Skip to content

gh-143635: Fix crash in _Py_typing_type_repr #143670

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sobolevn wants to merge 2 commits into
base: main
Choose a base branch
from
Open

gh-143635: Fix crash in _Py_typing_type_repr #143670

sobolevn wants to merge 2 commits into from
+42 −1

Conversation

@sobolevn
Copy link
Member

@sobolevn sobolevn commented Jan 10, 2026
edited by bedevere-app bot
Loading

I also added one more test case for a second possible crash in the same function.

@bedevere-app bedevere-app bot mentioned this pull request Jan 10, 2026
Open
@sobolevn sobolevn added skip news needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes labels Jan 10, 2026
JelleZijlstra
JelleZijlstra reviewed Jan 11, 2026
View reviewed changes
Objects/typevarobject.c
return PyUnicodeWriter_WriteASCII(writer, "None", 4);
}

Py_INCREF(p); // gh-143635
Copy link
Member

@JelleZijlstra JelleZijlstra Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sort of feels like the wrong place, shouldn't callers of the function ensure they have a reference to p that remains valid?

Copy link
Member

@picnixz picnixz Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think so and we should just say that the function takes a strong reference (the function is not documented but it would be good to indicate this).

That means changing some PyList_GET_ITEM/PyTuple_GET_ITEM and adding some Py_INCREF for non-sequences.

Copy link
Member Author

@sobolevn sobolevn Jan 11, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, I am not quite sure about it. Technically, we don't need a strong reference in regular cases, it is only needed for strange self-destructing ones.

We have multiple places where we just use Py_INCREF / Py_DECREF on a object before calling some python callbacks with it. Changing this function to require a strong refenrence will require quite a lot of refactoring for a very niche thing (and might be a breaking change for anyone using this function, even though it is not documented).

Let's say we want to refactor this place:

cpython/Objects/genericaliasobject.c

Lines 103 to 105 in e22b685

if (_Py_typing_type_repr(writer, alias->origin) < 0) {
goto error;
}

It would be:

Py_INCREF(alias->origin);
if (_Py_typing_type_repr(writer, alias->origin) < 0) {
     Py_DECREF(alias->origin);
     goto error;
}
Py_DECREF(alias->origin);

This does not seem like a good API to me :/

What are the potential limitations of the current approach?

Copy link
Member

@picnixz picnixz Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changing this function to require a strong refenrence will require quite a lot of refactoring for a very niche thing (and might be a breaking change for anyone using this function, even though it is not documented).

It's not exported as part of the public API so I'm not sure it's available by "others" (it's only an extern symbol in the internal API). Since it's internal we can also keep your change as it reduces the diff (I didn't think there would be that many places though)

@JelleZijlstra
Copy link
Member

JelleZijlstra commented Jan 11, 2026

This needs NEWS since it fixes a user-visible crash.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JelleZijlstra JelleZijlstra JelleZijlstra left review comments

@picnixz picnixz picnixz left review comments

Assignees

No one assigned

Labels

awaiting core review needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sobolevn @JelleZijlstra @picnixz