Skip to content

gh-111784: Add PyCapsule_ImportCapsule and fix segfault in _elementtree.c #112053

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

gh-111784: Add PyCapsule_ImportCapsule and fix segfault in _elementtree.c #112053

wants to merge 1 commit into from

Conversation

Eclips4
Copy link
Member

@Eclips4 Eclips4 commented Nov 14, 2023
edited
Loading

That's a PoC.

We can add a NEWS entry and doc about new public API later, if we consider this as the right solution.

Also, I was incorrect in issue. We need to keep reference to the capsule, not pyexpat module.

@Eclips4 Eclips4 requested a review from vstinner November 14, 2023 10:53
@bedevere-app bedevere-app bot mentioned this pull request Nov 14, 2023
Closed
@Eclips4
Copy link
Member Author

Eclips4 commented Nov 14, 2023

@mgorny can you confirm that this fixes the issue?

@Eclips4 Eclips4 marked this pull request as draft November 14, 2023 10:55
Eclips4
Eclips4 commented Nov 14, 2023
View reviewed changes
Objects/capsule.c
"PyCapsule_Import \"%s\" is not valid",
name);
}
EXIT:
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need here Py_XDECREF(object) as in the PyCapsule_Import, because we do it later manually. So, we can control a process of capsule's deallocation

@mgorny
Copy link
Contributor

mgorny commented Nov 14, 2023

@mgorny can you confirm that this fixes the issue?

I've applied it on top of 3.12.0 and I still see a segv with my reproducer from #111784.

@Eclips4
Copy link
Member Author

Eclips4 commented Nov 14, 2023

@mgorny can you confirm that this fixes the issue?

I've applied it on top of 3.12.0 and I still see a segv with my reproducer from #111784.

Indeed. Interesting, reduced reproducer by @chgnrdv doesn't segfault'ed anymore, but this doesn't relevant for your example :(

@chgnrdv
Copy link
Contributor

chgnrdv commented Nov 14, 2023
edited
Loading

@Eclips4, it is reduced but not minimal :)
pyexpat/_elementtree has nothing to do with asyncio, and I guess that instantiation of _asyncio.Task just interferes with GC state (that may be invalid after _elementtree import) is some weakly deterministic way, which triggers segfault. We can't use this example as a stable way to reproduce the issue, and it could easily stop to work after some _asyncio changes being merged into main branch, for example.

@chgnrdv
Copy link
Contributor

chgnrdv commented Nov 14, 2023

Other, a bit hacky repro:

import _elementtree
x = _elementtree.XMLParser()
import sys
del sys.modules['pyexpat']

Looks obvious in hindsight, as all what we need is to deallocate pyexpat capsule earlier than XMLParser instance.

chgnrdv
chgnrdv reviewed Nov 14, 2023
View reviewed changes
Objects/capsule.c
name);
}
EXIT:
if (name_dup) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

name_dup is always non-NULL here, as we return MemoryError at line 236 if PyMem_Malloc fails.

Copy link
Member Author

@Eclips4 Eclips4 Nov 14, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not a final version 😅
Currently we just talking about idea, sadly, but this solution is incorrect :(
FYI, it's just copied from PyCapsule_Import

@Eclips4
Copy link
Member Author

Eclips4 commented Nov 14, 2023
edited
Loading

Other, a bit hacky repro:

import _elementtree
x = _elementtree.XMLParser()
import sys
del sys.modules['pyexpat']

Looks obvious in hindsight, as all what we need is to deallocate pyexpat capsule earlier than XMLParser instance.

Yep, I thinking about the same.
However.. this code doesn't segfault's on this patch..

@Eclips4
Copy link
Member Author

Eclips4 commented Dec 2, 2023
edited
Loading

This PR fixes only one segfault (there's two segfaults actually) and way to fix this segfault is really weird. So I'm closing this.

@Eclips4 Eclips4 closed this Dec 2, 2023
@Eclips4 Eclips4 deleted the issue-111784 branch December 3, 2023 07:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chgnrdv chgnrdv chgnrdv left review comments

@vstinner vstinner Awaiting requested review from vstinner

@erlend-aasland erlend-aasland Awaiting requested review from erlend-aasland

Assignees
No one assigned
Labels
skip news
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Eclips4 @mgorny @chgnrdv