PyCapsule use of tp_traverse is likely unsafe #124684
Labels
type-bug
An unexpected behavior, bug, or error
Comments
|
On further inspection, I think what PyCapsule is doing is actually okay. I had missed that the instance object has |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
Bug description:
Switching out the
tp_traversetype pointer based on the object type being encapsulated seems unsafe to me. The GC is not prepared fortp_traverseto be changing like that. For example, it assumes that tp_traverse works the same during the different stages of a collection run. I would guess that_PyCapsule_SetTraverse()could possibly be set from a finalizer, for example.More investigation is needed to determine how we can implement the GC support (so we don't have leaks of
_socketobjects) but also don't abuse tp_traverse in unsafe ways. One option: have a different PyCapsule type depending on what's wrapped. Second option: have a fixed tp_traverse function but put logic inside of it to determine what the type of the wrapped thing is and do the correct traversal.gh-124538
gh-108240
The text was updated successfully, but these errors were encountered: