classification
Title: file_close() ignores return value of close_the_file
Type: crash Stage:
Components: Interpreter Core, IO Versions: Python 2.7, Python 2.6, Python 2.5
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: gregory.p.smith Nosy List: gregory.p.smith, stutzbach (2)
Priority: high Keywords patch

Created on 2009-10-07 21:10 by stutzbach, last changed 2009-10-08 07:12 by gregory.p.smith.

Files
File name Uploaded Description Edit Remove
fileobject.diff stutzbach, 2009-10-07 21:10 Patch to file_close to respect the return value of close_the_file
crash.py stutzbach, 2009-10-07 21:11 Program to crash Python 2.x
Messages (1)
msg93723 - (view) Author: Daniel Stutzbach (stutzbach) Date: 2009-10-07 21:10 
I noticed that file_close() calls close_the_file(), then frees the
buffer for the file object.  However, close_the_file() may fail and
return NULL if the file object is currently in use by another thread, in
which case freeing the buffer from underneath the C stdio library may
cause a crash.

Here's the relevant bit of code from fileobject.c:

static PyObject *
file_close(PyFileObject *f)
{
        PyObject *sts = close_the_file(f);
        PyMem_Free(f->f_setbuf);
        f->f_setbuf = NULL;
        return sts;
}

I think the two middle lines of the function should be wrapped in an "if
(sts)" block.

Attached is a short program that causes python to crash on two of my
systems (Windows XP running Python 2.6.3 and Debian running Python 2.5)
and a patch with my proposed fix.

I think Python 3 is immune because the I/O code has been completely
rewritten.  I have not checked the Python 3 code to see if there are any
analogous problems in the new code, however.
History
Date User Action Args
2009-10-08 07:12:16gregory.p.smithsetpriority: high
assignee: gregory.p.smith
2009-10-08 01:38:32benjamin.petersonsetnosy: + gregory.p.smith
2009-10-07 21:11:21stutzbachsetfiles: + crash.py
2009-10-07 21:10:44stutzbachcreate