Message93723
I noticed that file_close() calls close_the_file(), then frees the
buffer for the file object. However, close_the_file() may fail and
return NULL if the file object is currently in use by another thread, in
which case freeing the buffer from underneath the C stdio library may
cause a crash.
Here's the relevant bit of code from fileobject.c:
static PyObject *
file_close(PyFileObject *f)
{
PyObject *sts = close_the_file(f);
PyMem_Free(f->f_setbuf);
f->f_setbuf = NULL;
return sts;
}
I think the two middle lines of the function should be wrapped in an "if
(sts)" block.
Attached is a short program that causes python to crash on two of my
systems (Windows XP running Python 2.6.3 and Debian running Python 2.5)
and a patch with my proposed fix.
I think Python 3 is immune because the I/O code has been completely
rewritten. I have not checked the Python 3 code to see if there are any
analogous problems in the new code, however. |
|
Date |
User |
Action |
Args |
2009-10-07 21:10:45 | stutzbach | set | recipients:
+ stutzbach |
2009-10-07 21:10:45 | stutzbach | set | messageid: <1254949845.61.0.606264060323.issue7079@psf.upfronthosting.co.za> |
2009-10-07 21:10:44 | stutzbach | link | issue7079 messages |
2009-10-07 21:10:43 | stutzbach | create | |
|