[Python-Dev] pymalloc killer

[Martin v. Loewis]

Guido van Rossum <guido@python.org> writes:

> How about if the PyMem_Free guy saved the address of the vector before
> using it, and checked that it was still the same afterwards, *and* if
> the PyMem_Malloc guy didn't use realloc to resize the vector but
> copied it to a newly malloc'ed vector, stored the new vector's
> address, and then freed the old vector?

That doesn't really help. The code currently does

	((I) < narenas && (uptr)(P) - arenas[I] < (uptr)ARENA_SIZE)

So if the PyMem_Free thread blocks (yields by OS command) after
fetching arenas, but before fetching arenas[i], then the PyMem_Malloc
thread could still free the memory under it.

Regards,
Martin