[issue46561] Descriptor resolution should own arguments passed to descriptors

2022-02-01 Thread Raymond Hettinger 


Raymond Hettinger  added the comment:

If this can only be triggered from C code, it less of a concern.

The PR increases cost on a critical path, so we ought to be wary of applying it 
unless a known problem is being solved.

Note, this code path has survived two decades of deployment.  Also, the PR 
doesn't have a test to demonstrate that it fixes anything.  Those facts give 
some evidence that the PR has every user paying to solve a problem that almost 
no one actually has.

--
nosy: +rhettinger

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46561] Descriptor resolution should own arguments passed to descriptors

2022-02-01 Thread Mark Shannon 


Mark Shannon  added the comment:

# This needs to be C code for this to fail, I'm writing it in Python for 
clarity and brevity

class D:
def __get__(self, instance, owner):
   del C.d
   # There are now no strong references to self
   self.whatever # Access to freed memory

# This can be Python

class C:
d = D()

C.d

--
nosy: +Mark.Shannon

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46561] Descriptor resolution should own arguments passed to descriptors

2022-01-28 Thread Dennis Sweeney 


Dennis Sweeney  added the comment:

Hi Max,

My apologies -- my first message was probably too dismissive.

Is there any way to make the existing code crash with pure Python, and can we 
then add such a test case? If not with pure Python, then perhaps with some 
minimal reproducible example using the C API?

Also, does the change have any effect on microbenchmarks involving the modified 
functions?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46561] Descriptor resolution should own arguments passed to descriptors

2022-01-28 Thread Maxwell Bernstein 


Maxwell Bernstein  added the comment:

Ah, and another piece of the puzzle: this can happen in runtimes like Cinder 
that provide their own native code entrypoints to functions like a __get__.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46561] Descriptor resolution should own arguments passed to descriptors

2022-01-28 Thread Maxwell Bernstein 


Change by Maxwell Bernstein :


--
components: +C API

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46561] Descriptor resolution should own arguments passed to descriptors

2022-01-28 Thread Maxwell Bernstein 


Maxwell Bernstein  added the comment:

Hi Dennis,

Sorry, let me be more clear. CPython in general ensures that objects passed in 
as arguments to a function will live for the duration of the function call if 
they are otherwise untouched. As it is now, this invariant is not maintained 
when calling the __get__ descriptor. Right now, it is not only borrowed by the 
callee but also not owned by the caller (!).

Max

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46561] Descriptor resolution should own arguments passed to descriptors

2022-01-27 Thread Dennis Sweeney 

Dennis Sweeney  added the comment:

Why? Callee-borrowing-from-caller is the established norm across the C API. You 
mention use-after-free, but can you elaborate on how that can happen in 
practice?

https://docs.python.org/3/extending/extending.html?highlight=borrowed#ownership-rules
 says:

"""When you pass an object reference into another function, in general, the 
function borrows the reference from you — if it needs to store it, it will use 
Py_INCREF() to become an independent owner."""

--
nosy: +Dennis Sweeney

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46561] Descriptor resolution should own arguments passed to descriptors

2022-01-27 Thread Maxwell Bernstein 


Change by Maxwell Bernstein :


--
keywords: +patch
pull_requests: +29158
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/30979

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46561] Descriptor resolution should own arguments passed to descriptors

2022-01-27 Thread Maxwell Bernstein 


New submission from Maxwell Bernstein :

Currently the descriptor (self) argument to __get__ is passed borrowed, since 
_PyType_LookupId returns a borrowed reference (see _PyObject_LookupSpecial and 
lookup_maybe_method in Objects/typeobject.c). This should instead own the 
reference.

--
messages: 411978
nosy: tekknolagi
priority: normal
severity: normal
status: open
title: Descriptor resolution should own arguments passed to descriptors
versions: Python 3.10, Python 3.11, Python 3.8, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com