New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
collections.OrderedDict constructor (odict_new) doesn't handle PyDict_New() failure #69180
Comments
If PyDict_New() fails (ex: memory allocation failure), odict_new() returns a new OrderedDict with an exception set. It's a bug. Attached patch fixes it. odict_new() constructor also returns NULL without destroying the newly created object if _odict_initialize() fails. My patch also fixes this. My patch inlines _odict_initialize() into odict_new() and avoids useless initialization to 0. |
You can try the odict_failmalloc.py program with a Python compiled in debug mode to see the bug. The script requires: |
If don't initialize fields, then they will be not initialized in odict_dealloc, odict_tp_clear and odict_traverse. But _odict_FIRST(od) and od->od_weakreflist are used in these functions. I would allocate a dict for od_inst_dict before calling PyDict_Type.tp_new. An allocator can release GIL and call Python code, and at that moment the OrderedDict object is in inconsistent state. I already were fell in similar trap with lru_cache (bpo-14373, msg246573). |
Old code initialized all fields to zero (or NULL), like "_odict_FIRST(od) = NULL;". The type allocator fills the newly allocated with zeros. So setting fields again to zero is redundant (useless).
Yes, but the newly created object is not still private at this point, there is only one reference known in the C code. dict_new() has the same design. You can please elaborate the issue? We only give the reference to the caller when the newly created OrderedDict is fully initialized (consistent). |
See msg246573. PyDict_New() can trigger garbage collecting and traversing , |
Oooh ok, I understand. I updated my patch to implement your idea. |
@serhiy: Python 3.5 is impacted. Do you consider this bug serious enough to request a pull request in Larry's branch for Python 3.5.0? |
It looks to me as an ordinal bug and that is encountered only in special circumstances with small probability. I think it can wait for 3.5.1. |
Ok, I agree. What about the second patch, does it look ok? |
I left a nitpick. In any case the patch LGTM. |
New changeset ef1f5aebe1a6 by Victor Stinner in branch '3.5': |
Ok, fixed. I pushed my fix. Thanks for the review Serhiy. |
Is this something that we should ship in 3.5.0rc3? |
Yury wrote:
I don't think so. I agree with Serhiy who wrote:
It looks like the bug can only occurs in case of very low memory (an empty dict takes 1 KB or less) which is a rare use case. |
Thanks for taking care of this, Victor (and Serhiy). :) |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: