[Python-Dev] segfaults due to hash randomization in C OrderedDict
MRAB
python at mrabarnett.plus.com
Fri May 22 02:22:41 CEST 2015
On 2015-05-22 01:12, Eric Snow wrote:
> On Thu, May 21, 2015 at 5:55 PM, MRAB <python at mrabarnett.plus.com> wrote:
> > I'm not looking at the use of "PyTuple_Pack". As I understand it,
> > "PyTuple_Pack" borrows the
> > references of the objects passed, and when the tuple itself is DECREFed,
> > those objects will be
> > DECREFed
>
> >From the docs [1] it seems that PyTuple_Pack does not steal any
> references and it returns a new reference. Perhaps you were thinking
> of PyTuple_SetItem (and PyTuple_SET_ITEM)?
>
> [1] https://docs.python.org/3.5//c-api/tuple.html
>
> >
> > "odict_reduce" calls "PyTuple_Pack", passing 1 or 2 references to Py_None
> > which aren't INCREFed
> > first, so could there be a bug there? (There might be similar issues in
> > other functions.)
>
> Alas, I don't think it is. :(
I'd come to the same conclusion.
Oh, well, I'll keep looking...
> I'll point out that the configparser test in question does a lot of
> resizes. It may be that the problem only surfaces after many resizes
> and apparently only for certain hash randomization seeds. At the
> moment I'm looking at how hash randomization impacts resizing. I'm
> certainly seeing that the resizes happen at different item counts
> depending on the seed.
>
More information about the Python-Dev
mailing list