classification
Title: Refcounting error in compute_slice_indices in rangeobject.c
Type: crash Stage: resolved
Components: Interpreter Core Versions: Python 3.2, Python 3.3
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: ezio.melotti Nosy List: daniel.urban, dmalcolm, ezio.melotti, ncoghlan, python-dev, stutzbach
Priority: normal Keywords:

Created on 2011-04-14 19:50 by daniel.urban, last changed 2011-04-15 05:20 by ezio.melotti. This issue is now closed.

Files
File name Uploaded Description Edit
crash.py daniel.urban, 2011-04-14 19:50 Test script to reproduce the crash
Messages (3)
msg133766 - (view) Author: Daniel Urban (daniel.urban) * Date: 2011-04-14 19:50 
The attached crash.py script reliably crashes the 3.2 and 3.3 interpreter on my machine. The script does a lot of range slicing.

I think there is a typo in compute_slice_indices() in rangeobject.c, in line 475. In line 474 there is an assign to tmp_stop, and on the next line tmp_start is incref'd (I think instead of tmp_stop).

With this patch, the interpreter doesn't crash any more:

diff -r 7563f10275a2 Objects/rangeobject.c
--- a/Objects/rangeobject.c	Thu Apr 14 13:20:41 2011 +0800
+++ b/Objects/rangeobject.c	Thu Apr 14 21:40:32 2011 +0200
@@ -472,7 +472,7 @@
                     if (tmp_stop == NULL) goto Fail;
                 } else {
                     tmp_stop = r->length;
-                    Py_INCREF(tmp_start);
+                    Py_INCREF(tmp_stop);
                 }
             }
         }
msg133790 - (view) Author: Roundup Robot (python-dev) Date: 2011-04-15 05:19 
New changeset 8025fb83dece by Ezio Melotti in branch '3.2':
#11845: Fix typo in rangeobject.c that caused a crash in compute_slice_indices.  Patch by Daniel Urban.
http://hg.python.org/cpython/rev/8025fb83dece

New changeset 724e2e84a74f by Ezio Melotti in branch 'default':
#11845: Merge with 3.2.
http://hg.python.org/cpython/rev/724e2e84a74f
msg133791 - (view) Author: Ezio Melotti (ezio.melotti) * (Python committer) Date: 2011-04-15 05:20 
Fixed, thanks for the patch!
History
Date User Action Args
2011-04-15 05:20:43ezio.melottisetstatus: open -> closed

assignee: ezio.melotti

nosy: + ezio.melotti
messages: + msg133791
resolution: fixed
stage: resolved
2011-04-15 05:19:44python-devsetnosy: + python-dev
messages: + msg133790
2011-04-14 21:19:56stutzbachsetnosy: + stutzbach
2011-04-14 20:27:57dmalcolmsetnosy: + dmalcolm
2011-04-14 19:50:43daniel.urbancreate