New submission from Stefan Behnel <[EMAIL PROTECTED]>: Similar to the "decref before set" issue solved by Py_CLEAR(), the code in typeobject.c calls DECREF in the middle of a cache update. This leaves one cache entry in an invalid state during the DECREF call, which might result in running cleanup code in this state. If this code depends on an attribute lookup, this might lead to a cache lookup, which in turn can access the infected part of the cache. In the worst case, such a scenario can lead to a crash as it accesses an already cleaned-up object.
Here is a patch that fixes this. ---------- components: Interpreter Core files: possible-decref-before-set-fix.patch keywords: patch messages: 67445 nosy: scoder severity: normal status: open title: type cache updates might run cleanup code in an inconsistent state type: behavior versions: Python 2.6, Python 3.0 Added file: http://bugs.python.org/file10458/possible-decref-before-set-fix.patch _______________________________________ Python tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue2990> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com