[issue6990] threading.local subclasses don't cleanup their state and it gets recycled

Philip Jenvey report at bugs.python.org
Fri Sep 25 05:28:00 CEST 2009


New submission from Philip Jenvey <pjenvey at users.sourceforge.net>:

When threading.local subclasses are cleared during a reference cycle the 
local's internal key is nulled before the local is deallocated. That's a 
problem because local only deletes its state (ldicts) from threads 
during deallocation, and doesn't do so at all when its key is null.

So leaving ldicts around is one thing, but what's worse is they can be 
recycled by new local objects later -- since ldicts are mapped to 
threadstates by said key, and said key is based on the local's pointer. 
If a new local is malloced at the old one's address it can end up with 
the original's ldicts (depending on which thread it's allocated from).

Attached is a test against trunk showing this. Should we delete the 
ldicts during clear, recreate the key during dealloc, or something else?

----------
components: Interpreter Core
files: derived_local_cycle_dealloc.diff
keywords: patch
messages: 93099
nosy: amaury.forgeotdarc, pjenvey
severity: normal
status: open
title: threading.local subclasses don't cleanup their state and it gets recycled
type: security
versions: Python 2.4, Python 2.5, Python 2.6, Python 2.7, Python 3.0, Python 3.1, Python 3.2
Added file: http://bugs.python.org/file14969/derived_local_cycle_dealloc.diff

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue6990>
_______________________________________


More information about the Python-bugs-list mailing list