This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author twouters
Recipients Anthony Sottile, ammar2, christian.heimes, erlendaasland, miss-islington, pablogsal, paul.moore, shreyanavigyan, stestagg, steve.dower, tim.golden, twouters, vstinner, zach.ware
Date 2021-07-15.14:07:59
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1626358079.58.0.0315611449183.issue44184@roundup.psfhosted.org>
In-reply-to
Content
Reopening this issue, as there is another branch (for non-GC heaptypes) earlier in subtype_dealloc that I believe suffers from the same problem. Actually triggering the error in a test has been difficult because as far as I can tell it relies on garbage collection at the right time, but reading the code it seems clear it's problematic. I'll prepare a PR to fix it there.

I'm also reopening this issue because I believe it should've been backported to 3.9, and possibly 3.8 (if it's considered a security problem to get python to read and write freed memory). I found this issue in 3.9 while debugging a pybind11 crash. I'll backport after the other PR is in (or rejected).
History
Date User Action Args
2021-07-15 14:07:59twouterssetrecipients: + twouters, paul.moore, vstinner, christian.heimes, tim.golden, zach.ware, steve.dower, Anthony Sottile, ammar2, pablogsal, miss-islington, erlendaasland, stestagg, shreyanavigyan
2021-07-15 14:07:59twouterssetmessageid: <1626358079.58.0.0315611449183.issue44184@roundup.psfhosted.org>
2021-07-15 14:07:59twouterslinkissue44184 messages
2021-07-15 14:07:59twouterscreate