[Python-Dev] segfaults due to hash randomization in C OrderedDict

Eric Snow ericsnowcurrently at gmail.com
Fri May 22 02:12:45 CEST 2015

On Thu, May 21, 2015 at 5:55 PM, MRAB <python at mrabarnett.plus.com> wrote:
> I'm not looking at the use of "PyTuple_Pack". As I understand it,
> "PyTuple_Pack" borrows the
> references of the objects passed, and when the tuple itself is DECREFed,
> those objects will be

>From the docs [1] it seems that PyTuple_Pack does not steal any
references and it returns a new reference.  Perhaps you were thinking
of PyTuple_SetItem (and PyTuple_SET_ITEM)?

[1] https://docs.python.org/3.5//c-api/tuple.html

> "odict_reduce" calls "PyTuple_Pack", passing 1 or 2 references to Py_None
> which aren't INCREFed
> first, so could there be a bug there? (There might be similar issues in
> other functions.)

Alas, I don't think it is. :(

I'll point out that the configparser test in question does a lot of
resizes.  It may be that the problem only surfaces after many resizes
and apparently only for certain hash randomization seeds.  At the
moment I'm looking at how hash randomization impacts resizing.  I'm
certainly seeing that the resizes happen at different item counts
depending on the seed.


More information about the Python-Dev mailing list