Created on 2009-10-07 21:10 by stutzbach, last changed 2010-05-17 20:01 by pitrou. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| file_close_test.patch | stutzbach, 2010-04-29 16:54 | Patch to add a test case that crashes Python 2.6 and trunk | ||
| file_close.patch | stutzbach, 2010-04-29 16:55 | Patch to fix the bug | ||
| Messages (5) | |||
|---|---|---|---|
| msg93723 - (view) | Author: Daniel Stutzbach (stutzbach)  |
Date: 2009-10-07 21:10 | |
I noticed that file_close() calls close_the_file(), then frees the
buffer for the file object. However, close_the_file() may fail and
return NULL if the file object is currently in use by another thread, in
which case freeing the buffer from underneath the C stdio library may
cause a crash.
Here's the relevant bit of code from fileobject.c:
static PyObject *
file_close(PyFileObject *f)
{
PyObject *sts = close_the_file(f);
PyMem_Free(f->f_setbuf);
f->f_setbuf = NULL;
return sts;
}
I think the two middle lines of the function should be wrapped in an "if
(sts)" block.
Attached is a short program that causes python to crash on two of my
systems (Windows XP running Python 2.6.3 and Debian running Python 2.5)
and a patch with my proposed fix.
I think Python 3 is immune because the I/O code has been completely
rewritten. I have not checked the Python 3 code to see if there are any
analogous problems in the new code, however.
|
|||
| msg104353 - (view) | Author: Antoine Pitrou (pitrou) * |
Date: 2010-04-27 20:10 | |
Your proposal looks reasonable. Two things: - your patch should include an unit test (see Lib/test/test_file2k.py) - fileobject.c should use tabs for indentation, not spaces And you're right, py3k doesn't have this problem. |
|||
| msg104539 - (view) | Author: Daniel Stutzbach (stutzbach) |
Date: 2010-04-29 16:57 | |
I reworked my test script into a unit test. Thanks for pointing me to test_file2k.py. I leveraged the infrastructure that was already there. I've also uploaded a new patch that uses tabs instead of spaces, to match the rest of fileobject.c. |
|||
| msg105932 - (view) | Author: Daniel Stutzbach (stutzbach) |
Date: 2010-05-17 19:11 | |
Is there anything more I can do to help get this crash-fix committed before 2.7 rc1? |
|||
| msg105933 - (view) | Author: Antoine Pitrou (pitrou) * |
Date: 2010-05-17 20:01 | |
Sorry, I had just forgotten. The patch has been committed in r81275 (trunk) and r81277 (2.6). Thank you: |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2010-05-17 20:01:29 | pitrou | set | status: open -> closed resolution: fixed messages: + msg105933 stage: patch review -> committed/rejected |
| 2010-05-17 19:11:45 | stutzbach | set | messages: + msg105932 |
| 2010-04-29 16:57:07 | stutzbach | set | messages:
+ msg104539 stage: test needed -> patch review |
| 2010-04-29 16:55:08 | stutzbach | set | files: + file_close.patch |
| 2010-04-29 16:54:48 | stutzbach | set | files: + file_close_test.patch |
| 2010-04-29 16:53:22 | stutzbach | set | files: - crash.py |
| 2010-04-29 16:53:17 | stutzbach | set | files: - fileobject.diff |
| 2010-04-27 20:10:16 | pitrou | set | nosy:
+ pitrou, tim_one messages: + msg104353 versions: - Python 2.5 |
| 2010-04-27 15:37:44 | stutzbach | set | assignee: gregory.p.smith -> stutzbach stage: patch review -> test needed |
| 2010-04-27 15:37:09 | stutzbach | set | keywords:
+ needs review stage: patch review |
| 2009-10-08 07:12:16 | gregory.p.smith | set | priority: high assignee: gregory.p.smith |
| 2009-10-08 01:38:32 | benjamin.peterson | set | nosy:
+ gregory.p.smith |
| 2009-10-07 21:11:21 | stutzbach | set | files: + crash.py |
| 2009-10-07 21:10:44 | stutzbach | create | |