Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PyFrameObject.f_gen can be left pointing to a dangling generator #71999

Closed
arigo mannequin opened this issue Aug 20, 2016 · 2 comments
Closed

PyFrameObject.f_gen can be left pointing to a dangling generator #71999

arigo mannequin opened this issue Aug 20, 2016 · 2 comments
Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs)

Comments

@arigo
Copy link
Mannequin

arigo mannequin commented Aug 20, 2016

BPO 27812
Nosy @arigo
Files
  • patch2.diff
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2016-09-05.17:41:15.539>
created_at = <Date 2016-08-20.09:42:54.106>
labels = ['interpreter-core']
title = 'PyFrameObject.f_gen can be left pointing to a dangling generator'
updated_at = <Date 2016-09-05.17:41:15.537>
user = 'https://github.com/arigo'

    bugs.python.org fields:

    activity = <Date 2016-09-05.17:41:15.537>
actor = 'python-dev'
assignee = 'none'
closed = True
closed_date = <Date 2016-09-05.17:41:15.539>
closer = 'python-dev'
components = ['Interpreter Core']
creation = <Date 2016-08-20.09:42:54.106>
creator = 'arigo'
dependencies = []
files = ['44166']
hgrepos = []
issue_num = 27812
keywords = ['patch', 'needs review']
message_count = 2.0
messages = ['273200', '274410']
nosy_count = 2.0
nosy_names = ['arigo', 'python-dev']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue27812'
versions = ['Python 3.6']
    @arigo
    Copy link
    Mannequin Author

    arigo mannequin commented Aug 20, 2016

    PyFrameObject.f_gen is a pointer (not a reference) to a generator/coroutine object. But the latter doesn't always correctly clean it up when it dies. This pointer is used by frame.clear().

    Here is an example I made, which ends in a segfault. This example assumes we apply the patch of bpo-27811 first, otherwise it just crashes earlier in the same way as bpo-27811.

        # execute this with "python -Werror"
    import gc
    async def f():
        pass
    cr = f()
    frame = cr.cr_frame
    del cr
    gc.collect()
    # create some randomness to reuse the memory just freed by 'cr'
    import asyncio
    print("ping")
    frame.clear()

    Patch attached. No test, but you can copy the above example.

    @arigo arigo mannequin added the interpreter-core (Objects, Python, Grammar, and Parser dirs) label Aug 20, 2016
    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Sep 5, 2016

    New changeset 3e4452424f9b by Benjamin Peterson in branch '3.5':
    clear out f_gen during generator finalization (closes bpo-27812)
    https://hg.python.org/cpython/rev/3e4452424f9b

    New changeset 1d7a938b1e47 by Benjamin Peterson in branch 'default':
    merge 3.5 (bpo-27812)
    https://hg.python.org/cpython/rev/1d7a938b1e47

    @python-dev python-dev mannequin closed this as completed Sep 5, 2016
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    interpreter-core (Objects, Python, Grammar, and Parser dirs)
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    0 participants