defs=0x0, kwcount=0, kws=0x0, argcount=0, args=0x0, locals=<optimized out>, globals=<optimized out>, _co=<optimized out>)
 
    at ../Python/ceval.c:4187
 
#14 PyEval_EvalCode (co=<optimized out>, globals=<optimized out>, locals=<optimized out>) at ../Python/ceval.c:731
 
#15 0x0000000000634c82 in run_mod () at ../Python/pythonrun.c:1025
 
#16 0x0000000000634d37 in PyRun_FileExFlags () at ../Python/pythonrun.c:978
 
#17 0x00000000006384ef in PyRun_SimpleFileExFlags () at ../Python/pythonrun.c:419
 
#18 0x00000000006386c5 in PyRun_AnyFileExFlags () at ../Python/pythonrun.c:81
 
#19 0x0000000000639091 in run_file (p_cf=0x7fffffffde5c, filename=<optimized out>, fp=<optimized out>) at ../Modules/main.c:340
 
#20 Py_Main () at ../Modules/main.c:810
 
#21 0x00000000004b0d00 in main (argc=2, argv=0x7fffffffe058) at ../Programs/python.c:69

This is with the following environment:

$ python3 --version
 
Python 3.6.9
 
$ cat /etc/os-release 
NAME="Ubuntu"
 
VERSION="18.04.4 LTS (Bionic Beaver)"
 
ID=ubuntu
 
ID_LIKE=debian
 
PRETTY_NAME="Ubuntu 18.04.4 LTS"
 
VERSION_ID="18.04"
 
HOME_URL="https://www.ubuntu.com/"
 
SUPPORT_URL="https://help.ubuntu.com/"
 
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
 
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
 
VERSION_CODENAME=bionic
 
UBUNTU_CODENAME=bionic

This occurred with MariaDB Connector/Python 1.0.0, which was installed via:

$ tar -xvzf mariadb-connector-python-1.0.0.tar.gz
 
$ pip3 install mariadb-1.0.0



 Comments   
Comment by Andrew Hutchings (Inactive) [ 2020-06-10 ]

I can reproduce this only when authentication fails. If the correct credentials are provided there is no crash.

Comment by Andrew Hutchings (Inactive) [ 2020-06-10 ]

Appears to be caused by dealloc function making the assuming that the self->connection array is full, but on error during init it doesn't get filled correctly.

Comment by Georg Richter [ 2020-06-14 ]

Ok, now I'm able to repeat the probem: The crash only occurs if authentication fails, since we don't decrese (Py_DECREF) the reference counter.

Generated at Thu Feb 08 03:30:02 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.