> > #define SETLOCAL(i, value) do { PyObject *_t = GETLOCAL(i); \
> > GETLOCAL(i) = value; \
> > Py_XDECREF(_t); } while (0)
>
> That's the same fix Andrew and I had in mind. My concern is that
> this is probably not the only bug of this type. The trashcan
> mechanism changes the ordering of object deallocation. What are the
> chances of other bugs like this lurking somewhere?
I've been aware of this issue for a long time (since Don Beaudry first
pointed it out to me) and I've been pretty consistent in doing the
right thing for globals and for other things that I knew would be
accessible from outside. Too bad I missed this one, and you're right
that there could be others, but I don't know how to find them
systematically. Every DECREF call is suspect!
Fixing the GC to only run at specific times isn't enough -- as you
showed, you can exploit this by referencing the frame directly.
The only safe solution is banning __del__, or moving the calls to
__del__ to specific safe times (e.g. at the top of the VM switch).
--Guido van Rossum (home page: http://www.python.org/~guido/)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4