[pygobject] Fix invalid read error in argument cleanup code
- From: Simon Feltman <sfeltman src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [pygobject] Fix invalid read error in argument cleanup code
- Date: Thu, 11 Sep 2014 02:21:44 +0000 (UTC)
commit 6181f724bc2c6ea30194c961cb15b2c543a48f95
Author: Simon Feltman <sfeltman src gnome org>
Date: Wed Sep 10 19:06:35 2014 -0700
Fix invalid read error in argument cleanup code
Always set initial length argument index for arrays to -1. Ensure we don't
attempt retrieving Python cleanup arguments until we know it is valid.
This was causing an invalid read in test_gi.TestArray.test_array_out()
gi/pygi-array.c | 1 +
gi/pygi-marshal-cleanup.c | 13 ++++++++-----
2 files changed, 9 insertions(+), 5 deletions(-)
---
diff --git a/gi/pygi-array.c b/gi/pygi-array.c
index 4cfbd17..e2598cd 100644
--- a/gi/pygi-array.c
+++ b/gi/pygi-array.c
@@ -803,6 +803,7 @@ pygi_arg_garray_len_arg_setup (PyGIArgCache *arg_cache,
child_cache->direction = direction;
child_cache->to_py_marshaller = _pygi_marshal_to_py_basic_type_cache_adapter;
child_cache->from_py_marshaller = _pygi_marshal_from_py_basic_type_cache_adapter;
+ child_cache->py_arg_index = -1;
/* ugly edge case code:
*
diff --git a/gi/pygi-marshal-cleanup.c b/gi/pygi-marshal-cleanup.c
index 4ba6159..b0ec05a 100644
--- a/gi/pygi-marshal-cleanup.c
+++ b/gi/pygi-marshal-cleanup.c
@@ -95,8 +95,6 @@ pygi_marshal_cleanup_args_from_py_marshal_success (PyGIInvokeState *state,
for (i = 0; i < _pygi_callable_cache_args_len (cache); i++) {
PyGIArgCache *arg_cache = _pygi_callable_cache_get_arg (cache, i);
PyGIMarshalCleanupFunc cleanup_func = arg_cache->from_py_cleanup;
- PyObject *py_arg = PyTuple_GET_ITEM (state->py_in_args,
- arg_cache->py_arg_index);
gpointer cleanup_data = state->args_cleanup_data[i];
/* Only cleanup using args_cleanup_data when available.
@@ -105,8 +103,9 @@ pygi_marshal_cleanup_args_from_py_marshal_success (PyGIInvokeState *state,
* PyGIInvokeState.args_cleanup_data stores this data (via _invoke_marshal_in_args)
* for the duration of the invoke up until this point.
*/
- if (cleanup_func && cleanup_data != NULL &&
+ if (cleanup_func && cleanup_data != NULL && arg_cache->py_arg_index >= 0 &&
arg_cache->direction & PYGI_DIRECTION_FROM_PYTHON) {
+ PyObject *py_arg = PyTuple_GET_ITEM (state->py_in_args, arg_cache->py_arg_index);
cleanup_func (state, arg_cache, py_arg, cleanup_data, TRUE);
state->args_cleanup_data[i] = NULL;
}
@@ -167,8 +166,12 @@ pygi_marshal_cleanup_args_from_py_parameter_fail (PyGIInvokeState *state,
PyGIArgCache *arg_cache = _pygi_callable_cache_get_arg (cache, i);
PyGIMarshalCleanupFunc cleanup_func = arg_cache->from_py_cleanup;
gpointer cleanup_data = state->args_cleanup_data[i];
- PyObject *py_arg = PyTuple_GET_ITEM (state->py_in_args,
- arg_cache->py_arg_index);
+ PyObject *py_arg = NULL;
+
+ if (arg_cache->py_arg_index < 0) {
+ continue;
+ }
+ py_arg = PyTuple_GET_ITEM (state->py_in_args, arg_cache->py_arg_index);
if (cleanup_func && cleanup_data != NULL &&
arg_cache->direction == PYGI_DIRECTION_FROM_PYTHON) {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]