Memory corruption on deallocation of PARI objects #41477
Description
Steps To Reproduce
Running in docker container sagemath/sagemath:latest:
s = []
for v in [2, 3, 5, 7, 11]:
s.append(pari.addprimes(v))
print(s)
del sExpected Behavior
> sage test.sage
[[2], [2, 3], [2, 3, 5], [2, 3, 5, 7], [2, 3, 5, 7, 11]]
Actual Behavior
> sage test.sage
[[2], [2, 3], [2, 3, 5], [2, 3, 5, 7], [2, 3, 5, 7, 11]]
free(): double free detected in tcache 2
------------------------------------------------------------------------
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/python3.12/site-packages/cysignals/signals.cpython-312-x86_64-linux-gnu.so(+0x9894)[0x7bd3b3ce2894]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/python3.12/site-packages/cysignals/signals.cpython-312-x86_64-linux-gnu.so(+0x9956)[0x7bd3b3ce2956]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/python3.12/site-packages/cysignals/signals.cpython-312-x86_64-linux-gnu.so(+0x9ce7)[0x7bd3b3ce2ce7]
/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7bd3b40f3520]
/lib/x86_64-linux-gnu/libc.so.6(pthread_kill+0x12c)[0x7bd3b41479fc]
/lib/x86_64-linux-gnu/libc.so.6(raise+0x16)[0x7bd3b40f3476]
/lib/x86_64-linux-gnu/libc.so.6(abort+0xd3)[0x7bd3b40d97f3]
/lib/x86_64-linux-gnu/libc.so.6(+0x89677)[0x7bd3b413a677]
/lib/x86_64-linux-gnu/libc.so.6(+0xa0cfc)[0x7bd3b4151cfc]
/lib/x86_64-linux-gnu/libc.so.6(+0xa30ab)[0x7bd3b41540ab]
/lib/x86_64-linux-gnu/libc.so.6(free+0x73)[0x7bd3b4156453]
/home/sage/sage/local/lib/libpari-gmp-tls.so.9(gunclone+0xa7)[0x7bd3b14046e7]
/home/sage/sage/local/lib/libpari-gmp-tls.so.9(gunclone_deep+0x131)[0x7bd3b1404951]
/home/sage/sage/local/lib/libpari-gmp-tls.so.9(gunclone_deep+0x11e)[0x7bd3b140493e]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/python3.12/site-packages/cypari2/gen.cpython-312-x86_64-linux-gnu.so(+0xae18a)[0x7bd3b078d18a]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/libpython3.12.so.1.0(+0x18db84)[0x7bd3b446ab84]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/libpython3.12.so.1.0(+0x1a03a8)[0x7bd3b447d3a8]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/libpython3.12.so.1.0(_PyEval_EvalFrameDefault+0x87ef)[0x7bd3b43f15cf]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/libpython3.12.so.1.0(PyEval_EvalCode+0xb5)[0x7bd3b452fbf5]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/libpython3.12.so.1.0(+0x2a5a66)[0x7bd3b4582a66]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/libpython3.12.so.1.0(+0x2a5b75)[0x7bd3b4582b75]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/libpython3.12.so.1.0(+0x2a5c7f)[0x7bd3b4582c7f]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/libpython3.12.so.1.0(_PyRun_SimpleFileObject+0x135)[0x7bd3b4585b15]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/libpython3.12.so.1.0(_PyRun_AnyFileObject+0x3f)[0x7bd3b458615f]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/libpython3.12.so.1.0(Py_RunMain+0x9fc)[0x7bd3b45a9d9c]
/home/sage/sage/local/var/lib/sage/venv-python3.12.5/lib/libpython3.12.so.1.0(Py_BytesMain+0x5e)[0x7bd3b45aa27e]
/lib/x86_64-linux-gnu/libc.so.6(+0x29d90)[0x7bd3b40dad90]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80)[0x7bd3b40dae40]
python3(_start+0x25)[0x579bc9b96095]
------------------------------------------------------------------------
Attaching gdb to process id 650.
Additional Information
Note that on MacOS double free error won't be triggered since the libc is different. But the memory corruption still exists, we could use the following example to trigger it:
s = []
for v in [2, 3, 5, 7, 11]:
s.append(pari.addprimes(v))
print(s)
del s[0]
del s[0]
print(s)> sage test.sage
[[2], [2, 3], [2, 3, 5], [2, 3, 5, 7], [2, 3, 5, 7, 11]]
[[0000000000000000, 0000000000000000, 5], [0000000000000000, 0000000000000000, 5, 7], [0000000000000000, 0000000000000000, 5, 7, 11]]
Environment
- OS: Ubuntu 22.04
- Sage Version: SageMath version 10.8, Release Date: 2025-12-18
Checklist
- I have searched the existing issues for a bug report that matches the one I want to file, without success.
- I have read the documentation and troubleshoot guide