[issue14231] Fix or drop Lib/test/crashers/borrowed_ref_1.py
STINNER Victor
report at bugs.python.org
Fri Mar 9 01:05:37 CET 2012
New submission from STINNER Victor <victor.stinner at gmail.com>:
Lib/test/crashers/borrowed_ref_1.py contains the docstring:
"_PyType_Lookup() returns a borrowed reference.
This attacks the call in dictobject.c."
The file was added by Armin in 2006 by the changeset 4dd1a9383e47.
I just fixed #14211 which was a similar bug (Lib/test/crashers/borrowed_ref_2.py), but I'm unable to reproduce this one.
Extract of dict_subscript():
missing = _PyObject_LookupSpecial((PyObject *)mp, &PyId___missing__);
if (missing != NULL) {
res = PyObject_CallFunctionObjArgs(missing,
key, NULL);
Py_DECREF(missing);
return res;
}
I fail to see how missing can be destroyed before being used. Is it a problem that missing is destroyed while we are calling it?
How can I trigger the crash in gdb?
----------
components: Interpreter Core
messages: 155190
nosy: arigo, haypo
priority: normal
severity: normal
status: open
title: Fix or drop Lib/test/crashers/borrowed_ref_1.py
type: crash
versions: Python 3.3
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14231>
_______________________________________
More information about the Python-bugs-list
mailing list