[issue6990] threading.local subclasses don't cleanup their state and it gets recycled
Philip Jenvey
report at bugs.python.org
Fri Sep 25 05:28:00 CEST 2009
New submission from Philip Jenvey <pjenvey at users.sourceforge.net>:
When threading.local subclasses are cleared during a reference cycle the
local's internal key is nulled before the local is deallocated. That's a
problem because local only deletes its state (ldicts) from threads
during deallocation, and doesn't do so at all when its key is null.
So leaving ldicts around is one thing, but what's worse is they can be
recycled by new local objects later -- since ldicts are mapped to
threadstates by said key, and said key is based on the local's pointer.
If a new local is malloced at the old one's address it can end up with
the original's ldicts (depending on which thread it's allocated from).
Attached is a test against trunk showing this. Should we delete the
ldicts during clear, recreate the key during dealloc, or something else?
----------
components: Interpreter Core
files: derived_local_cycle_dealloc.diff
keywords: patch
messages: 93099
nosy: amaury.forgeotdarc, pjenvey
severity: normal
status: open
title: threading.local subclasses don't cleanup their state and it gets recycled
type: security
versions: Python 2.4, Python 2.5, Python 2.6, Python 2.7, Python 3.0, Python 3.1, Python 3.2
Added file: http://bugs.python.org/file14969/derived_local_cycle_dealloc.diff
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue6990>
_______________________________________
More information about the Python-bugs-list
mailing list