summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Shannon <mark@hotpy.org>2021-11-22 14:01:23 +0000
committerGitHub <noreply@github.com>2021-11-22 14:01:23 +0000
commit7fd92a8b7ee5bed28c2681fa38e0a1e76200dd8e (patch)
tree46c7f7aed9809c9a7d5f6b6a50eb151b1e2e8a38
parentd9cedabeba0d87799f99c0717e81743a1c2d34ce (diff)
downloadcpython-git-7fd92a8b7ee5bed28c2681fa38e0a1e76200dd8e.tar.gz
bpo-45813: Make sure that frame->generator is NULLed when generator is deallocated. (GH-29700)
-rw-r--r--Lib/test/test_coroutines.py7
-rw-r--r--Misc/NEWS.d/next/Core and Builtins/2021-11-22-11-28-13.bpo-45813.ZMaWE2.rst1
-rw-r--r--Objects/genobject.c1
-rw-r--r--Python/frame.c3
4 files changed, 12 insertions, 0 deletions
diff --git a/Lib/test/test_coroutines.py b/Lib/test/test_coroutines.py
index 4350e185a2..fc8b8bc954 100644
--- a/Lib/test/test_coroutines.py
+++ b/Lib/test/test_coroutines.py
@@ -2191,6 +2191,13 @@ class CoroutineTest(unittest.TestCase):
return 'end'
self.assertEqual(run_async(run_gen()), ([], 'end'))
+ def test_bpo_45813(self):
+ 'This would crash the interpreter in 3.11a2'
+ async def f():
+ pass
+ frame = f().cr_frame
+ frame.clear()
+
class CoroAsyncIOCompatTest(unittest.TestCase):
diff --git a/Misc/NEWS.d/next/Core and Builtins/2021-11-22-11-28-13.bpo-45813.ZMaWE2.rst b/Misc/NEWS.d/next/Core and Builtins/2021-11-22-11-28-13.bpo-45813.ZMaWE2.rst
new file mode 100644
index 0000000000..65f64b11de
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2021-11-22-11-28-13.bpo-45813.ZMaWE2.rst
@@ -0,0 +1 @@
+Fix crash when calling coro.cr_frame.clear() after coroutine has been freed.
diff --git a/Objects/genobject.c b/Objects/genobject.c
index efd255d33f..c899ed6a82 100644
--- a/Objects/genobject.c
+++ b/Objects/genobject.c
@@ -134,6 +134,7 @@ gen_dealloc(PyGenObject *gen)
InterpreterFrame *frame = gen->gi_xframe;
if (frame != NULL) {
gen->gi_xframe = NULL;
+ frame->generator = NULL;
frame->previous = NULL;
_PyFrame_Clear(frame, 1);
}
diff --git a/Python/frame.c b/Python/frame.c
index 3d2415fee7..a5c93eaaa5 100644
--- a/Python/frame.c
+++ b/Python/frame.c
@@ -99,6 +99,9 @@ take_ownership(PyFrameObject *f, InterpreterFrame *frame)
int
_PyFrame_Clear(InterpreterFrame * frame, int take)
{
+ /* It is the responsibility of the owning generator/coroutine
+ * to have cleared the generator pointer */
+ assert(frame->generator == NULL);
if (frame->frame_obj) {
PyFrameObject *f = frame->frame_obj;
frame->frame_obj = NULL;