[New-bugs-announce] [issue27812] PyFrameObject.f_gen can be left pointing to a dangling generator
Armin Rigo
report at bugs.python.org
Sat Aug 20 05:42:54 EDT 2016
New submission from Armin Rigo:
PyFrameObject.f_gen is a pointer (not a reference) to a generator/coroutine object. But the latter doesn't always correctly clean it up when it dies. This pointer is used by frame.clear().
Here is an example I made, which ends in a segfault. This example assumes we apply the patch of issue27811 first, otherwise it just crashes earlier in the same way as issue27811.
# execute this with "python -Werror"
import gc
async def f():
pass
cr = f()
frame = cr.cr_frame
del cr
gc.collect()
# create some randomness to reuse the memory just freed by 'cr'
import asyncio
print("ping")
frame.clear()
Patch attached. No test, but you can copy the above example.
----------
components: Interpreter Core
files: patch2.diff
keywords: needs review, patch
messages: 273200
nosy: arigo
priority: normal
severity: normal
status: open
title: PyFrameObject.f_gen can be left pointing to a dangling generator
versions: Python 3.6
Added file: http://bugs.python.org/file44166/patch2.diff
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27812>
_______________________________________
More information about the New-bugs-announce
mailing list