search

python / cpython

The Python programming language
https://www.python.org
Other
62.31k stars 29.93k forks source link

Incorrect error handling in `MAKE_FUNCTION` #122752

Open colesbury opened 1 month ago

colesbury commented 1 month ago

Bug report

The error ERROR_NO_POP in MAKE_FUNCTION looks wrong:

https://github.com/python/cpython/blob/5b8a6c5186be299d96dd483146dc6ea737ffdfe7/Python/bytecodes.c#L4185-L4199

I think it should instead be:

     PyStackRef_CLOSE(codeobj_st); 
     ERROR_IF(func_obj == NULL, error);

When I inject a PyErr_NoMemory() failure into PyFunction_New() the interpreter crashes with a refcount error.

Objects/funcobject.c:1069: _Py_NegativeRefcount: Assertion failed: object has negative ref count
<object at 0x7f553f7eb3d0 is freed>
Fatal Python error: _PyObject_AssertFailed: _PyObject_AssertFailed
Python runtime state: finalizing (tstate=0x00005628cd27af98)

Current thread 0x00007f553fcc6740 (most recent call first):
  Garbage-collecting
  <no Python frame>
Aborted (core dumped)

Using ERROR_IF avoids the refcount assertion failure and properly raise a MemoryError.

colesbury commented 1 month ago

Alternatively, I think we could move the PyStackRef_CLOSE(codeobj_st); after the error check.