[Python-Dev] Re: Evil Trashcan and GC interaction

[Guido van Rossum]

> > #define SETLOCAL(i, value)	do { PyObject *_t = GETLOCAL(i); 	\
> > 				     GETLOCAL(i) = value;		\
> > 				     Py_XDECREF(_t); } while (0)
> 
> That's the same fix Andrew and I had in mind.  My concern is that
> this is probably not the only bug of this type.  The trashcan
> mechanism changes the ordering of object deallocation.  What are the
> chances of other bugs like this lurking somewhere?

I've been aware of this issue for a long time (since Don Beaudry first
pointed it out to me) and I've been pretty consistent in doing the
right thing for globals and for other things that I knew would be
accessible from outside.  Too bad I missed this one, and you're right
that there could be others, but I don't know how to find them
systematically.  Every DECREF call is suspect!

Fixing the GC to only run at specific times isn't enough -- as you
showed, you can exploit this by referencing the frame directly.

The only safe solution is banning __del__, or moving the calls to
__del__ to specific safe times (e.g. at the top of the VM switch).

--Guido van Rossum (home page: http://www.python.org/~guido/)