Issue #14432: Generator now clears the borrowed reference to the thread state Fix a crash when a generator is created in a C thread that is destroyed while the generator is still used. The issue was that a generator contains a frame, and the frame kept a reference to the Python state of the destroyed C thread. The crash occurs when a trace function is setup.

commit: 66c6e9dcb4cea8cce36abbd95308aa15b3381bea [log] [tgz]
author: Victor Stinner <victor.stinner@gmail.com> Fri Dec 13 02:37:09 2013 +0100
committer: Victor Stinner <victor.stinner@gmail.com> Fri Dec 13 02:37:09 2013 +0100
tree: 13f28d6fb2166c73a010000883647613d56819e3
parent: 9ffb1481d8103407d3d09d212993ab7c36c58087 [diff] [blame]
diff --git a/Objects/genobject.c b/Objects/genobject.c
index 341f660..082e03c 100644
--- a/Objects/genobject.c
+++ b/Objects/genobject.c

@@ -76,6 +76,7 @@
 
     /* Generators always return to their most recent caller, not
      * necessarily their creator. */
+    f->f_tstate = tstate;
     Py_XINCREF(tstate->frame);
     assert(f->f_back == NULL);
     f->f_back = tstate->frame;
@@ -89,6 +90,8 @@
      * cycle. */
     assert(f->f_back == tstate->frame);
     Py_CLEAR(f->f_back);
+    /* Clear the borrowed reference to the thread state */
+    f->f_tstate = NULL;
 
     /* If the generator just returned (as opposed to yielding), signal
      * that the generator is exhausted. */
commit	66c6e9dcb4cea8cce36abbd95308aa15b3381bea	[log] [tgz]
author	Victor Stinner <victor.stinner@gmail.com>	Fri Dec 13 02:37:09 2013 +0100
committer	Victor Stinner <victor.stinner@gmail.com>	Fri Dec 13 02:37:09 2013 +0100
tree	13f28d6fb2166c73a010000883647613d56819e3
parent	9ffb1481d8103407d3d09d212993ab7c36c58087 [diff] [blame]