Skip to content

gh-144069: Fix memory leak in _dbm.open() on failure #144075

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
VanshAgarwal24036 wants to merge 3 commits into from
Closed

gh-144069: Fix memory leak in _dbm.open() on failure #144075

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
91d78af
gh-144069: Fix memory leak in _dbm.open() on failure
VanshAgarwal24036 Jan 20, 2026
8bdd53c
News Added
VanshAgarwal24036 Jan 20, 2026
32c8cca
gh-144069: Fix cleanup in _dbm deallocation
VanshAgarwal24036 Jan 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions Lib/test/test_dbm.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,10 @@ def setUp(self):
self.addCleanup(cleaunup_test_dir)
setup_test_dir()

def test_open_nonexistent_directory(self):
Copy link
Copy Markdown
Member

@picnixz picnixz Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you put the test closer to other open()-tests? please be mindful of the quality of the PRs you submit.

missing_dir = os.path.join(dirname + "_does_not_exist", "test.db")
with self.assertRaises(OSError):
dbm.open(missing_dir, "c")

class WhichDBTestCase(unittest.TestCase):
def test_whichdb(self):
Expand Down
2 changes: 2 additions & 0 deletions Misc/NEWS.d/next/C_API/2026-01-20-20-17-16.gh-issue-144069.IE5fug.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Fix a memory leak in :func:`dbm.open` when database creation fails, such as
when the target directory does not exist.
7 changes: 6 additions & 1 deletion Modules/_dbmmodule.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,11 +85,16 @@ newdbmobject(_dbm_state *state, const char *file, int flags, int mode)
}
dp->di_size = -1;
dp->flags = flags;
dp->di_dbm = NULL;
PyObject_GC_Track(dp);

/* See issue #19296 */
if ( (dp->di_dbm = dbm_open((char *)file, flags, mode)) == 0 ) {
if ( (dp->di_dbm = dbm_open((char *)file, flags, mode)) == NULL ) {
PyErr_SetFromErrnoWithFilename(state->dbm_error, file);
if (dp->di_dbm != NULL) {
Copy link
Copy Markdown
Member

@serhiy-storchaka serhiy-storchaka Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait, we just tested that dp->di_dbm == NULL.

Copy link
Copy Markdown
Contributor Author

@VanshAgarwal24036 VanshAgarwal24036 Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for pointing this out — you’re right.

Since dbm_open() returns NULL, there is no DBM handle available to clean up, so attempting to close anything on the failure path was indeed dead code.

I’ve removed that logic from newdbmobject() and instead updated dbm_dealloc() to set dp->di_dbm = NULL after dbm_close() to make deallocation robust and avoid double frees.

dbm_close(dp->di_dbm);
dp->di_dbm = NULL;
}
Copy link
Copy Markdown
Member

@picnixz picnixz Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need for that, you can leave it to dealloc. In addition this code path will never be taken as di_dbm will be NULL... this is exactly your if test.

However add dp->di_dbm = NULL in dbm_dealloc() to prevent double frees.

Copy link
Copy Markdown
Contributor Author

@VanshAgarwal24036 VanshAgarwal24036 Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the clarification.
You’re right, since dbm_open() returns NULL, there is no DBM handle available to clean up on the failure path so cleanup attempt in newdbmobject() was dead code.

I removed that logic and instead updated dbm_dealloc() to set dp->di_dbm = NULL after dbm_close() to prevent double frees and stale pointer use.

I’ve also moved the regression test closer to the other open()-related tests as suggested.

Copy link
Copy Markdown
Member

@picnixz picnixz Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an LLM answer. I will reject this PR because I am tired of you using LLMs to generate PRs when we repeatedly told you not to do it. If you do not understand the issue and how to fix it in the first time or do not understand and review the LLM changes before committing, I would appreciate that you stop opening PRs.

Py_DECREF(dp);
return NULL;
}
Expand Down
Loading