This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author stutzbach
Recipients stutzbach
Date 2009-10-07.21:10:43
SpamBayes Score 6.6878e-09
Marked as misclassified No
Message-id <1254949845.61.0.606264060323.issue7079@psf.upfronthosting.co.za>
In-reply-to
Content 
I noticed that file_close() calls close_the_file(), then frees the
buffer for the file object.  However, close_the_file() may fail and
return NULL if the file object is currently in use by another thread, in
which case freeing the buffer from underneath the C stdio library may
cause a crash.

Here's the relevant bit of code from fileobject.c:

static PyObject *
file_close(PyFileObject *f)
{
        PyObject *sts = close_the_file(f);
        PyMem_Free(f->f_setbuf);
        f->f_setbuf = NULL;
        return sts;
}

I think the two middle lines of the function should be wrapped in an "if
(sts)" block.

Attached is a short program that causes python to crash on two of my
systems (Windows XP running Python 2.6.3 and Debian running Python 2.5)
and a patch with my proposed fix.

I think Python 3 is immune because the I/O code has been completely
rewritten.  I have not checked the Python 3 code to see if there are any
analogous problems in the new code, however.
History
Date User Action Args
2009-10-07 21:10:45stutzbachsetrecipients: + stutzbach
2009-10-07 21:10:45stutzbachsetmessageid: <1254949845.61.0.606264060323.issue7079@psf.upfronthosting.co.za>
2009-10-07 21:10:44stutzbachlinkissue7079 messages
2009-10-07 21:10:43stutzbachcreate