[Python-Dev] Py_CLEAR to avoid crashes
Amaury Forgeot d'Arc
amauryfa at gmail.com
Mon Feb 18 17:48:57 CET 2008
Hello,
Neil Schemenauer wrote:
> Nick Coghlan <ncoghlan at gmail.com> wrote:
> > The problem is calls to Py_DECREF(self->attr) where some of the code
> > invoked by __del__ manages to find a way back around to reference
> > self->attr and gets access to a half-deleted object.
>
> Don't you mean "__del__ manages to find a way back around to self"?
> If so, how can that happen? If such a reference path exists, the
> reference count of self should not be zero. I don't understand why
> Py_CLEAR is necessary outside of tp_clear functions.
Of course we are speaking of different objects.
For example, in exception.c, BaseException_init() starts with the instruction:
Py_DECREF(self->args);
this may call __del__ on self->args, which can execute arbitrary
python code - including access to the now-invalid "args" member of the
exception.
class S:
def __del__(self):
print e.args
e = BaseException(1, S())
e.__init__("hello") # segfault
--
Amaury Forgeot d'Arc
More information about the Python-Dev
mailing list