From: Luca Weiss <luca-IfPCFPJWly+lVyrhU4qvOw@public.gmane.org>
To: David Gibson <david-xT8FGy+AXnRB3Ne2BGzF6laj5H9X9Tb+@public.gmane.org>
Cc: devicetree-compiler-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH] Fix Python crash on getprop deallocation
Date: Sat, 25 Dec 2021 11:25:51 +0100 [thread overview]
Message-ID: <5777466.lOV4Wx5bFT@g550jk> (raw)
In-Reply-To: <Yca6ZoKpCjLsFFfo@yekko>
Hi David,
On Samstag, 25. Dezember 2021 07:29:58 CET David Gibson wrote:
> On Fri, Dec 24, 2021 at 11:28:12AM +0100, Luca Weiss wrote:
> > Fatal Python error: none_dealloc: deallocating None
> > Python runtime state: finalizing (tstate=0x000055c9bac70920)
> >
> > Current thread 0x00007fbe34e47740 (most recent call first):
> > <no Python frame>
> >
> > Aborted (core dumped)
> >
> > This is caused by a missing Py_INCREF on the returned Py_None, as
> > demonstrated e.g. in https://github.com/mythosil/swig-python-incref or
> > described at https://edcjones.tripod.com/refcount.html ("Remember to
> > INCREF Py_None!")
> >
> > A PoC for triggering this crash is uploaded to
> > https://github.com/z3ntu/pylibfdt-crash .
> > With this patch applied to pylibfdt the crash does not happen.
>
> Any chance you could rework your testcase into the libfdt testsuite
> (make check)?
>
To be completely honest I don't exactly understand why this crash is
happening. If you reduce the iteration count in my PoC from the "10" I used to
just 1 or 2, then the crash doesn't happen. But I don't have any insights into
how Python actually allocates and deallocates things internally, as this crash
happens during dellocation when Python exits and after the supplied code is
already run.
Regards
Luca
> > Signed-off-by: Luca Weiss <luca-IfPCFPJWly+lVyrhU4qvOw@public.gmane.org>
> > ---
> > Unrelated but I've noticed that in this file the indentation is quite
> > mixed between spaces and tabs. This patch tries to keep to the style in
> > the lines around.
> >
> > pylibfdt/libfdt.i | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/pylibfdt/libfdt.i b/pylibfdt/libfdt.i
> > index 075ef70..9ccc57b 100644
> > --- a/pylibfdt/libfdt.i
> > +++ b/pylibfdt/libfdt.i
> > @@ -1040,14 +1040,16 @@ typedef uint32_t fdt32_t;
> >
> > /* typemap used for fdt_getprop() */
> > %typemap(out) (const void *) {
> >
> > - if (!$1)
> > + if (!$1) {
> >
> > $result = Py_None;
> >
> > - else
> > + Py_INCREF($result);
> > + } else {
> >
> > %#if PY_VERSION_HEX >= 0x03000000
> >
> > $result = Py_BuildValue("y#", $1, (Py_ssize_t)*arg4);
> >
> > %#else
> >
> > $result = Py_BuildValue("s#", $1, (Py_ssize_t)*arg4);
> >
> > %#endif
> >
> > + }
> >
> > }
> >
> > /* typemap used for fdt_setprop() */
next prev parent reply other threads:[~2021-12-25 10:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-24 10:28 [PATCH] Fix Python crash on getprop deallocation Luca Weiss
[not found] ` <20211224102811.70695-1-luca-IfPCFPJWly+lVyrhU4qvOw@public.gmane.org>
2021-12-24 13:17 ` Simon Glass
[not found] ` <CAPnjgZ227FLO_UYqsq44dQwOYqa+vXuu5BGgmjoCThHnTGS5FA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2021-12-25 6:30 ` David Gibson
2021-12-25 6:29 ` David Gibson
2021-12-25 10:25 ` Luca Weiss [this message]
2021-12-26 4:46 ` David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5777466.lOV4Wx5bFT@g550jk \
--to=luca-ifpcfpjwly+lvyrhu4qvow@public.gmane.org \
--cc=david-xT8FGy+AXnRB3Ne2BGzF6laj5H9X9Tb+@public.gmane.org \
--cc=devicetree-compiler-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).