[issue6990] threading.local subclasses don't cleanup their state and it gets recycled

[Amaury Forgeot d'Arc]

Amaury Forgeot d'Arc amaur...@gmail.com added the comment:

Thanks for the excellent test case!
Is seems enough to remove the statement Py_CLEAR(self-key); from
local_clear(). self-key is a string which cannot cause cycles (and is
not visited in local_traverse()); now local_dealloc() does its job.

Index: threadmodule.c
===
--- threadmodule.c  (revision 74229)
+++ threadmodule.c  (working copy)
@@ -239,7 +239,6 @@
 static int
 local_clear(localobject *self)
 {
-   Py_CLEAR(self-key);
Py_CLEAR(self-args);
Py_CLEAR(self-kw);
Py_CLEAR(self-dict);

--
keywords: +needs review
stage:  - patch review

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue6990
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6990] threading.local subclasses don't cleanup their state and it gets recycled

[Philip Jenvey]

New submission from Philip Jenvey pjen...@users.sourceforge.net:

When threading.local subclasses are cleared during a reference cycle the 
local's internal key is nulled before the local is deallocated. That's a 
problem because local only deletes its state (ldicts) from threads 
during deallocation, and doesn't do so at all when its key is null.

So leaving ldicts around is one thing, but what's worse is they can be 
recycled by new local objects later -- since ldicts are mapped to 
threadstates by said key, and said key is based on the local's pointer. 
If a new local is malloced at the old one's address it can end up with 
the original's ldicts (depending on which thread it's allocated from).

Attached is a test against trunk showing this. Should we delete the 
ldicts during clear, recreate the key during dealloc, or something else?

--
components: Interpreter Core
files: derived_local_cycle_dealloc.diff
keywords: patch
messages: 93099
nosy: amaury.forgeotdarc, pjenvey
severity: normal
status: open
title: threading.local subclasses don't cleanup their state and it gets recycled
type: security
versions: Python 2.4, Python 2.5, Python 2.6, Python 2.7, Python 3.0, Python 
3.1, Python 3.2
Added file: http://bugs.python.org/file14969/derived_local_cycle_dealloc.diff

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue6990
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6990] threading.local subclasses don't cleanup their state and it gets recycled

[Ben Bangert]

Changes by Ben Bangert b...@groovie.org:


--
nosy: +bbangert

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue6990
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com