Title: dict creation failure causes crash
Type: Stage:
Components: Versions: Python 3.0, Python 2.6
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: georg.brandl, rupole
Priority: normal Keywords: patch

Created on 2008-08-10 18:10 by rupole, last changed 2008-08-11 09:08 by georg.brandl. This issue is now closed.

File name Uploaded Description Edit
dictobj.diff georg.brandl, 2008-08-10 18:47
Messages (4)
msg70990 - (view) Author: Roger Upole (rupole) Date: 2008-08-10 18:10
If the first item can't be inserted the interpreter will crash 

while 1:
		d = { 'a':a,

As best I can tell, this only happens for the first item.
In a debug build, this assert fails on the second time thru
the loop (dictobject.c, line 247):
		assert (mp->ma_table == mp->ma_smalltable);

Apparently something is leaving one of the entries in the list
of preallocated dict objects in an inconsistent state.
msg70991 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2008-08-10 18:32
Also happens in trunk.
msg70992 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2008-08-10 18:47
The problem is that PyDict_New doesn't reinitialize the fields of a dict
from the free list when the number of entries is zero. For a
preconstructed dict (like created by BUILD_MAP) of size >=8, however,
there will be an allocated ma_table and ma_mask will be 16-1, not 8-1.

I propose the attached patch.
msg71004 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2008-08-11 09:08
Applied and added test in r65637.
Date User Action Args
2008-08-11 09:08:20georg.brandlsetstatus: open -> closed
resolution: fixed
messages: + msg71004
2008-08-10 18:47:24georg.brandlsetfiles: + dictobj.diff
keywords: + patch
messages: + msg70992
2008-08-10 18:32:51georg.brandlsetnosy: + georg.brandl
messages: + msg70991
versions: + Python 2.6
2008-08-10 18:10:23rupolecreate