Issue 32322: Heap type with Py_TPFLAGS_HAVE_GC leads to segfault due to not incrementing type object refcout in PyObject_GC_New (original) (raw)
Issue32322
Created on 2017-12-14 14:44 by rkond, last changed 2022-04-11 14:58 by admin. This issue is now closed.
| Messages (5) | ||
|---|---|---|
| msg308302 - (view) | Author: Rostislav Kondratenko (rkond) | Date: 2017-12-14 14:44 |
| If one creates a type with both Py_TPFLAGS_HAVE_GC and Py_TPFLAGS_HEAPTYPE set and implemented, one has to create instances with PyObject_GC_New() per current docs: https://docs.python.org/3.7/c-api/gcsupport.html . However, PyObject_GC_New() unlike PyType_GenericAlloc() does not increment refcount of a type object. As the refcount is still decremented when instances are destroyed, it leads to steady drain on type object's refcount. Eventually it reaches zero and the type object gets deleted while there are still instances and references to it. And it usually results in crash after a number of instances (20-50 is usually enough) is created and destroyed. One should either update the docs to point that call to PyType_GenericAlloc() would be sufficient (as it would use _PyObject_GC_Malloc() and increment refcount when appropriate) or update _PyObject_GC_New() code to increment type object's refcount when the type is heap type. Or both. | ||
| msg395867 - (view) | Author: Irit Katriel (iritkatriel) *  |
Date: 2021-06-15 11:17 |
| Are you sure? It seems to me that they both incref the type object in _PyObject_Init: https://github.com/python/cpython/blob/689a84475e7b1da79d5ae82df67ab8897316f98c/Include/internal/pycore_object.h#L43 | ||
| msg395868 - (view) | Author: Irit Katriel (iritkatriel) * |
Date: 2021-06-15 11:18 |
| Do you still have the code that created the crash? It would help to understand what you are/were seeing. | ||
| msg395871 - (view) | Author: Rostislav Kondratenko (rkond) | Date: 2021-06-15 12:06 |
| Hello, I don't have that code, as I worked around that issue at the time. I checked with my project, using PyObject_GC_New works fine. It seems that since then the issue has been fixed at some point since 2017. Either that or I misinterpreted what was going on back then. I think we can safely close this issue. On Tue, 15 Jun 2021 at 14:18, Irit Katriel <report@bugs.python.org> wrote: > > Irit Katriel <iritkatriel@yahoo.com> added the comment: > > Do you still have the code that created the crash? It would help to > understand what you are/were seeing. > > ---------- > > _______________________________________ > Python tracker <report@bugs.python.org> > <https://bugs.python.org/issue32322> > _______________________________________ > | ||
| msg395872 - (view) | Author: Irit Katriel (iritkatriel) * |
Date: 2021-06-15 12:20 |
| Thanks! |
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:55 | admin | set | github: 76503 |
| 2021-06-15 12:20:57 | iritkatriel | set | status: open -> closedresolution: out of datemessages: + stage: resolved |
| 2021-06-15 12:06:55 | rkond | set | messages: + |
| 2021-06-15 11🔞28 | iritkatriel | set | messages: + |
| 2021-06-15 11:17:22 | iritkatriel | set | nosy: + iritkatrielmessages: + |
| 2017-12-14 14:44:07 | rkond | create |