Amaury Forgeot d'Arc <amaur...@gmail.com> added the comment: Yes, some INCREF may be missing. The issue may be with the callback mechanism; these are usually difficult to get right.
Actually by pure luck I found suspect code that may be the cause of this crash: in src/event/listener_python.cc, the "Args" tuple is first allocated, but item #1 is not set. It's a bit wrong (try to print it!) but if does not leak outside, it won't probably crash here; gc traverse function luckily skips NULL pointers. BUT in raise_event(), this Args[1] is set to an event object, which is DECREF'd afterwards. The pointer now points to invalid memory, and next gc.collect() will crash... I also found other issues with reference counting here and there (ex: in src/python/python.cc, PyTuple_SET_ITEM (new_tuple, i, Py_None) steals one reference to Py_None each time!) There are many bugs in this application to fix before we can impute CPython. ---------- resolution: -> invalid status: open -> closed _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15236> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
