Skip to content

Commit

Permalink
py/parse: Zero out dangling parse tree pointer to fix potential GC leak.
Browse files Browse the repository at this point in the history 
This fixes a bug where a random Python object may become
un-garbage-collectable until an enclosing Python file (compiled on device)
finishes executing.

Details:

The mp_parse_tree_t structure is stored on the stack in top-level functions
such as parse_compile_execute() in pyexec.c (and others).

Although it quickly falls out of scope in these functions, it is usually
still in the current stack frame when the compiled code executes. (Compiler
dependent, but usually it's one stack push per function.)

This means if any Python object happens to allocate at the same address as
the (freed) root parse tree chunk, it's un-garbage-collectable as there's a
(dangling) pointer up the stack referencing this same address.

As reported by @GitHubsSilverBullet here:
https://github.com/orgs/micropython/discussions/14116#discussioncomment-8837214

This work was funded through GitHub Sponsors.

Signed-off-by: Angus Gratton <angus@redyak.com.au>
  • Loading branch information
@projectgus @dpgeorge
projectgus authored and dpgeorge committed Mar 21, 2024
1 parent 9d27183 commit 71044a4
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions py/parse.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1386,6 +1386,7 @@ void mp_parse_tree_clear(mp_parse_tree_t *tree) {
m_del(byte, chunk, sizeof(mp_parse_chunk_t) + chunk->alloc);
chunk = next;
}
tree->chunk = NULL; // Avoid dangling pointer that may live on stack
}

#endif // MICROPY_ENABLE_COMPILER

0 comments on commit 71044a4

Please sign in to comment.