bpo-9263: Fix _PyObject_Dump() for freed object (#10661)
If _PyObject_Dump() detects that the object is freed, don't try to
dump it (exit immediately).
Enhance also _PyObject_IsFreed(): it now detects if the pointer
itself looks like freed memory.
diff --git a/Objects/object.c b/Objects/object.c
index 9d2614b..c2d78aa 100644
--- a/Objects/object.c
+++ b/Objects/object.c
@@ -423,6 +423,10 @@
int
_PyObject_IsFreed(PyObject *op)
{
+ uintptr_t ptr = (uintptr_t)op;
+ if (_PyMem_IsFreed(&ptr, sizeof(ptr))) {
+ return 1;
+ }
int freed = _PyMem_IsFreed(&op->ob_type, sizeof(op->ob_type));
/* ignore op->ob_ref: the value can have be modified
by Py_INCREF() and Py_DECREF(). */
@@ -448,6 +452,7 @@
/* It seems like the object memory has been freed:
don't access it to prevent a segmentation fault. */
fprintf(stderr, "<freed object>\n");
+ return;
}
PyGILState_STATE gil;