[Patches] [ python-Patches-1546288 ] crash in dict_equal
SourceForge.net
noreply at sourceforge.net
Fri Aug 25 00:04:29 CEST 2006
Patches item #1546288, was opened at 2006-08-24 18:04
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1546288&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Core (C code)
Group: Python 2.5
Status: Open
Resolution: None
Priority: 8
Submitted By: Guido van Rossum (gvanrossum)
Assigned to: Neal Norwitz (nnorwitz)
Summary: crash in dict_equal
Initial Comment:
I initially found this bug in the py3k branch, but it's
reproducible in 2.5 as well (and probably older
versions as well, as long as they have dict_equal()).
It can be reproduced by using the attached patch to
test_mutants.py.
The problem is in this fragment in dict_equal():
PyObject *key = a->ma_table[i].me_key;
/* temporarily bump aval's refcount to ensure it stays
alive until we're done with it */
Py_INCREF(aval);
bval = PyDict_GetItem((PyObject *)b, key);
The problem is that the only reference to 'key' may be
in the hash table, and test_mutants.py removes it from
the hash table, apparently before the comparison code
is done with using it. The fix is to incref/decref key
around the GetItem call.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1546288&group_id=5470
More information about the Patches
mailing list