The same bug affects
array.array: construction GC-tracks the object before
it's filled, so another thread can reach the half-built object via
gc.get_objects() mid-construction and race with the fill.
I am working on this.
WARNING: ThreadSanitizer: data race (pid=86250)
SUMMARY: ThreadSanitizer: data race arraymodule.c:964 in array_length
WARNING: ThreadSanitizer: data race (pid=86250)
SUMMARY: ThreadSanitizer: data race arraymodule.c:515 in q_getitem
WARNING: ThreadSanitizer: data race (pid=86250)
SUMMARY: ThreadSanitizer: data race alloc.c:746 in _mi_heap_realloc_zero
WARNING: ThreadSanitizer: data race (pid=86250)
SUMMARY: ThreadSanitizer: data race arraymodule.c:195 in array_resize
WARNING: ThreadSanitizer: data race (pid=86250)
SUMMARY: ThreadSanitizer: data race arraymodule.c:515 in q_getitem
WARNING: ThreadSanitizer: data race (pid=86250)
SUMMARY: ThreadSanitizer: data race arraymodule.c:159 in array_resize
WARNING: ThreadSanitizer: data race (pid=86250)
SUMMARY: ThreadSanitizer: data race arraymodule.c:515 in q_getitem
WARNING: ThreadSanitizer: data race (pid=86250)
SUMMARY: ThreadSanitizer: data race alloc.c:746 in _mi_heap_realloc_zero
WARNING: ThreadSanitizer: data race (pid=86250)
SUMMARY: ThreadSanitizer: data race arraymodule.c:195 in array_resize
==86250==ERROR: ThreadSanitizer: SEGV on unknown address 0x000102000100 (pc 0x000103c83aec bp 0x00016efe9ff0 sp 0x00016efe9fb0 T4883198)
SUMMARY: ThreadSanitizer: SEGV obmalloc.c:298 in _PyMem_MiFree
The same bug affects
array.array: construction GC-tracks the object beforeit's filled, so another thread can reach the half-built object via
gc.get_objects()mid-construction and race with the fill.I am working on this.