Message 346451 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	steve.dower
Recipients	Paul Monson, petr.viktorin, serge-sans-paille, steve.dower, vstinner
Date	2019-06-24.23:40:13
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1561419613.6.0.346268714937.issue37140@roundup.psfhosted.org>
In-reply-to

Content
> According to serge_sans_paille: if ``self->b_ptr`` contains pointer, the ``memcpy`` creates sharing, and this is dangerous: if a ``__del__`` happens to free the original pointer, we end up with a dangling reference in ``new_ptr``. As far as I can tell, this is what happens in the clang bindings code. We probably need a second parg->obj to keep self alive for as long as copied_self. Or pack it into a tuple. Having a repro test for this would be ideal, especially if we can make it happen (even crash) on all platforms. The double-free issue would seem to be real, and I don't want it to crash on Windows either.

> According to serge_sans_paille: if ``self->b_ptr`` contains pointer, the ``memcpy`` creates sharing, and this is dangerous: if a ``__del__`` happens to free the original pointer, we end up with a dangling reference in ``new_ptr``. As far as I can tell, this is what happens in the clang bindings code.

We probably need a second parg->obj to keep self alive for as long as copied_self. Or pack it into a tuple.

Having a repro test for this would be ideal, especially if we can make it happen (even crash) on all platforms. The double-free issue would seem to be real, and I don't want it to crash on Windows either.

History
Date	User	Action	Args
2019-06-24 23:40:13	steve.dower	set	recipients: + steve.dower, vstinner, petr.viktorin, serge-sans-paille, Paul Monson
2019-06-24 23:40:13	steve.dower	set	messageid: <1561419613.6.0.346268714937.issue37140@roundup.psfhosted.org>
2019-06-24 23:40:13	steve.dower	link	issue37140 messages
2019-06-24 23:40:13	steve.dower	create