Issue24097
Created on 2015-05-01 14:05 by pkt, last changed 2015-11-25 16:37 by serhiy.storchaka. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| poc_getstate.py | pkt, 2015-05-01 14:05 | |||
| getstate_borrowed_ref.patch | pitrou, 2015-07-02 10:49 | |||
| test_issue24097.patch | serhiy.storchaka, 2015-07-19 21:12 | review | ||
| getstate_borrowed_ref_with_test-2.7.patch | serhiy.storchaka, 2015-11-03 16:51 | review | ||
| getstate_borrowed_ref_with_test-3.4.patch | serhiy.storchaka, 2015-11-03 16:52 | review | ||
| Messages (9) | |||
|---|---|---|---|
| msg242313 - (view) | Author: paul (pkt) | Date: 2015-05-01 14:05 | |
# Program received signal SIGSEGV, Segmentation fault. # 0x080f27b2 in PyObject_Hash (v=<unknown at remote 0x405720e4>) at Objects/object.c:746 # 746 if (tp->tp_hash != NULL) # (gdb) bt # #0 0x080f27b2 in PyObject_Hash (v=<unknown at remote 0x405720e4>) at Objects/object.c:746 # #1 0x080e1717 in PyDict_SetItem (op={}, key=<unknown at remote 0x405720e4>, value=None) at Objects/dictobject.c:1201 # #2 0x0810e8a0 in _PyObject_GetState (obj=<Y at remote 0x405731bc>) at Objects/typeobject.c:3657 # #3 0x081100e9 in reduce_2 (obj=<Y at remote 0x405731bc>) at Objects/typeobject.c:3949 # #4 0x08110551 in _common_reduce (self=<Y at remote 0x405731bc>, proto=2) at Objects/typeobject.c:4012 # #5 0x08110641 in object_reduce (self=<Y at remote 0x405731bc>, args=(2,)) at Objects/typeobject.c:4032 # # (gdb) frame 2 # #2 0x0810e8a0 in _PyObject_GetState (obj=<Y at remote 0x405731bc>) at Objects/typeobject.c:3657 # 3657 int err = PyDict_SetItem(slots, name, value); # (gdb) print *name # $1 = {_ob_next = 0xdbdbdbdb, _ob_prev = 0xdbdbdbdb, ob_refcnt = -606348325, ob_type = 0xdbdbdbdb} # # "name" is freed inside __getattr__ and is later used by PyDict_SetItem. |
|||
| msg246069 - (view) | Author: paul (pkt) | Date: 2015-07-02 10:26 | |
ping |
|||
| msg246070 - (view) | Author: Antoine Pitrou (pitrou) * | Date: 2015-07-02 10:48 | |
Thanks for the report. Here is a patch. |
|||
| msg246102 - (view) | Author: Benjamin Peterson (benjamin.peterson) * | Date: 2015-07-02 22:05 | |
lgtm |
|||
| msg246122 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) * | Date: 2015-07-03 03:15 | |
The fix LGTM. It would be nice to add a test. |
|||
| msg246949 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) * | Date: 2015-07-19 21:12 | |
Here is a test for this issue. |
|||
| msg254001 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) * | Date: 2015-11-03 16:49 | |
In 2.7 the test doesn't crash, but __reduce__ produces invalid recursive structure. |
|||
| msg254002 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) * | Date: 2015-11-03 16:51 | |
Here is backported to 2.7 patch with test. Can you review the test and commit the patch Antoine? |
|||
| msg255366 - (view) | Author: Roundup Robot (python-dev) | Date: 2015-11-25 16:36 | |
New changeset eed36e19f8b8 by Serhiy Storchaka in branch '3.4': Issue #24097: Fixed crash in object.__reduce__() if slot name is freed inside https://hg.python.org/cpython/rev/eed36e19f8b8 New changeset 99839a1c9c6d by Serhiy Storchaka in branch '3.5': Issue #24097: Fixed crash in object.__reduce__() if slot name is freed inside https://hg.python.org/cpython/rev/99839a1c9c6d New changeset 502465d22522 by Serhiy Storchaka in branch 'default': Issue #24097: Fixed crash in object.__reduce__() if slot name is freed inside https://hg.python.org/cpython/rev/502465d22522 New changeset 4a201d0d4d1e by Serhiy Storchaka in branch '2.7': Issue #24097: Fixed crash in object.__reduce__() if slot name is freed inside https://hg.python.org/cpython/rev/4a201d0d4d1e |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2015-11-25 16:37:39 | serhiy.storchaka | set | status: open -> closed resolution: fixed stage: patch review -> resolved |
| 2015-11-25 16:36:16 | python-dev | set | nosy:
+ python-dev messages: + msg255366 |
| 2015-11-03 16:52:04 | serhiy.storchaka | set | files: + getstate_borrowed_ref_with_test-3.4.patch |
| 2015-11-03 16:51:47 | serhiy.storchaka | set | files:
+ getstate_borrowed_ref_with_test-2.7.patch assignee: serhiy.storchaka -> pitrou messages: + msg254002 |
| 2015-11-03 16:49:21 | serhiy.storchaka | set | messages:
+ msg254001 versions: + Python 2.7 |
| 2015-11-03 16:37:59 | serhiy.storchaka | set | assignee: pitrou -> serhiy.storchaka |
| 2015-07-19 21:12:23 | serhiy.storchaka | set | files:
+ test_issue24097.patch messages:
+ msg246949 |
| 2015-07-03 03:15:35 | serhiy.storchaka | set | assignee: serhiy.storchaka -> pitrou messages: + msg246122 stage: patch review -> test needed |
| 2015-07-02 22:05:25 | benjamin.peterson | set | nosy:
+ benjamin.peterson messages: + msg246102 |
| 2015-07-02 10:49:41 | pitrou | set | files:
+ getstate_borrowed_ref.patch keywords: + patch |
| 2015-07-02 10:49:03 | pitrou | set | stage: needs patch -> patch review versions: + Python 3.6 |
| 2015-07-02 10:48:49 | pitrou | set | messages: + msg246070 |
| 2015-07-02 10:47:16 | serhiy.storchaka | set | assignee: serhiy.storchaka |
| 2015-07-02 10:26:50 | pkt | set | messages: + msg246069 |
| 2015-05-03 06:47:42 | Arfrever | set | nosy:
+ Arfrever |
| 2015-05-02 04:49:13 | serhiy.storchaka | set | nosy:
+ pitrou, alexandre.vassalotti, serhiy.storchaka |
| 2015-05-01 14:12:55 | christian.heimes | set | stage: needs patch components: + Extension Modules versions: + Python 3.5 |
| 2015-05-01 14:05:35 | pkt | create | |