René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"UBSan: runtime undefined behaviours when using `-fsanitize=undefined -fno-sanitize-recover`","articleBody":"# Bug report\n\n### Bug description:\n\nWe finally managed to fix gh-111178, but this is assuming that Python is compiled with `-fsanitize=function`. When compiling Python as follows (with clang 18.1.8):\n\n```sh\n./configure \\\n\t-q --with-pydebug \\\n\t--with-undefined-behavior-sanitizer \\\n\tCC=clang LD=clang \\\n\tCFLAGS=\"-fsanitize=undefined -fno-sanitize-recover\" \\\n\tLDFLAGS=\"-fsanitize=undefined -fno-sanitize-recover\"\n```\n\nwe still have some tests failing:\n\n- https://github.com/python/cpython/pull/131605#issuecomment-2779318764\n- https://github.com/python/cpython/pull/131605#issuecomment-2779323572 (cc @vstinner as the original author to gh-131674).\n\nOthers related to the second item above:\n\n\u003cdetails\u003e\n\n```\n0:00:56 load avg: 32.43 [448/486/3] test_xxtestfuzz worker non-zero exit code (Exit code 1) -- running (2): test.test_multiprocessing_spawn.test_processes (54.6 sec), test.test_multiprocessing_forkserver.test_processes (55.2 sec)\nModules/expat/xmlparse.c:6779:5: runtime error: call to function expat_default_handler through pointer to incorrect function type 'void (*)(void *, const char *, int)'\n/$HOME/lib/python/cpython/./Modules/_elementtree.c:3212: note: expat_default_handler defined here\nSUMMARY: UndefinedBehaviorSanitizer: undefined-behavior Modules/expat/xmlparse.c:6779:5\n```\n\n\u003c/details\u003e\n\nOthers on fautlhandler, but I'm not sure whether this is the UB that is being reported or something else:\n\n\u003cdetails\u003e\n\n```txt\n    #0 0x7ff4cf25f76b in raise (/lib64/libpthread.so.0+0x1676b) (BuildId: 938e42b7e407d175ee3ef9a89c038168101d330c)\n    #1 0x55776b2dc6f2 in faulthandler_raise_sigsegv /$HOME/lib/python/cpython/./Modules/faulthandler.c:1053:5\n    #2 0x55776b2dc6f2 in faulthandler_sigsegv /$HOME/lib/python/cpython/./Modules/faulthandler.c:1069:9\n    #3 0x55776b01e13d in cfunction_call /$HOME/lib/python/cpython/Objects/methodobject.c:562:18\n    #4 0x55776af71824 in _PyObject_MakeTpCall /$HOME/lib/python/cpython/Objects/call.c:242:18\n    #5 0x55776b1a4db0 in _PyEval_EvalFrameDefault /$HOME/lib/python/cpython/Python/generated_cases.c.h:1434:35\n    #6 0x55776b174755 in _PyEval_Vector /$HOME/lib/python/cpython/Python/ceval.c:1902:12\n    #7 0x55776b1744d9 in PyEval_EvalCode /$HOME/lib/python/cpython/Python/ceval.c:829:21\n    #8 0x55776b2956b3 in run_mod /$HOME/lib/python/cpython/Python/pythonrun.c:1436:19\n    #9 0x55776b292931 in _PyRun_StringFlagsWithName /$HOME/lib/python/cpython/Python/pythonrun.c:1259:15\n    #10 0x55776b292931 in _PyRun_SimpleStringFlagsWithName /$HOME/lib/python/cpython/Python/pythonrun.c:578:15\n    #11 0x55776b2d70e5 in pymain_run_command /$HOME/lib/python/cpython/Modules/main.c:255:11\n    #12 0x55776b2d70e5 in pymain_run_python /$HOME/lib/python/cpython/Modules/main.c:671:21\n    #13 0x55776b2d70e5 in Py_RunMain /$HOME/lib/python/cpython/Modules/main.c:761:5\n    #14 0x55776b2d7775 in pymain_main /$HOME/lib/python/cpython/Modules/main.c:791:12\n    #15 0x55776b2d7802 in Py_BytesMain /$HOME/lib/python/cpython/Modules/main.c:815:12\n    #16 0x7ff4cf03624c in __libc_start_main (/lib64/libc.so.6+0x3524c) (BuildId: 74f77bf013a66413c77197c121955e029c32d259)\n    #17 0x55776ae8dd49 in _start /home/abuild/rpmbuild/BUILD/glibc-2.31/csu/../sysdeps/x86_64/start.S:120\n\nUndefinedBehaviorSanitizer can not provide additional info.\nSUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib64/libpthread.so.0+0x1676b) (BuildId: 938e42b7e407d175ee3ef9a89c038168101d330c) in raise\n==9369==ABORTING\n```\n\n\u003c/details\u003e\n\nFinally, `test_regrtest` also fails but the test suite just hangs after crashing (but the UB seems to happen in a test related to XML so it's probably the same thing):\n\n\u003cdetails\u003e\n\n```\n0:01:16 load avg: 26.11 [485/486/5] test_regrtest failed (1 failure) (38.8 sec) -- running (1): test_socket (35.7 sec)\ntest test_regrtest failed -- Traceback (most recent call last):\n  File \"/$HOME/lib/python/cpython/Lib/test/test_regrtest.py\", line 2289, in test_xml\n    output = self.run_tests(testname, \"--junit-xml\", filename,\n                            exitcode=EXITCODE_BAD_TEST)\n  File \"/$HOME/lib/python/cpython/Lib/test/test_regrtest.py\", line 927, in run_tests\n    return self.run_python(cmdargs, **kw)\n           ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^\n  File \"/$HOME/lib/python/cpython/Lib/test/test_regrtest.py\", line 777, in run_python\n    proc = self.run_command(args, **kw)\n  File \"/$HOME/lib/python/cpython/Lib/test/test_regrtest.py\", line 768, in run_command\n    self.fail(msg)\n    ~~~~~~~~~^^^^^\nAssertionError: Command ['/$HOME/lib/python/cpython/python', '-X', 'faulthandler', '-I', '-m', 'test', '--testdir=/tmp/test_python_3mwd8cdm/tmpsfkk6fdz', 'test_regrtest_noop51', '--junit-xml', '@test_12395_tmpæ'] failed with exit code 1, but exit code 2 expected!\n\nstdout:\n---\nUsing random seed: 777580575\n0:00:00 load avg: 26.11 Run 1 test sequentially in a single process\n0:00:00 load avg: 26.11 [1/1] test_regrtest_noop51\ntest test_regrtest_noop51 failed -- Traceback (most recent call last):\n  File \"/tmp/test_python_3mwd8cdm/tmpsfkk6fdz/test_regrtest_noop51.py\", line 8, in test_failed\n    self.fail()\n    ~~~~~~~~~^^\nAssertionError: None\n\nStdout:\nabc ef\n\n\nStdout:\nabc ef\nModules/expat/xmlparse.c:3162:9: runtime error: call to function expat_start_handler through pointer to incorrect function type 'void (*)(void *, const char *, const char **)'\n/$HOME/lib/python/cpython/./Modules/_elementtree.c:3259: note: expat_start_handler defined here\nSUMMARY: UndefinedBehaviorSanitizer: undefined-behavior Modules/expat/xmlparse.c:3162:9\n\n---\n\n0:01:46 load avg: 16.11 running (1): test_socket (1 min 5 sec)\n^C\n```\n\n\u003c/details\u003e\n\n### CPython versions tested on:\n\nCPython main branch\n\n### Operating systems tested on:\n\nLinux\n\n\u003c!-- gh-linked-prs --\u003e\n### Linked PRs\n* gh-131605\n* gh-131665\n* gh-132265\n* gh-132398\n* gh-132406\n\u003c!-- /gh-linked-prs --\u003e\n","author":{"url":"https://github.com/picnixz","@type":"Person","name":"picnixz"},"datePublished":"2025-04-04T17:51:02.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":2},"url":"https://github.com/132097/cpython/issues/132097"}