From f00828a742d2e88c910bdfd00f08fcd998554ba5 Mon Sep 17 00:00:00 2001 From: Pablo Galindo Date: Thu, 9 May 2019 16:52:02 +0100 Subject: bpo-36851: Clean the frame stack if the execution ends with a return and the stack is not empty (GH-13191) --- Lib/test/test_code.py | 38 ++++++++++++++++++++++ .../2019-05-08-11-42-06.bpo-36851.J7DiCW.rst | 2 ++ Python/ceval.c | 16 +++++---- 3 files changed, 49 insertions(+), 7 deletions(-) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2019-05-08-11-42-06.bpo-36851.J7DiCW.rst diff --git a/Lib/test/test_code.py b/Lib/test/test_code.py index e49121e..9bf290d 100644 --- a/Lib/test/test_code.py +++ b/Lib/test/test_code.py @@ -130,6 +130,7 @@ import sys import threading import unittest import weakref +import opcode try: import ctypes except ImportError: @@ -379,6 +380,43 @@ if check_impl_detail(cpython=True) and ctypes is not None: tt.join() self.assertEqual(LAST_FREED, 500) + @cpython_only + def test_clean_stack_on_return(self): + + def f(x): + return x + + code = f.__code__ + ct = type(f.__code__) + + # Insert an extra LOAD_FAST, this duplicates the value of + # 'x' in the stack, leaking it if the frame is not properly + # cleaned up upon exit. + + bytecode = list(code.co_code) + bytecode.insert(-2, opcode.opmap['LOAD_FAST']) + bytecode.insert(-2, 0) + + c = ct(code.co_argcount, code.co_posonlyargcount, + code.co_kwonlyargcount, code.co_nlocals, code.co_stacksize+1, + code.co_flags, bytes(bytecode), + code.co_consts, code.co_names, code.co_varnames, + code.co_filename, code.co_name, code.co_firstlineno, + code.co_lnotab, code.co_freevars, code.co_cellvars) + new_function = type(f)(c, f.__globals__, 'nf', f.__defaults__, f.__closure__) + + class Var: + pass + the_object = Var() + var = weakref.ref(the_object) + + new_function(the_object) + + # Check if the_object is leaked + del the_object + assert var() is None + + def test_main(verbose=None): from test import test_code run_doctest(test_code, verbose) diff --git a/Misc/NEWS.d/next/Core and Builtins/2019-05-08-11-42-06.bpo-36851.J7DiCW.rst b/Misc/NEWS.d/next/Core and Builtins/2019-05-08-11-42-06.bpo-36851.J7DiCW.rst new file mode 100644 index 0000000..9973e4e --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2019-05-08-11-42-06.bpo-36851.J7DiCW.rst @@ -0,0 +1,2 @@ +The ``FrameType`` stack is now correctly cleaned up if the execution ends +with a return and the stack is not empty. diff --git a/Python/ceval.c b/Python/ceval.c index 4e43df2..07db1d3 100644 --- a/Python/ceval.c +++ b/Python/ceval.c @@ -1755,7 +1755,7 @@ main_loop: case TARGET(RETURN_VALUE): { retval = POP(); assert(f->f_iblock == 0); - goto return_or_yield; + goto exit_returning; } case TARGET(GET_AITER): { @@ -1924,7 +1924,7 @@ main_loop: /* and repeat... */ assert(f->f_lasti >= (int)sizeof(_Py_CODEUNIT)); f->f_lasti -= sizeof(_Py_CODEUNIT); - goto return_or_yield; + goto exit_yielding; } case TARGET(YIELD_VALUE): { @@ -1941,7 +1941,7 @@ main_loop: } f->f_stacktop = stack_pointer; - goto return_or_yield; + goto exit_yielding; } case TARGET(POP_EXCEPT): { @@ -3581,16 +3581,18 @@ exception_unwind: break; } /* main loop */ + assert(retval == NULL); + assert(PyErr_Occurred()); + +exit_returning: + /* Pop remaining stack entries. */ while (!EMPTY()) { PyObject *o = POP(); Py_XDECREF(o); } - assert(retval == NULL); - assert(PyErr_Occurred()); - -return_or_yield: +exit_yielding: if (tstate->use_tracing) { if (tstate->c_tracefunc) { if (call_trace_protected(tstate->c_tracefunc, tstate->c_traceobj, -- cgit v0.12