[New-bugs-announce] [issue2990] type cache updates might run cleanup code in an inconsistent state
Stefan Behnel
report at bugs.python.org
Wed May 28 13:07:18 CEST 2008
New submission from Stefan Behnel <scoder at users.sourceforge.net>:
Similar to the "decref before set" issue solved by Py_CLEAR(), the code
in typeobject.c calls DECREF in the middle of a cache update. This
leaves one cache entry in an invalid state during the DECREF call, which
might result in running cleanup code in this state. If this code depends
on an attribute lookup, this might lead to a cache lookup, which in turn
can access the infected part of the cache. In the worst case, such a
scenario can lead to a crash as it accesses an already cleaned-up object.
Here is a patch that fixes this.
----------
components: Interpreter Core
files: possible-decref-before-set-fix.patch
keywords: patch
messages: 67445
nosy: scoder
severity: normal
status: open
title: type cache updates might run cleanup code in an inconsistent state
type: behavior
versions: Python 2.6, Python 3.0
Added file: http://bugs.python.org/file10458/possible-decref-before-set-fix.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue2990>
_______________________________________
More information about the New-bugs-announce
mailing list