Message 46820 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ddorfman
Recipients
Date	2004-09-01.05:35:35
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
The Py_CLEAR macro was introduced to make it less tempting to write incorrect code in the form Py_DECREF(self->field); self->field = NULL; because that can expose a half-destroyed object if deallocation can cause self->field to be read. This patch fixes mistakes like this that still exist in the core. Only cases that are potentially dangerous are fixed in this patch. If self->field can only reference a special kind of [builtin] object, then it's just a style bug because we know that the builtin object isn't evil. Likewise if the code is operating on an automatic variable. It might be nice to fix those style bugs anyway, to discourage the broken idiom. Just for kicks, here's a way to use this bug in reversed to crash the interpreter: import array, gc, weakref a = array.array('c') wr = weakref.ref(a, lambda _: gc.get_referents(rev)) rev = reversed(a) del a list(rev) For me, this crashes immediately with a debug build and after a couple tries otherwise. Also attached is clearcand.py to help find these cases. It's not comprehensive, but it's a start. Usage: $ find src -name '*.c' \| python clearcand.py \| fgrep -- '->' The patch requires SF #1020185 to be applied for genobject.c to compile without warnings.

The Py_CLEAR macro was introduced to make it less tempting
to write incorrect code in the form

  Py_DECREF(self->field);
  self->field = NULL;

because that can expose a half-destroyed object if
deallocation can cause self->field to be read. This patch
fixes mistakes like this that still exist in the core.

Only cases that are potentially dangerous are fixed in this
patch. If self->field can only reference a special kind of
[builtin] object, then it's just a style bug because we know
that the builtin object isn't evil. Likewise if the code is
operating on an automatic variable. It might be nice to fix
those style bugs anyway, to discourage the broken idiom.


Just for kicks, here's a way to use this bug in reversed to
crash the interpreter:

  import array, gc, weakref
  a = array.array('c')
  wr = weakref.ref(a, lambda _: gc.get_referents(rev))
  rev = reversed(a)
  del a
  list(rev)

For me, this crashes immediately with a debug build and
after a couple tries otherwise.


Also attached is clearcand.py to help find these cases. It's
not comprehensive, but it's a start. Usage:

  $ find src -name '*.c' | python clearcand.py | fgrep -- '->'


The patch requires SF #1020185 to be applied for genobject.c
to compile without warnings.

History
Date	User	Action	Args
2007-08-23 15:39:40	admin	link	issue1020188 messages
2007-08-23 15:39:40	admin	create