[PATCH] Fix crash in g-ir-scanner

From: Andreas Schwab <schwab linux-m68k org>
To: gtk-devel-list gnome org
Subject: [PATCH] Fix crash in g-ir-scanner
Date: Sun, 27 Nov 2011 21:31:11 +0100
The value returned by PyString_AsString is no longer valid after
Py_DECREF.

Andreas.

-------------------------------8<-------------------------------------
>From b478c22fdae11753fc243e63634c5835834b6d79 Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab linux-m68k org>
Date: Sun, 27 Nov 2011 20:48:24 +0100
Subject: [PATCH] giscanner: fix use after decref

Decrement reference to temporary string object only after last use of its
value.
---
 giscanner/giscannermodule.c |   12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/giscanner/giscannermodule.c b/giscanner/giscannermodule.c
index 86fa244..3513e56 100644
--- a/giscanner/giscannermodule.c
+++ b/giscanner/giscannermodule.c
@@ -569,6 +569,7 @@ static int calc_attrs_length(PyObject *attributes, int indent,
   for (i = 0; i < PyList_Size (attributes); ++i)
     {
       PyObject *tuple, *pyvalue;
+      PyObject *s;
       char *attr, *value;
       char *escaped;
 
@@ -580,12 +581,11 @@ static int calc_attrs_length(PyObject *attributes, int indent,
         return -1;
 
       if (PyUnicode_Check(pyvalue)) {
-        PyObject *s = PyUnicode_AsUTF8String(pyvalue);
+        s = PyUnicode_AsUTF8String(pyvalue);
         if (!s) {
           return -1;
         }
         value = PyString_AsString(s);
-        Py_DECREF(s);
       } else if (PyString_Check(pyvalue)) {
         value = PyString_AsString(pyvalue);
       } else {
@@ -597,6 +597,8 @@ static int calc_attrs_length(PyObject *attributes, int indent,
       escaped = g_markup_escape_text (value, -1);
       attr_length += 2 + strlen(attr) + strlen(escaped) + 2;
       g_free(escaped);
+      if (PyUnicode_Check(pyvalue))
+        Py_DECREF(s);
     }
 
   return attr_length + indent + self_indent;
@@ -641,6 +643,7 @@ pygi_collect_attributes (PyObject *self,
   for (i = 0; i < PyList_Size (attributes); ++i)
     {
       PyObject *tuple, *pyvalue;
+      PyObject *s;
       char *attr, *value, *escaped;
 
       tuple = PyList_GetItem (attributes, i);
@@ -667,11 +670,10 @@ pygi_collect_attributes (PyObject *self,
 	goto out;
 
       if (PyUnicode_Check(pyvalue)) {
-        PyObject *s = PyUnicode_AsUTF8String(pyvalue);
+        s = PyUnicode_AsUTF8String(pyvalue);
         if (!s)
 	  goto out;
         value = PyString_AsString(s);
-        Py_DECREF(s);
       } else if (PyString_Check(pyvalue)) {
         value = PyString_AsString(pyvalue);
       } else {
@@ -695,6 +697,8 @@ pygi_collect_attributes (PyObject *self,
       g_string_append_c (attr_value, '\"');
       if (first)
 	first = FALSE;
+      if (PyUnicode_Check(pyvalue))
+        Py_DECREF(s);
   }
 
   result = PyUnicode_DecodeUTF8 (attr_value->str, attr_value->len, "strict");
-- 
1.7.7.4


-- 
Andreas Schwab, schwab linux-m68k org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]