Message 350981 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	Mark.Shannon, christian.heimes, lukasz.langa, petr.viktorin, vstinner
Date	2019-09-02.10:57:54
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1567421875.09.0.150862416859.issue38006@roundup.psfhosted.org>
In-reply-to

Content
> I don't understand how the function ended up with func_code=NULL. That shouldn't be a valid function to call, IMO. Do you have any info on how the function ended up in that state? It doesn't seem possible to create a function with func_code=NULL, nor to set func_code to NULL. func_code can be be set to NULL by func_clear() which is called by func_dealloc(). I bet that func_clear() has been called since most func fields are set to NULL, which is consistent with: static int func_clear(PyFunctionObject *op) { Py_CLEAR(op->func_code); Py_CLEAR(op->func_globals); Py_CLEAR(op->func_module); Py_CLEAR(op->func_name); Py_CLEAR(op->func_defaults); Py_CLEAR(op->func_kwdefaults); Py_CLEAR(op->func_doc); Py_CLEAR(op->func_dict); Py_CLEAR(op->func_closure); Py_CLEAR(op->func_annotations); Py_CLEAR(op->func_qualname); return 0; } The question is how is it possible that a deallocated function is still accessed? It smells like a borrowed reference somewhere in the call chain.

> I don't understand how the function ended up with func_code=NULL. That shouldn't be a valid function to call, IMO. Do you have any info on how the function ended up in that state?

It doesn't seem possible to create a function with func_code=NULL, nor to set func_code to NULL. func_code can be be set to NULL by func_clear() which is called by func_dealloc().

I bet that func_clear() has been called since most func fields are set to NULL, which is consistent with:

static int
func_clear(PyFunctionObject *op)
{
    Py_CLEAR(op->func_code);
    Py_CLEAR(op->func_globals);
    Py_CLEAR(op->func_module);
    Py_CLEAR(op->func_name);
    Py_CLEAR(op->func_defaults);
    Py_CLEAR(op->func_kwdefaults);
    Py_CLEAR(op->func_doc);
    Py_CLEAR(op->func_dict);
    Py_CLEAR(op->func_closure);
    Py_CLEAR(op->func_annotations);
    Py_CLEAR(op->func_qualname);
    return 0;
}

The question is how is it possible that a deallocated function is still accessed? It smells like a borrowed reference somewhere in the call chain.

History
Date	User	Action	Args
2019-09-02 10:57:55	vstinner	set	recipients: + vstinner, christian.heimes, petr.viktorin, lukasz.langa, Mark.Shannon
2019-09-02 10:57:55	vstinner	set	messageid: <1567421875.09.0.150862416859.issue38006@roundup.psfhosted.org>
2019-09-02 10:57:55	vstinner	link	issue38006 messages
2019-09-02 10:57:54	vstinner	create