In PyType_Ready() if the type object you are readying 
does not explicitly define its tp_base value, it will 
default to use PyBaseObject_Type.

However, this assignment does not INCREF the 
PyBaseObject_Type pointer.  Thus, for heap allocated 
type objects, when the type_dealloc() function is 
called, a DECREF is called on tp_base which can 
eventually cause PyBaseObject_Type refcount go to 0, 
at which point bad things happen.

Logged In: YES 
user_id=6656

I'm not sure this is actually a real problem.  I don't think
you can get into the "base == NULL" case with a heap type...

Logged In: YES 
user_id=393416

There are relatively few ways to make a heap allocated type 
object.  I have made a method to create structseq type 
objects on the heap (see sf patch 980098).  There doesn't 
appear to be a direct API to do it, so I did it manually.  Since 
the Type_Ready code has a check for NULL bases, one might 
as well take advantage of it.

Logged In: YES 
user_id=21627

I think the missing INCREF is a bug regardless of whether
the code is dead or not (if it is really dead, the bug is
that is hasn't been removed). I have committed the patch as
typeobject.c 2.263 and 2.241.6.12.