[Python-checkins] bpo-45813: Make sure that frame->generator is NULLed when generator is deallocated. (GH-29700)

markshannon webhook-mailer at python.org
Mon Nov 22 09:01:32 EST 2021


https://github.com/python/cpython/commit/7fd92a8b7ee5bed28c2681fa38e0a1e76200dd8e
commit: 7fd92a8b7ee5bed28c2681fa38e0a1e76200dd8e
branch: main
author: Mark Shannon <mark at hotpy.org>
committer: markshannon <mark at hotpy.org>
date: 2021-11-22T14:01:23Z
summary:

bpo-45813: Make sure that frame->generator is NULLed when generator is deallocated. (GH-29700)

files:
A Misc/NEWS.d/next/Core and Builtins/2021-11-22-11-28-13.bpo-45813.ZMaWE2.rst
M Lib/test/test_coroutines.py
M Objects/genobject.c
M Python/frame.c

diff --git a/Lib/test/test_coroutines.py b/Lib/test/test_coroutines.py
index 4350e185a247f..fc8b8bc9541eb 100644
--- a/Lib/test/test_coroutines.py
+++ b/Lib/test/test_coroutines.py
@@ -2191,6 +2191,13 @@ async def run_gen():
             return 'end'
         self.assertEqual(run_async(run_gen()), ([], 'end'))
 
+    def test_bpo_45813(self):
+        'This would crash the interpreter in 3.11a2'
+        async def f():
+            pass
+        frame = f().cr_frame
+        frame.clear()
+
 
 class CoroAsyncIOCompatTest(unittest.TestCase):
 
diff --git a/Misc/NEWS.d/next/Core and Builtins/2021-11-22-11-28-13.bpo-45813.ZMaWE2.rst b/Misc/NEWS.d/next/Core and Builtins/2021-11-22-11-28-13.bpo-45813.ZMaWE2.rst
new file mode 100644
index 0000000000000..65f64b11de0f7
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2021-11-22-11-28-13.bpo-45813.ZMaWE2.rst	
@@ -0,0 +1 @@
+Fix crash when calling coro.cr_frame.clear() after coroutine has been freed.
diff --git a/Objects/genobject.c b/Objects/genobject.c
index efd255d33f9be..c899ed6a82e30 100644
--- a/Objects/genobject.c
+++ b/Objects/genobject.c
@@ -134,6 +134,7 @@ gen_dealloc(PyGenObject *gen)
     InterpreterFrame *frame = gen->gi_xframe;
     if (frame != NULL) {
         gen->gi_xframe = NULL;
+        frame->generator = NULL;
         frame->previous = NULL;
         _PyFrame_Clear(frame, 1);
     }
diff --git a/Python/frame.c b/Python/frame.c
index 3d2415fee7097..a5c93eaaa5f37 100644
--- a/Python/frame.c
+++ b/Python/frame.c
@@ -99,6 +99,9 @@ take_ownership(PyFrameObject *f, InterpreterFrame *frame)
 int
 _PyFrame_Clear(InterpreterFrame * frame, int take)
 {
+    /* It is the responsibility of the owning generator/coroutine
+     * to have cleared the generator pointer */
+    assert(frame->generator == NULL);
     if (frame->frame_obj) {
         PyFrameObject *f = frame->frame_obj;
         frame->frame_obj = NULL;



More information about the Python-checkins mailing list