From 2795e6c1c44c5572191de711cd2526dd1ec2f072 Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Sat, 12 Dec 2009 19:26:06 +0000 Subject: [PATCH] Merged revisions 76764 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit ................ r76764 | antoine.pitrou | 2009-12-12 20:18:27 +0100 (sam., 12 déc. 2009) | 12 lines Merged revisions 76763 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r76763 | antoine.pitrou | 2009-12-12 20:13:08 +0100 (sam., 12 déc. 2009) | 7 lines Issue #7466: segmentation fault when the garbage collector is called in the middle of populating a tuple. Patch by Florent Xicluna. (note: no NEWS entry for trunk since the bug was introduced in 2.7/3.1) ........ ................ --- Lib/test/test_tuple.py | 3 +++ Misc/NEWS | 3 +++ Objects/tupleobject.c | 3 ++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Lib/test/test_tuple.py b/Lib/test/test_tuple.py index c37adc2545..53065bb204 100644 --- a/Lib/test/test_tuple.py +++ b/Lib/test/test_tuple.py @@ -146,6 +146,9 @@ class TupleTest(seq_tests.CommonTest): pass self.check_track_dynamic(MyTuple, True) + def test_bug7466(self): + # Trying to untrack an unfinished tuple could crash Python + self._not_tracked(tuple(gc.collect() for i in range(101))) def test_main(): support.run_unittest(TupleTest) diff --git a/Misc/NEWS b/Misc/NEWS index d965a11d41..237558d272 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -12,6 +12,9 @@ What's New in Python 3.1.2? Core and Builtins ----------------- +- Issue #7466: segmentation fault when the garbage collector is called + in the middle of populating a tuple. Patch by Florent Xicluna. + - Issue #7419: setlocale() could crash the interpreter on Windows when called with invalid values. diff --git a/Objects/tupleobject.c b/Objects/tupleobject.c index 290107ad34..884174dca4 100644 --- a/Objects/tupleobject.c +++ b/Objects/tupleobject.c @@ -850,7 +850,8 @@ _PyTuple_Resize(PyObject **pv, Py_ssize_t newsize) /* XXX UNREF/NEWREF interface should be more symmetrical */ _Py_DEC_REFTOTAL; - _PyObject_GC_UNTRACK(v); + if (_PyObject_GC_IS_TRACKED(v)) + _PyObject_GC_UNTRACK(v); _Py_ForgetReference((PyObject *) v); /* DECREF items deleted by shrinkage */ for (i = newsize; i < oldsize; i++) { -- 2.40.0