Bug 23507

Summary: SIGSEGV when disposing a dbusstring
Product: dbus Reporter: Tomeu Vizoso <tomeu>
Component: pythonAssignee: Simon McVittie <smcv>
Status: RESOLVED NOTOURBUG QA Contact: John (J5) Palmieri <johnp>
Severity: normal    
Priority: medium CC: sascha-web-bugs.freedesktop.org
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Tomeu Vizoso 2009-08-25 07:37:53 UTC 
Looks like we don't have the GIL lock, but I'm not sure why, as tp_dealloc is supposed to be called with the lock already:

#0  PyErr_Fetch (p_type=0xbfa2c67c, p_value=0xbfa2c678, p_traceback=0xbfa2c674) at Python/errors.c:235
        tstate = 0x0
#1  0x006d654f in dbus_py_variant_level_clear (self=0xa046d80) at abstract.c:143
        et = 0x6d652a
        ev = 0xbfa2c6a8
        etb = 0xa04b564
#2  0x006d65f2 in DBusPyStrBase_tp_dealloc (self=0xa046d80) at abstract.c:443
No locals.
#3  0x035f6e34 in dict_dealloc (mp=0xa04b604) at Objects/dictobject.c:911
        ep = 0xa197798
        fill = 0
#4  0x0361a155 in subtype_dealloc (self=0xa046ccc) at Objects/typeobject.c:1006
        dict = 0xa04b604
        dictptr = 0xa046cd4
        type = <value optimized out>
        base = 0x36f11c0
        basedealloc = <value optimized out>
        __PRETTY_FUNCTION__ = "subtype_dealloc"
#5  0x035f6e34 in dict_dealloc (mp=0xa04b46c) at Objects/dictobject.c:911
        ep = 0xa04b4a0
        fill = 1
#6  0x0361a155 in subtype_dealloc (self=0xa046dac) at Objects/typeobject.c:1006
        dict = 0xa04b46c
        dictptr = 0xa046db4
        type = <value optimized out>
        base = 0x36f11c0
        basedealloc = <value optimized out>
        __PRETTY_FUNCTION__ = "subtype_dealloc"
#7  0x035f6e34 in dict_dealloc (mp=0xa04b3e4) at Objects/dictobject.c:911
        ep = 0xa04b43c
        fill = 1
#8  0x00140b92 in pygobject_clear (self=<value optimized out>) at pygobject.c:1076
No locals.
#9  pygobject_dealloc (self=<value optimized out>) at pygobject.c:1001
No locals.
#10 0x0361a1cd in subtype_dealloc (self=0xa04a89c) at Objects/typeobject.c:1018
        type = <value optimized out>
        base = 0x37003e0
        basedealloc = 0xbfa2c67c
        __PRETTY_FUNCTION__ = "subtype_dealloc"
#11 0x035cb0b4 in instancemethod_dealloc (im=0xa0ee2ac) at Objects/classobject.c:2365
        __PRETTY_FUNCTION__ = "instancemethod_dealloc"
#12 0x00d75113 in child_watch_dnotify (data=0xa198c80) at glibmodule.c:344
...
Comment 1 Tomeu Vizoso 2009-08-25 08:06:14 UTC 
btw, this patch "fixes" the issue, so I guess we miss a GIL grab somewhere. But I really don't have much idea of this stuff.

diff --git a/_dbus_bindings/abstract.c b/_dbus_bindings/abstract.c
index 9a4f350..e4c4f51 100644
--- a/_dbus_bindings/abstract.c
+++ b/_dbus_bindings/abstract.c
@@ -440,7 +440,9 @@ DBusPythonString_tp_repr(PyObject *self)
 static void
 DBusPyStrBase_tp_dealloc(PyObject *self)
 {
+    PyGILState_STATE gil = PyGILState_Ensure();
     dbus_py_variant_level_clear(self);
+    PyGILState_Release(gil);
     (PyString_Type.tp_dealloc)(self);
 }
Comment 2 Simon McVittie 2010-12-02 09:44:18 UTC 
If the GLib bindings are unreffing Python objects (from C) without taking the GIL, I think that's NOTOURBUG.
Comment 3 Simon McVittie 2012-07-04 10:30:45 UTC 
(In reply to comment #2)
> If the GLib bindings are unreffing Python objects (from C) without taking the
> GIL, I think that's NOTOURBUG.

Closing as such.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.