何时将python池freeblock分配为0xffffffff

发布于 2025-01-22 07:53:13 字数 1539 浏览 0 评论 0原文

开发Python C模块时，我遇到了Python分割故障。调试后，事实证明，使用的池电流之一的FreeBlock设置为0xffffffff。

核心转储GDB帧：

(gdb) frame 0
#0  Py0bject_Malloc (nbytes=53) at../Objects/obmalloc.c:837
837 in ../Objects/obmalloc.c
(gdb) p bp
$6 = (block *) Oxffffffffffffffff <error: Cannot access memory at address Oxffffffffffffffff>

对于更好的彩色文本，仍然在此处提供GDB屏幕截图。

相对代码：

void *PyObject_Malloc(size_t nbytes) {
    ...

    /*
     * This implicitly redirects malloc(0).
     */
    if ((nbytes - 1) < SMALL_REQUEST_THRESHOLD) {
        LOCK();
        /*
         * Most frequent paths first
         */
        size = (uint)(nbytes - 1) >> ALIGNMENT_SHIFT;
        pool = usedpools[size + size];
        if (pool != pool->nextpool) {
            /*
             * There is a used pool for this size class.
             * Pick up the head block of its free list.
             */
            ++pool->ref.count;
            bp = pool->freeblock;
            assert(bp != NULL);
            if ((pool->freeblock = *(block **)bp) != NULL) {
                UNLOCK();
                return (void *)bp;
            }

    ...
}

A上面显示的是，它选择了池的FreeBlock（BP）指向BP为0xffffffffff的值，这违反了我们对Python内存管理的认知。

因此，问题是，何时何时和为什么使用0xffffffff分配了FreeBlock指针？

原文

I have met a Python Segmentation fault when developoing a python c module.
After debugging, it turns out that one of the pools current using has freeblock set to be 0xffffffff.

Core Dump gdb frames:

(gdb) frame 0
#0  Py0bject_Malloc (nbytes=53) at../Objects/obmalloc.c:837
837 in ../Objects/obmalloc.c
(gdb) p bp
$6 = (block *) Oxffffffffffffffff <error: Cannot access memory at address Oxffffffffffffffff>

for Better colored text, still provide gdb screen shots here.

Relative code:

void *PyObject_Malloc(size_t nbytes) {
    ...

    /*
     * This implicitly redirects malloc(0).
     */
    if ((nbytes - 1) < SMALL_REQUEST_THRESHOLD) {
        LOCK();
        /*
         * Most frequent paths first
         */
        size = (uint)(nbytes - 1) >> ALIGNMENT_SHIFT;
        pool = usedpools[size + size];
        if (pool != pool->nextpool) {
            /*
             * There is a used pool for this size class.
             * Pick up the head block of its free list.
             */
            ++pool->ref.count;
            bp = pool->freeblock;
            assert(bp != NULL);
            if ((pool->freeblock = *(block **)bp) != NULL) {
                UNLOCK();
                return (void *)bp;
            }

    ...
}

A above have shown, it pick value that pool's freeblock(bp) point to while bp is 0xffffffff which violates our cognization to python memory management.

So the question is, when and why, would the freeblock pointer have been assigned with 0xffffffff?

分享到QQ

分享到微博