Control: reassign -1 cython3 Control: affects -1 python3-pandas python3-skimage Control: tags -1 fixed-upstream Control: retitle -1: cython3: generated code does out of bounds reads in with-dict (subclass of) cdef class
No, it is a proper Timedelta-sized space (144 bytes, not a _Timedelta's 128). The bug is that Cython is treating the tp_dictoffset slot (128 bytes from the start of Timedelta) as the *start of* a PyDictObject (48 bytes, so won't fit here) when it's actually a *pointer to* the PyDictObject. This only happens when tp_dictoffset is nonzero, i.e. either a cdef class with an instance dict (non-default but allowed), or a normal Python class inheriting from a cdef class. This appears to be fixed upstream (though they only seem to have noticed that they weren't checking whether the pointer was NULL, not that they weren't treating it as a pointer at all): https://github.com/cython/cython/commit/253c25a902aef2c54de31baa22af73d0dbad2a06#diff-32655df5c2097cca93b52a2ff7583bef I haven't checked whether this patch can be applied to our Cython version. As it has been released upstream and there is already a request for the new upstream version (#941021), packaging this is probably a better use of time.