Author methane
Recipients audric, methane, vstinner, xiang.zhang
Date 2017-02-04.08:03:21
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1486195401.97.0.144347293153.issue29438@psf.upfronthosting.co.za>
In-reply-to
Content
4385             int was_shared = cached == ((PyDictObject *)dict)->ma_keys;         
4386             res = PyDict_SetItem(dict, key, value);                             
4387             if (was_shared && cached != ((PyDictObject *)dict)->ma_keys) {      
4388                 /* PyDict_SetItem() may call dictresize and convert split table 
...
4401                  */                                                             
4402                 if (cached->dk_refcnt == 1) {                                   
4403                     CACHED_KEYS(tp) = make_keys_shared(dict);                   
4404                 }                                                               
4405                 else {                                                          
4406                     CACHED_KEYS(tp) = NULL;                                     
4407                 }

L4402 accessed free `cached` object.
At PyDict_SetItem() in L4386, some callback is called through weakref callback,
and the callback inserts something into this dict.  shared key object (cached) is freed.

So right way to fix it may be DK_INCREF() before PyDict_SetItem().
History
Date User Action Args
2017-02-04 08:03:21methanesetrecipients: + methane, vstinner, xiang.zhang, audric
2017-02-04 08:03:21methanesetmessageid: <1486195401.97.0.144347293153.issue29438@psf.upfronthosting.co.za>
2017-02-04 08:03:21methanelinkissue29438 messages
2017-02-04 08:03:21methanecreate