Created on 2016-08-20 09:42 by arigo, last changed 2016-09-05 17:41 by python-dev. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| patch2.diff | arigo, 2016-08-20 09:42 | review | ||
| Messages (2) | |||
|---|---|---|---|
| msg273200 - (view) | Author: Armin Rigo (arigo) *  |
Date: 2016-08-20 09:42 | |
PyFrameObject.f_gen is a pointer (not a reference) to a generator/coroutine object. But the latter doesn't always correctly clean it up when it dies. This pointer is used by frame.clear(). Here is an example I made, which ends in a segfault. This example assumes we apply the patch of issue27811 first, otherwise it just crashes earlier in the same way as issue27811. # execute this with "python -Werror" import gc async def f(): pass cr = f() frame = cr.cr_frame del cr gc.collect() # create some randomness to reuse the memory just freed by 'cr' import asyncio print("ping") frame.clear() Patch attached. No test, but you can copy the above example. |
|||
| msg274410 - (view) | Author: Roundup Robot (python-dev)  |
Date: 2016-09-05 17:41 | |
New changeset 3e4452424f9b by Benjamin Peterson in branch '3.5': clear out f_gen during generator finalization (closes #27812) https://hg.python.org/cpython/rev/3e4452424f9b New changeset 1d7a938b1e47 by Benjamin Peterson in branch 'default': merge 3.5 (#27812) https://hg.python.org/cpython/rev/1d7a938b1e47 |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2016-09-05 17:41:15 | python-dev | set | status: open -> closed nosy: + python-dev messages: + msg274410 resolution: fixed stage: resolved |
| 2016-08-20 09:42:54 | arigo | create | |