[issue12149] Segfault in _PyObject_GenericGetAttrWithDict

Davide Rizzo report at bugs.python.org
Wed Jul 6 01:14:42 CEST 2011


Davide Rizzo <sorcio at gmail.com> added the comment:

Looking through Antoine's example code. When garbage is collected, the subtype and its tp_dict are cleared before the instance object itself. When the dict is cleared as part of the garbage collection, the methods get deallocated but the method cache is not updated. That way the lookup for the "close" method results in a cache hit for an invalid pointer.

I'm not at all knowledgeable to understand whether it is right for the type dictionary to be cleared before instances of that type (then either the finalizer for IOBase should work around this case, or the cache should be updated beforehand), or there is something to be done to ensure a correct clearing order.

Also I can't think of any other example of a C type, inheritable from Python code, that calls another method in the destructor: is this specific to IO? Please note that the example code fails even when inheriting from the C type directly (_io._IOBase).

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue12149>
_______________________________________


More information about the Python-bugs-list mailing list