Issue 2990: type cache updates might run cleanup code in an inconsistent state (original) (raw)

Issue2990

Created on 2008-05-28 11:07 by scoder, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
possible-decref-before-set-fix.patch scoder,2008-05-28 11:07
Messages (5)
msg67445 - (view) Author: Stefan Behnel (scoder) * (Python committer) Date: 2008-05-28 11:07
Similar to the "decref before set" issue solved by Py_CLEAR(), the code in typeobject.c calls DECREF in the middle of a cache update. This leaves one cache entry in an invalid state during the DECREF call, which might result in running cleanup code in this state. If this code depends on an attribute lookup, this might lead to a cache lookup, which in turn can access the infected part of the cache. In the worst case, such a scenario can lead to a crash as it accesses an already cleaned-up object. Here is a patch that fixes this.
msg67450 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2008-05-28 15:57
Thanks, committed in r63760.
msg67480 - (view) Author: Armin Rigo (arigo) * (Python committer) Date: 2008-05-29 08:07
This was actually not a bug because the object being decref'ed is guaranteed to be exactly a string or None, as told in the comment about the 'name' field. So no user code could possibly run during this Py_DECREF() call.
msg67484 - (view) Author: Stefan Behnel (scoder) * (Python committer) Date: 2008-05-29 08:17
Ok, I buy that argument. The patch may be considered a code uglification then.
msg67495 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2008-05-29 14:35
Reverted in r63787.
History
Date User Action Args
2022-04-11 14:56:35 admin set github: 47239
2008-05-29 14:35:51 georg.brandl set messages: +
2008-05-29 08:17:16 scoder set messages: +
2008-05-29 08:07:15 arigo set nosy: + arigomessages: +
2008-05-28 15:57:16 georg.brandl set status: open -> closedresolution: acceptedmessages: + nosy: + georg.brandl
2008-05-28 11:07:17 scoder create