diff options
author | Mark Shannon <mark@hotpy.org> | 2021-11-22 14:01:23 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-22 14:01:23 +0000 |
commit | 7fd92a8b7ee5bed28c2681fa38e0a1e76200dd8e (patch) | |
tree | 46c7f7aed9809c9a7d5f6b6a50eb151b1e2e8a38 | |
parent | d9cedabeba0d87799f99c0717e81743a1c2d34ce (diff) | |
download | cpython-git-7fd92a8b7ee5bed28c2681fa38e0a1e76200dd8e.tar.gz |
bpo-45813: Make sure that frame->generator is NULLed when generator is deallocated. (GH-29700)
-rw-r--r-- | Lib/test/test_coroutines.py | 7 | ||||
-rw-r--r-- | Misc/NEWS.d/next/Core and Builtins/2021-11-22-11-28-13.bpo-45813.ZMaWE2.rst | 1 | ||||
-rw-r--r-- | Objects/genobject.c | 1 | ||||
-rw-r--r-- | Python/frame.c | 3 |
4 files changed, 12 insertions, 0 deletions
diff --git a/Lib/test/test_coroutines.py b/Lib/test/test_coroutines.py index 4350e185a2..fc8b8bc954 100644 --- a/Lib/test/test_coroutines.py +++ b/Lib/test/test_coroutines.py @@ -2191,6 +2191,13 @@ class CoroutineTest(unittest.TestCase): return 'end' self.assertEqual(run_async(run_gen()), ([], 'end')) + def test_bpo_45813(self): + 'This would crash the interpreter in 3.11a2' + async def f(): + pass + frame = f().cr_frame + frame.clear() + class CoroAsyncIOCompatTest(unittest.TestCase): diff --git a/Misc/NEWS.d/next/Core and Builtins/2021-11-22-11-28-13.bpo-45813.ZMaWE2.rst b/Misc/NEWS.d/next/Core and Builtins/2021-11-22-11-28-13.bpo-45813.ZMaWE2.rst new file mode 100644 index 0000000000..65f64b11de --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2021-11-22-11-28-13.bpo-45813.ZMaWE2.rst @@ -0,0 +1 @@ +Fix crash when calling coro.cr_frame.clear() after coroutine has been freed. diff --git a/Objects/genobject.c b/Objects/genobject.c index efd255d33f..c899ed6a82 100644 --- a/Objects/genobject.c +++ b/Objects/genobject.c @@ -134,6 +134,7 @@ gen_dealloc(PyGenObject *gen) InterpreterFrame *frame = gen->gi_xframe; if (frame != NULL) { gen->gi_xframe = NULL; + frame->generator = NULL; frame->previous = NULL; _PyFrame_Clear(frame, 1); } diff --git a/Python/frame.c b/Python/frame.c index 3d2415fee7..a5c93eaaa5 100644 --- a/Python/frame.c +++ b/Python/frame.c @@ -99,6 +99,9 @@ take_ownership(PyFrameObject *f, InterpreterFrame *frame) int _PyFrame_Clear(InterpreterFrame * frame, int take) { + /* It is the responsibility of the owning generator/coroutine + * to have cleared the generator pointer */ + assert(frame->generator == NULL); if (frame->frame_obj) { PyFrameObject *f = frame->frame_obj; frame->frame_obj = NULL; |