➜
This issue trackerhas been migrated toGitHub, and is currentlyread-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.
Created on2015-05-01 14:05 bypkt, last changed2022-04-11 14:58 byadmin. This issue is nowclosed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| poc_getstate.py | pkt,2015-05-01 14:05 | |||
| getstate_borrowed_ref.patch | pitrou,2015-07-02 10:49 | |||
| test_issue24097.patch | serhiy.storchaka,2015-07-19 21:12 | review | ||
| getstate_borrowed_ref_with_test-2.7.patch | serhiy.storchaka,2015-11-03 16:51 | review | ||
| getstate_borrowed_ref_with_test-3.4.patch | serhiy.storchaka,2015-11-03 16:52 | review | ||
| Messages (9) | |||
|---|---|---|---|
| msg242313 -(view) | Author: paul (pkt) | Date: 2015-05-01 14:05 | |
# Program received signal SIGSEGV, Segmentation fault.# 0x080f27b2 in PyObject_Hash (v=<unknown at remote 0x405720e4>) atObjects/object.c:746# 746 if (tp->tp_hash != NULL)# (gdb) bt# #0 0x080f27b2 in PyObject_Hash (v=<unknown at remote 0x405720e4>) atObjects/object.c:746# #1 0x080e1717 in PyDict_SetItem (op={}, key=<unknown at remote 0x405720e4>, value=None) atObjects/dictobject.c:1201# #2 0x0810e8a0 in _PyObject_GetState (obj=<Y at remote 0x405731bc>) atObjects/typeobject.c:3657# #3 0x081100e9 in reduce_2 (obj=<Y at remote 0x405731bc>) atObjects/typeobject.c:3949# #4 0x08110551 in _common_reduce (self=<Y at remote 0x405731bc>, proto=2) atObjects/typeobject.c:4012# #5 0x08110641 in object_reduce (self=<Y at remote 0x405731bc>, args=(2,)) atObjects/typeobject.c:4032# # (gdb) frame 2# #2 0x0810e8a0 in _PyObject_GetState (obj=<Y at remote 0x405731bc>) atObjects/typeobject.c:3657# 3657 int err = PyDict_SetItem(slots, name, value);# (gdb) print *name# $1 = {_ob_next = 0xdbdbdbdb, _ob_prev = 0xdbdbdbdb, ob_refcnt = -606348325, ob_type = 0xdbdbdbdb}# # "name" is freed inside __getattr__ and is later used by PyDict_SetItem. | |||
| msg246069 -(view) | Author: paul (pkt) | Date: 2015-07-02 10:26 | |
ping | |||
| msg246070 -(view) | Author: Antoine Pitrou (pitrou)* | Date: 2015-07-02 10:48 | |
Thanks for the report. Here is a patch. | |||
| msg246102 -(view) | Author: Benjamin Peterson (benjamin.peterson)* | Date: 2015-07-02 22:05 | |
lgtm | |||
| msg246122 -(view) | Author: Serhiy Storchaka (serhiy.storchaka)* | Date: 2015-07-03 03:15 | |
The fix LGTM.It would be nice to add a test. | |||
| msg246949 -(view) | Author: Serhiy Storchaka (serhiy.storchaka)* | Date: 2015-07-19 21:12 | |
Here is a test for this issue. | |||
| msg254001 -(view) | Author: Serhiy Storchaka (serhiy.storchaka)* | Date: 2015-11-03 16:49 | |
In 2.7 the test doesn't crash, but __reduce__ produces invalid recursive structure. | |||
| msg254002 -(view) | Author: Serhiy Storchaka (serhiy.storchaka)* | Date: 2015-11-03 16:51 | |
Here is backported to 2.7 patch with test. Can you review the test and commit the patch Antoine? | |||
| msg255366 -(view) | Author: Roundup Robot (python-dev) | Date: 2015-11-25 16:36 | |
New changeseteed36e19f8b8 by Serhiy Storchaka in branch '3.4':Issue#24097: Fixed crash in object.__reduce__() if slot name is freed insidehttps://hg.python.org/cpython/rev/eed36e19f8b8New changeset99839a1c9c6d by Serhiy Storchaka in branch '3.5':Issue#24097: Fixed crash in object.__reduce__() if slot name is freed insidehttps://hg.python.org/cpython/rev/99839a1c9c6dNew changeset502465d22522 by Serhiy Storchaka in branch 'default':Issue#24097: Fixed crash in object.__reduce__() if slot name is freed insidehttps://hg.python.org/cpython/rev/502465d22522New changeset4a201d0d4d1e by Serhiy Storchaka in branch '2.7':Issue#24097: Fixed crash in object.__reduce__() if slot name is freed insidehttps://hg.python.org/cpython/rev/4a201d0d4d1e | |||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:16 | admin | set | github: 68285 |
| 2015-11-25 16:37:39 | serhiy.storchaka | set | status: open -> closed resolution: fixed stage: patch review -> resolved |
| 2015-11-25 16:36:16 | python-dev | set | nosy: +python-dev messages: +msg255366 |
| 2015-11-03 16:52:04 | serhiy.storchaka | set | files: +getstate_borrowed_ref_with_test-3.4.patch |
| 2015-11-03 16:51:47 | serhiy.storchaka | set | files: +getstate_borrowed_ref_with_test-2.7.patch assignee:serhiy.storchaka ->pitrou messages: +msg254002 |
| 2015-11-03 16:49:21 | serhiy.storchaka | set | messages: +msg254001 versions: + Python 2.7 |
| 2015-11-03 16:37:59 | serhiy.storchaka | set | assignee:pitrou ->serhiy.storchaka |
| 2015-07-19 21:12:23 | serhiy.storchaka | set | files: +test_issue24097.patch messages: +msg246949 stage: test needed -> patch review |
| 2015-07-03 03:15:35 | serhiy.storchaka | set | assignee:serhiy.storchaka ->pitrou messages: +msg246122 stage: patch review -> test needed |
| 2015-07-02 22:05:25 | benjamin.peterson | set | nosy: +benjamin.peterson messages: +msg246102 |
| 2015-07-02 10:49:41 | pitrou | set | files: +getstate_borrowed_ref.patch keywords: +patch |
| 2015-07-02 10:49:03 | pitrou | set | stage: needs patch -> patch review versions: + Python 3.6 |
| 2015-07-02 10:48:49 | pitrou | set | messages: +msg246070 |
| 2015-07-02 10:47:16 | serhiy.storchaka | set | assignee:serhiy.storchaka |
| 2015-07-02 10:26:50 | pkt | set | messages: +msg246069 |
| 2015-05-03 06:47:42 | Arfrever | set | nosy: +Arfrever |
| 2015-05-02 04:49:13 | serhiy.storchaka | set | nosy: +pitrou,alexandre.vassalotti,serhiy.storchaka |
| 2015-05-01 14:12:55 | christian.heimes | set | stage: needs patch components: + Extension Modules versions: + Python 3.5 |
| 2015-05-01 14:05:35 | pkt | create | |