New submission from Philip Jenvey <pjen...@users.sourceforge.net>: When threading.local subclasses are cleared during a reference cycle the local's internal key is nulled before the local is deallocated. That's a problem because local only deletes its state (ldicts) from threads during deallocation, and doesn't do so at all when its key is null.
So leaving ldicts around is one thing, but what's worse is they can be recycled by new local objects later -- since ldicts are mapped to threadstates by said key, and said key is based on the local's pointer. If a new local is malloced at the old one's address it can end up with the original's ldicts (depending on which thread it's allocated from). Attached is a test against trunk showing this. Should we delete the ldicts during clear, recreate the key during dealloc, or something else? ---------- components: Interpreter Core files: derived_local_cycle_dealloc.diff keywords: patch messages: 93099 nosy: amaury.forgeotdarc, pjenvey severity: normal status: open title: threading.local subclasses don't cleanup their state and it gets recycled type: security versions: Python 2.4, Python 2.5, Python 2.6, Python 2.7, Python 3.0, Python 3.1, Python 3.2 Added file: http://bugs.python.org/file14969/derived_local_cycle_dealloc.diff _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue6990> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
