Issue #9295: Fix a crash under Windows when calling close() on a file
object with custom buffering from two threads at once.
diff --git a/Objects/fileobject.c b/Objects/fileobject.c
index 2647b54..974d642 100644
--- a/Objects/fileobject.c
+++ b/Objects/fileobject.c
@@ -423,6 +423,7 @@
int sts = 0;
int (*local_close)(FILE *);
FILE *local_fp = f->f_fp;
+ char *local_setbuf = f->f_setbuf;
if (local_fp != NULL) {
local_close = f->f_close;
if (local_close != NULL && f->unlocked_count > 0) {
@@ -446,10 +447,15 @@
* called. */
f->f_fp = NULL;
if (local_close != NULL) {
+ /* Issue #9295: must temporarily reset f_setbuf so that another
+ thread doesn't free it when running file_close() concurrently.
+ Otherwise this close() will crash when flushing the buffer. */
+ f->f_setbuf = NULL;
Py_BEGIN_ALLOW_THREADS
errno = 0;
sts = (*local_close)(local_fp);
Py_END_ALLOW_THREADS
+ f->f_setbuf = local_setbuf;
if (sts == EOF)
return PyErr_SetFromErrno(PyExc_IOError);
if (sts != 0)