Skip to content

Segmentation fault when instantiating decimal.SignalDictMixin type #106263

New issue
New issue
Closed
Closed
Segmentation fault when instantiating decimal.SignalDictMixin type#106263
Labels
type-crashA hard crash of the interpreter, possibly with a core dump
@CharlieZhao95

Description

@CharlieZhao95
CharlieZhao95
opened on Jun 30, 2023

Crash report

The following code will causes a segmentation fault:

>>> import decimal
>>> tp = type(decimal.Context().flags)  # SignalDict type
>>> tp()  # Segmentation fault

This code instantiates an object of SignalDict type (inherited from the base class SignalDictMixin) and tries to print the contents of the object (use repr).

The problem is caused by the following C code, where the signaldict_repr function accesses a null pointer.

static int
signaldict_init(PyObject *self, PyObject *args UNUSED, PyObject *kwds UNUSED)
{
    SdFlagAddr(self) = NULL;
    return 0;
}
...
static PyObject *
signaldict_repr(PyObject *self)
{
    ...
    for (cm=signal_map, i=0; cm->name != NULL; cm++, i++) {
        n[i] = cm->fqname;
        // Access NULL pointer here
        b[i] = SdFlags(self)&cm->flag ? "True" : "False";
    }
    ...
}

Your environment

  • CPython versions tested on: 3.13.0.0a0, 3.10.2
  • Operating system and architecture: Ubuntu 22.04.1 LTS, Windows 11

Linked PRs

Metadata

Metadata

Assignees

No one assigned

    Labels

    type-crashA hard crash of the interpreter, possibly with a core dump

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions