Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some GC types can crash during destruction if a GC runs executes #95324

Closed
pablogsal opened this issue Jul 27, 2022 · 1 comment · Fixed by #95325
Closed

Some GC types can crash during destruction if a GC runs executes #95324

pablogsal opened this issue Jul 27, 2022 · 1 comment · Fixed by #95325
Labels
3.11 only security fixes type-bug An unexpected behavior, bug, or error

Comments

@pablogsal
Copy link
Member

pablogsal commented Jul 27, 2022
edited
Loading

We have been bitten a couple of times already if C extension types that implement the GC interface don't call PyObject_GC_UnTrack in their tp_dealloc slot. The last issue was #95045

Although this is technically not always an error (the tp_free slot untracks the object from the GC), if the GC executes during the deallocator is possible that it will see an object with 0 reference count.

To avoid this in the future, we should add a warning if this happens so we can fix it within CPython
@pablogsal pablogsal added the type-bug An unexpected behavior, bug, or error label Jul 27, 2022
@bedevere-bot bedevere-bot mentioned this issue Jul 27, 2022
Merged
@pablogsal pablogsal added the 3.11 only security fixes label Jul 27, 2022
pablogsal added a commit to pablogsal/cpython that referenced this issue Jul 27, 2022
@pablogsal
pythongh-95324: Emit a warning if an object doesn't call PyObject_GC_…
4079c2d 
…UnTrack during deallocation in debug mode
@bedevere-bot bedevere-bot mentioned this issue Jul 27, 2022
Merged
pablogsal added a commit that referenced this issue Jul 27, 2022
@pablogsal
gh-95324: Emit a warning if an object doesn't call PyObject_GC_UnTrac…
f40bc7f 
…k during deallocation in debug mode (#95325)
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jul 27, 2022
@pablogsal @miss-islington
pythongh-95324: Emit a warning if an object doesn't call PyObject_GC_…
50b709d 
…UnTrack during deallocation in debug mode (pythonGH-95325)

(cherry picked from commit f40bc7f)

Co-authored-by: Pablo Galindo Salgado <[email protected]>
pablogsal added a commit that referenced this issue Jul 27, 2022
@miss-islington @pablogsal
[3.11] gh-95324: Emit a warning if an object doesn't call PyObject_GC…
503a3a7 
…_UnTrack during deallocation in debug mode (GH-95325) (#95336)

Co-authored-by: Pablo Galindo Salgado <[email protected]>
@nascheme
Copy link
Member

Although this is technically not always an error (the tp_free slot untracks the object from the GC), if the GC executes during the deallocator is possible that it will see an object with 0 reference count.

Also, perhaps the object structure contains invalid pointers (created while running tp_dealloc) that can be traced by tp_traverse. So this warning is a good idea.

@byllyfish byllyfish mentioned this issue Dec 8, 2022
Closed
This was referenced Jan 27, 2023
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.11 only security fixes type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
2 participants
@nascheme @pablogsal