Opened 8 years ago

Closed 8 years ago

# Double free in polybori

Reported by: Owned by: nbruin rlm critical sage-duplicate/invalid/wontfix memleak nbruin, jdemeyer Jeroen Demeyer N/A

### Description

```import gc
def test():
gc.collect()
sr = mq.SR(Integer(2),Integer(1),Integer(2),Integer(4),gf2=True,polybori=True)###line 25:_sage_    sage: sr = mq.SR(2,1,2,4,gf2=True,polybori=True)
gc.collect()
set_random_seed(Integer(1))###line 32:_sage_    sage: set_random_seed(1)
gc.collect()
F,s = sr.polynomial_system()###line 33:_sage_    sage: F,s = sr.polynomial_system()
gc.collect()
r2 = F.part(Integer(2)); r2###line 37:_sage_    sage: r2 = F.part(2); r2
gc.collect()
C = Sequence(r2).connected_components(); C###line 73:_sage_    sage: C = Sequence(r2).connected_components(); C
gc.collect()
C[Integer(0)].groebner_basis()###line 107:_sage_    sage: C[0].groebner_basis()
gc.collect()
A,v = Sequence(r2).coefficient_matrix()###line 112:_sage_    sage: A,v = Sequence(r2).coefficient_matrix()
gc.collect()
A.rank()###line 113:_sage_    sage: A.rank()
test()
```

The following causes:

```sage: test()
*** glibc detected *** python: double free or corruption (out): 0x000000000574bf00 ***
======= Backtrace: =========
/lib64/libc.so.6[0x31cfe7da76]
/lib64/libc.so.6[0x31cfe7ed5e]
/usr/local/sage/5.0/local/lib/python2.7/site-packages/sage/rings/polynomial/pbori.so(+0x7a2aa)[0x7f3e724bb2aa]
/usr/local/sage/5.0/local/lib/python2.7/site-packages/sage/rings/polynomial/pbori.so(+0x1c633)[0x7f3e7245d633]
/usr/local/sage/5.0/local/lib/libpython2.7.so.1.0(+0x1266f7)[0x7f3e996f56f7]
/usr/local/sage/5.0/local/lib/libpython2.7.so.1.0(+0x126e89)[0x7f3e996f5e89]
```

A traceback under GDB gives

```#0  0x00000031cfe36285 in raise () from /lib64/libc.so.6
#1  0x00000031cfe37b9b in abort () from /lib64/libc.so.6
#2  0x00000031cfe7774e in __libc_message () from /lib64/libc.so.6
#3  0x00000031cfe7da76 in malloc_printerr () from /lib64/libc.so.6
#4  0x00000031cfe7ed5e in _int_free () from /lib64/libc.so.6
#5  0x00007fffd0e5f2aa in Delete<polybori::groebner::ReductionStrategy> (mem=0x4c631b0) at /usr/local/sage/5.0/local/include/csage/ccobject.h:77
#6  __pyx_pf_4sage_5rings_10polynomial_5pbori_17ReductionStrategy_1__dealloc__ (__pyx_v_self=0x4c1a1d0) at sage/rings/polynomial/pbori.cpp:33393
#7  __pyx_tp_dealloc_4sage_5rings_10polynomial_5pbori_ReductionStrategy (o=0x4c1a1d0) at sage/rings/polynomial/pbori.cpp:46504
#8  0x00007fffd0e01633 in __pyx_tp_clear_4sage_5rings_10polynomial_5pbori_GroebnerStrategy (o=0x4c138c0) at sage/rings/polynomial/pbori.cpp:46766
#9  0x00007ffff7d4c6f7 in delete_garbage (old=0x7ffff7fe1f00, collectable=0x7fffffffc210) at Modules/gcmodule.c:769
#10 collect (generation=2) at Modules/gcmodule.c:930
#11 0x00007ffff7d4ce89 in gc_collect (self=<optimized out>, args=<optimized out>, kws=<optimized out>) at Modules/gcmodule.c:1067
```

so it should be pretty straightforward find the culprit.

Bug manifests itself on both sage 5.0 and sage 5.5beta2(unreleased).

### comment:1 Changed 8 years ago by nbruin

On #12313 there is a fix for an issue with `Delete<polybori::groebner::ReductionStrategy>`, so perhaps this ticket should be made dependent on that?

### comment:2 Changed 8 years ago by jpflori

• Status changed from new to needs_review

I think this one was indeed by #12313, wasn't it?

### comment:3 Changed 8 years ago by jdemeyer

• Milestone changed from sage-5.10 to sage-duplicate/invalid/wontfix
• Reviewers set to Jeroen Demeyer
• Status changed from needs_review to positive_review

### comment:4 Changed 8 years ago by jdemeyer

• Resolution set to duplicate
• Status changed from positive_review to closed
Note: See TracTickets for help on using tickets.