[ python-Bugs-839548 ] Bug in type's GC handling causes segfaults
SourceForge.net
noreply at sourceforge.net
Mon Nov 10 16:32:45 EST 2003
Bugs item #839548, was opened at 2003-11-10 21:32
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=839548&group_id=5470
Category: Python Interpreter Core
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Jim Fulton (dcjim)
Assigned to: Nobody/Anonymous (nobody)
Summary: Bug in type's GC handling causes segfaults
Initial Comment:
type has a bug in it's GC "clear" function, type_clear.
It sets tp->mro to NULL, but other code (especially
PyObject_GenericGetAttr) assumes that tp_mro cannot be
null.
A class participating in a cycle may have clear called
while there are still instances around. If someone
tries to do a getattr on such an instance, python will
crach with a segfault or with an assertion error.
A simple fix is for clear to set tp_mro to an empty tuple,
which breaks the cycle without breaking the invariant.
A patch is attached.
I encountered this in Zope 3 after adding a new
interface implementation that made heavy use of
weakrefs. Often Zope 3 would segfault when exiting.
The patch fixes this.
Unfortunately, I was not able, in the time available,
to come up with a simpler test case. :)
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=839548&group_id=5470
More information about the Python-bugs-list
mailing list