Message 273200 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	arigo
Recipients	arigo
Date	2016-08-20.09:42:53
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1471686174.13.0.999892263925.issue27812@psf.upfronthosting.co.za>
In-reply-to

Content
PyFrameObject.f_gen is a pointer (not a reference) to a generator/coroutine object. But the latter doesn't always correctly clean it up when it dies. This pointer is used by frame.clear(). Here is an example I made, which ends in a segfault. This example assumes we apply the patch of issue27811 first, otherwise it just crashes earlier in the same way as issue27811. # execute this with "python -Werror" import gc async def f(): pass cr = f() frame = cr.cr_frame del cr gc.collect() # create some randomness to reuse the memory just freed by 'cr' import asyncio print("ping") frame.clear() Patch attached. No test, but you can copy the above example.

PyFrameObject.f_gen is a pointer (not a reference) to a generator/coroutine object.  But the latter doesn't always correctly clean it up when it dies.  This pointer is used by frame.clear().

Here is an example I made, which ends in a segfault.  This example assumes we apply the patch of issue27811 first, otherwise it just crashes earlier in the same way as issue27811.

    # execute this with "python -Werror"
    import gc
    async def f():
        pass
    cr = f()
    frame = cr.cr_frame
    del cr
    gc.collect()
    # create some randomness to reuse the memory just freed by 'cr'
    import asyncio
    print("ping")
    frame.clear()

Patch attached.  No test, but you can copy the above example.

History
Date	User	Action	Args
2016-08-20 09:42:54	arigo	set	recipients: + arigo
2016-08-20 09:42:54	arigo	set	messageid: <1471686174.13.0.999892263925.issue27812@psf.upfronthosting.co.za>
2016-08-20 09:42:54	arigo	link	issue27812 messages
2016-08-20 09:42:53	arigo	create