From 032400b2d83ba1c2e4ee1cd33f51e9a598b2cf6c Mon Sep 17 00:00:00 2001
From: Georg Brandl <georg@python.org>
Date: Sat, 19 Feb 2011 21:47:02 +0000
Subject: [PATCH] #11249: in PyType_FromSpec, copy tp_doc slot since it usually
 will point to a static string literal which should not be deallocated
 together with the type.

---
 Misc/NEWS            |  2 ++
 Objects/typeobject.c | 11 +++++++++++
 2 files changed, 13 insertions(+)

diff --git a/Misc/NEWS b/Misc/NEWS
index 093a126f97a..ff6fd230854 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,8 @@ What's New in Python 3.2?
 Core and Builtins
 -----------------
 
+- Issue #11249: Fix potential crashes when using the limited API.
+
 Library
 -------
 
diff --git a/Objects/typeobject.c b/Objects/typeobject.c
index e9c7591b818..b1fe44ebe48 100644
--- a/Objects/typeobject.c
+++ b/Objects/typeobject.c
@@ -2347,6 +2347,17 @@ PyObject* PyType_FromSpec(PyType_Spec *spec)
 	    goto fail;
 	}
 	*(void**)(res_start + slotoffsets[slot->slot]) = slot->pfunc;
+
+        /* need to make a copy of the docstring slot, which usually
+           points to a static string literal */
+        if (slot->slot == Py_tp_doc) {
+            ssize_t len = strlen(slot->pfunc)+1;
+            char *tp_doc = PyObject_MALLOC(len);
+            if (tp_doc == NULL)
+	    	goto fail;
+            memcpy(tp_doc, slot->pfunc, len);
+            res->ht_type.tp_doc = tp_doc;
+        }
     }
 
     return (PyObject*)res;