commit 595f7a5bf959f97b5d889ab5c7f86c06e36e8dfb
author Amaury Forgeot d'Arc <amauryfa@gmail.com> Thu Jun 25 22:29:29 2009 +0000
committer Amaury Forgeot d'Arc <amauryfa@gmail.com> Thu Jun 25 22:29:29 2009 +0000
tree 74ebe5456e7c8745184ed83e9899cf294c7ad3e8
parent ca69bb90cb6091453d74d9693653b1c649553782

#2016 Fix a crash in function call when the **kwargs dictionary is mutated
during the function call setup.

This even gives a slight speedup, probably because tuple allocation
is faster than PyMem_NEW.

Objects/funcobject.c

diff --git a/Objects/funcobject.c b/Objects/funcobject.c
index 14484e5..7774e6d 100644
--- a/Objects/funcobject.c
+++ b/Objects/funcobject.c
@@ -489,13 +489,14 @@
 {
 	PyObject *result;
 	PyObject *argdefs;
+	PyObject *kwtuple = NULL;
 	PyObject **d, **k;
 	Py_ssize_t nk, nd;
 
 	argdefs = PyFunction_GET_DEFAULTS(func);
 	if (argdefs != NULL && PyTuple_Check(argdefs)) {
 		d = &PyTuple_GET_ITEM((PyTupleObject *)argdefs, 0);
-		nd = PyTuple_Size(argdefs);
+		nd = PyTuple_GET_SIZE(argdefs);
 	}
 	else {
 		d = NULL;
@@ -505,16 +506,17 @@
 	if (kw != NULL && PyDict_Check(kw)) {
 		Py_ssize_t pos, i;
 		nk = PyDict_Size(kw);
-		k = PyMem_NEW(PyObject *, 2*nk);
-		if (k == NULL) {
-			PyErr_NoMemory();
+		kwtuple = PyTuple_New(2*nk);
+		if (kwtuple == NULL)
 			return NULL;
-		}
+		k = &PyTuple_GET_ITEM(kwtuple, 0);
 		pos = i = 0;
-		while (PyDict_Next(kw, &pos, &k[i], &k[i+1]))
+		while (PyDict_Next(kw, &pos, &k[i], &k[i+1])) {
+			Py_INCREF(k[i]);
+			Py_INCREF(k[i+1]);
 			i += 2;
+		}
 		nk = i/2;
-		/* XXX This is broken if the caller deletes dict items! */
 	}
 	else {
 		k = NULL;
@@ -524,12 +526,11 @@
 	result = PyEval_EvalCodeEx(
 		(PyCodeObject *)PyFunction_GET_CODE(func),
 		PyFunction_GET_GLOBALS(func), (PyObject *)NULL,
-		&PyTuple_GET_ITEM(arg, 0), PyTuple_Size(arg),
+		&PyTuple_GET_ITEM(arg, 0), PyTuple_GET_SIZE(arg),
 		k, nk, d, nd,
 		PyFunction_GET_CLOSURE(func));
 
-	if (k != NULL)
-		PyMem_DEL(k);
+	Py_XDECREF(kwtuple);
 
 	return result;
 }