Author serhiy.storchaka
Recipients artem.smotrakov, serhiy.storchaka
Date 2017-04-20.11:06:38
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1492686398.88.0.0169138498773.issue29802@psf.upfronthosting.co.za>
In-reply-to
Content
Thank you for your report Artem.

But Modules/clinic/_struct.c.h is generated file, it shouldn't be manually edited. And clearing the cache doesn't solves the bug.

If _PyArg_ParseStack() failed it calls cache_struct_converter() for clearing s_object and jumps to the end of the function where s_object is decrefed second time. Yet one reference is left in the cache, but this is a hanging reference to deallocated object. Next call of struct.unpack() can retrieve that hanging reference and use it.

PR 1213 properly fixes this issue. It also fixes similar bug PyUnicode_FSDecoder(), but the latter is hardly reproducible since in the stdlib PyUnicode_FSDecoder() is used mostly for the last argument of a function.
History
Date User Action Args
2017-04-20 11:06:38serhiy.storchakasetrecipients: + serhiy.storchaka, artem.smotrakov
2017-04-20 11:06:38serhiy.storchakasetmessageid: <1492686398.88.0.0169138498773.issue29802@psf.upfronthosting.co.za>
2017-04-20 11:06:38serhiy.storchakalinkissue29802 messages
2017-04-20 11:06:38serhiy.storchakacreate