Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] null-deref inside _PyObject_GC_UNTRACK from extention class dealloc method. #5971

Closed
fried opened this issue Feb 2, 2024 · 0 comments · Fixed by #5972
Closed

[BUG] null-deref inside _PyObject_GC_UNTRACK from extention class dealloc method. #5971

fried opened this issue Feb 2, 2024 · 0 comments · Fixed by #5972
Labels
Code Generation defect
Milestone
3.0.9

Comments

@fried
Copy link
Contributor

fried commented Feb 2, 2024
edited

Describe the bug

SCARINESS: 10 (null-deref)
    #0 0x53c9a5 in _PyObject_GC_UNTRACK(_object*) (.__uniq.71160431842585912442991593982683040670) python/3.10/Include/internal/pycore_object.h:123
    #1 0x53c9a5 in BaseException_dealloc(PyBaseExceptionObject*) (.__uniq.71160431842585912442991593982683040670) python/3.10/Objects/exceptions.c:92
    #2 0x7fb1f0bcfea7 in __pyx_tp_dealloc_6thrift_3py3_10exceptions_GeneratedError(_object*) exceptions.cpp:20592 *cython*
    #3 0x7fb1f4369b4f in __pyx_tp_dealloc_7testing_5types_UnusedError(_object*) types.cpp:165249  *cython* 
    #4 0x3d3658 in _Py_Dealloc python/3.10/Objects/object.c:2301

I believe this is related to this commit 663c924 from #5432

The generated .cpp code between the old version of cython and 3.0.8 is missing these lines

#if CYTHON_USE_TYPE_SLOTS
if (PyType_IS_GC(Py_TYPE(o)->tp_base))
#endif
PyObject_GC_Track(o);

The missing GC_Track would explain why GC is exploding

Code to reproduce the behaviour:

# We have no custom __dealloc__ or __del__
# Exception is the builtin python Exception
# inside the exceptions.pxd we have this def for Exception
cdef extern from "Python.h":
    ctypedef extern class builtins.Exception[object PyBaseExceptionObject]:
        pass


# inside the exceptions.pyx
cdef class Error(Exception):
   # Has no slots
    ...

cdef class GeneratedError(Error):
  # has some attribute slots
   ...

Expected behaviour

no crash

OS

Linux

Python version

3.10.9

Cython version

3.0.8

Additional context

No response
@fried fried changed the title [BUG] null-deref inside _PyObject_GC_UNTRACK from extention class dealloc method. cython 3.0.8 cpython 3.10 [BUG] null-deref inside _PyObject_GC_UNTRACK from extention class dealloc method. Feb 2, 2024
@fried fried mentioned this issue Feb 3, 2024
Merged
@scoder scoder added this to the 3.0.9 milestone Feb 19, 2024
scoder pushed a commit that referenced this issue Feb 27, 2024
@fried
Don't miss a required PyObject_GC_Track() in dealloc (GH-5972)
0bed3ee 
Closes #5971
See #5432
scoder pushed a commit that referenced this issue Feb 27, 2024
@fried @scoder
Don't miss a required PyObject_GC_Track() in dealloc (GH-5972)
351b292 
Closes #5971
See #5432
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Code Generation defect
Projects
None yet
Milestone
3.0.9
Development

Successfully merging a pull request may close this issue.

Don't miss a required PyObject_GC_Track() in dealloc fried/cython
2 participants
@fried @scoder