mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-31 14:07:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

bpo-42015: Reorder dereferencing calls in meth_dealloc, to make sure m_self is kept alive long enough (GH-22670)

Browse source 
(cherry picked from commit 04b8631d84)

Co-authored-by: Yannick Jadoul <yannick.jadoul@belgacom.net>
This commit is contained in:
Miss Skeleton (bot) 2020-10-12 14:29:01 -07:00 committed by GitHub
parent 85d59644d9
commit 8a12503b45
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Misc/NEWS.d/next/C API/2020-10-12-20-13-58.bpo-42015.X4H2_V.rst Normal file
View file

@ -0,0 +1,3 @@
Fix potential crash in deallocating method objects when dynamically
allocated `PyMethodDef`'s lifetime is managed through the ``self``
argument of a `PyCFunction`.

6
Objects/methodobject.c
View file

@ -164,9 +164,11 @@ meth_dealloc(PyCFunctionObject *m)
if (m->m_weakreflist != NULL) { if (m->m_weakreflist != NULL) {
PyObject_ClearWeakRefs((PyObject*) m); PyObject_ClearWeakRefs((PyObject*) m);
} }
// Dereference class before m_self: PyCFunction_GET_CLASS accesses
// PyMethodDef m_ml, which could be kept alive by m_self
Py_XDECREF(PyCFunction_GET_CLASS(m));
Py_XDECREF(m->m_self); Py_XDECREF(m->m_self);
Py_XDECREF(m->m_module); Py_XDECREF(m->m_module);
Py_XDECREF(PyCFunction_GET_CLASS(m));
PyObject_GC_Del(m); PyObject_GC_Del(m);
} }
@ -243,9 +245,9 @@ meth_get__qualname__(PyCFunctionObject *m, void *closure)
static int static int
meth_traverse(PyCFunctionObject *m, visitproc visit, void *arg) meth_traverse(PyCFunctionObject *m, visitproc visit, void *arg)
{ {
Py_VISIT(PyCFunction_GET_CLASS(m));
Py_VISIT(m->m_self); Py_VISIT(m->m_self);
Py_VISIT(m->m_module); Py_VISIT(m->m_module);
Py_VISIT(PyCFunction_GET_CLASS(m));
return 0; return 0;
} }