From 2cf5d32fd9e61488e8b0be55a2e92a752ba8b06b Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Thu, 22 Nov 2018 16:32:57 +0100 Subject: [PATCH] bpo-9263: Fix _PyObject_Dump() for freed object (#10661) If _PyObject_Dump() detects that the object is freed, don't try to dump it (exit immediately). Enhance also _PyObject_IsFreed(): it now detects if the pointer itself looks like freed memory. --- Objects/object.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Objects/object.c b/Objects/object.c index 9d2614bb6d..c2d78aa47e 100644 --- a/Objects/object.c +++ b/Objects/object.c @@ -423,6 +423,10 @@ _Py_BreakPoint(void) int _PyObject_IsFreed(PyObject *op) { + uintptr_t ptr = (uintptr_t)op; + if (_PyMem_IsFreed(&ptr, sizeof(ptr))) { + return 1; + } int freed = _PyMem_IsFreed(&op->ob_type, sizeof(op->ob_type)); /* ignore op->ob_ref: the value can have be modified by Py_INCREF() and Py_DECREF(). */ @@ -448,6 +452,7 @@ _PyObject_Dump(PyObject* op) /* It seems like the object memory has been freed: don't access it to prevent a segmentation fault. */ fprintf(stderr, "\n"); + return; } PyGILState_STATE gil; -- 2.40.0