From 6b7dfc924d094d2cad8d7b88a7b2d787e41f8ed4 Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Sat, 12 Dec 2009 19:18:27 +0000 Subject: Merged revisions 76763 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ........ r76763 | antoine.pitrou | 2009-12-12 20:13:08 +0100 (sam., 12 déc. 2009) | 7 lines Issue #7466: segmentation fault when the garbage collector is called in the middle of populating a tuple. Patch by Florent Xicluna. (note: no NEWS entry for trunk since the bug was introduced in 2.7/3.1) ........ --- Lib/test/test_tuple.py | 3 +++ Misc/NEWS | 3 +++ Objects/tupleobject.c | 3 ++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Lib/test/test_tuple.py b/Lib/test/test_tuple.py index c37adc2..53065bb 100644 --- a/Lib/test/test_tuple.py +++ b/Lib/test/test_tuple.py @@ -146,6 +146,9 @@ class TupleTest(seq_tests.CommonTest): pass self.check_track_dynamic(MyTuple, True) + def test_bug7466(self): + # Trying to untrack an unfinished tuple could crash Python + self._not_tracked(tuple(gc.collect() for i in range(101))) def test_main(): support.run_unittest(TupleTest) diff --git a/Misc/NEWS b/Misc/NEWS index 850369e..d3b26a4 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -12,6 +12,9 @@ What's New in Python 3.2 Alpha 1? Core and Builtins ----------------- +- Issue #7466: segmentation fault when the garbage collector is called + in the middle of populating a tuple. Patch by Florent Xicluna. + - Issue #7419: setlocale() could crash the interpreter on Windows when called with invalid values. diff --git a/Objects/tupleobject.c b/Objects/tupleobject.c index 290107a..884174d 100644 --- a/Objects/tupleobject.c +++ b/Objects/tupleobject.c @@ -850,7 +850,8 @@ _PyTuple_Resize(PyObject **pv, Py_ssize_t newsize) /* XXX UNREF/NEWREF interface should be more symmetrical */ _Py_DEC_REFTOTAL; - _PyObject_GC_UNTRACK(v); + if (_PyObject_GC_IS_TRACKED(v)) + _PyObject_GC_UNTRACK(v); _Py_ForgetReference((PyObject *) v); /* DECREF items deleted by shrinkage */ for (i = newsize; i < oldsize; i++) { -- cgit v0.12