[Patches] [ python-Patches-757997 ] Using __slots__ with str derived classes can cause segfault

SourceForge.net noreply@sourceforge.net
Fri, 20 Jun 2003 15:05:20 -0700


Patches item #757997, was opened at 2003-06-20 12:28
Message generated for change (Comment added) made by nnorwitz
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=757997&group_id=5470

Category: None
Group: None
Status: Open
Resolution: None
Priority: 7
Submitted By: John Ehresman (jpe)
Assigned to: Nobody/Anonymous (nobody)
Summary: Using __slots__ with str derived classes can cause segfault

Initial Comment:
The following results in a segfault on Linux with 2.3b1:
-------------------------
class StringDerived(str):
  __slots__ = ['a']
  def __init__(self, string):
    str.__init__(self, string)
    self.a = 1

class DerivedAgain(StringDerived):
  pass

o = DerivedAgain('hello world')
o.b = 2
--------------------------
Python 2.2.2 raises a TypeError when attempting to
derive a class from str with a non-empty __slots__,
maybe 2.3 should do the same?

I have no use case for deriving from str and defining
__slots__; I encountered the bug when writing test
cases for a debugger.

----------------------------------------------------------------------

>Comment By: Neal Norwitz (nnorwitz)
Date: 2003-06-20 18:05

Message:
Logged In: YES 
user_id=33168

Ain't testing grand.  Found a couple more problems.  Patch 2
is better, but I'm still not sure it's complete or correct.

I'm thinking the slot offset should be fixed when it's set,
rather than at each usage of the slot offset.

----------------------------------------------------------------------

Comment By: Neal Norwitz (nnorwitz)
Date: 2003-06-20 17:23

Message:
Logged In: YES 
user_id=33168

I think the problem is that strings are variable length. 
clear_slots() doesn't handle this condtion.  The attached
patch fixes the crash and works fine under valgrind, but I'm
not entirely sure it's correct.  Hopefully someone more
familiar with the TypeObject code can review this.

I'll add a test later.

----------------------------------------------------------------------

Comment By: Neal Norwitz (nnorwitz)
Date: 2003-06-20 13:18

Message:
Logged In: YES 
user_id=33168

unicode, list, and dict don't crash, only string.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=757997&group_id=5470