From 84f1b1718da7fcbb8b8d255c166ef1ec0e03cd21 Mon Sep 17 00:00:00 2001
From: Antoine Pitrou <solipsis@pitrou.net>
Date: Tue, 12 Jul 2011 21:57:15 +0200
Subject: Issue #12149: Update the method cache after a type's dictionnary gets
 cleared by the garbage collector.  This fixes a segfault when an instance and
 its type get caught in a reference cycle, and the instance's deallocator
 calls one of the methods on the type (e.g. when subclassing IOBase).

Diagnosis and patch by Davide Rizzo.
---
 Lib/test/test_io.py  | 19 ++++++++++++++++++-
 Misc/ACKS            |  1 +
 Misc/NEWS            |  6 ++++++
 Objects/typeobject.c |  2 ++
 4 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/Lib/test/test_io.py b/Lib/test/test_io.py
index cfd4583..39fda2b 100644
--- a/Lib/test/test_io.py
+++ b/Lib/test/test_io.py
@@ -611,7 +611,24 @@ class IOTest(unittest.TestCase):
         self.assertEqual(rawio.read(2), b"")
 
 class CIOTest(IOTest):
-    pass
+
+    def test_IOBase_finalize(self):
+        # Issue #12149: segmentation fault on _PyIOBase_finalize when both a
+        # class which inherits IOBase and an object of this class are caught
+        # in a reference cycle and close() is already in the method cache.
+        class MyIO(self.IOBase):
+            def close(self):
+                pass
+
+        # create an instance to populate the method cache
+        MyIO()
+        obj = MyIO()
+        obj.obj = obj
+        wr = weakref.ref(obj)
+        del MyIO
+        del obj
+        support.gc_collect()
+        self.assertTrue(wr() is None, wr)
 
 class PyIOTest(IOTest):
     pass
diff --git a/Misc/ACKS b/Misc/ACKS
index 45b4042..625317d 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -736,6 +736,7 @@ Armin Rigo
 Nicholas Riley
 Jean-Claude Rimbault
 Juan M. Bello Rivas
+Davide Rizzo
 Anthony Roach
 Mark Roberts
 Jim Robinson
diff --git a/Misc/NEWS b/Misc/NEWS
index 9a46b72..3df8e95 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,12 @@ What's New in Python 3.2.2?
 Core and Builtins
 -----------------
 
+- Issue #12149: Update the method cache after a type's dictionnary gets
+  cleared by the garbage collector.  This fixes a segfault when an instance
+  and its type get caught in a reference cycle, and the instance's
+  deallocator calls one of the methods on the type (e.g. when subclassing
+  IOBase).  Diagnosis and patch by Davide Rizzo.
+
 - Issue #9611, #9015: FileIO.read() clamps the length to INT_MAX on Windows.
 
 - When a generator yields, do not retain the caller's exception state on the
diff --git a/Objects/typeobject.c b/Objects/typeobject.c
index 3c724fd..97ccf01 100644
--- a/Objects/typeobject.c
+++ b/Objects/typeobject.c
@@ -967,6 +967,8 @@ subtype_dealloc(PyObject *self)
     assert(basedealloc);
     basedealloc(self);
 
+    PyType_Modified(type);
+
     /* Can't reference self beyond this point */
     Py_DECREF(type);
 
-- 
cgit v0.12