Bug 504337 – (PATCH) crash bug in gobject.Timeout and gobject.Idle

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 504337 - (PATCH) crash bug in gobject.Timeout and gobject.Idle


Summary:	(PATCH) crash bug in gobject.Timeout and gobject.Idle


Status:	RESOLVED FIXED

Product:	pygobject
Classification:	Bindings
Component:	gobject
Version:	Git master
Hardware:	Other Linux

Importance:	Normal major
Target Milestone:	---
Assigned To:	Nobody's working on this now (help wanted and appreciated)
QA Contact:	Python bindings maintainers

URL:
Whiteboard:

Depends on:	510511
Blocks:

Reported:	2007-12-18 20:51 UTC by Bryan Silverthorn
Modified:	2008-07-14 21:41 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
timeout_segfault.py (171 bytes, text/plain) 2007-12-18 20:53 UTC, Bryan Silverthorn		Details
bcs_pygsource_fix.patch (959 bytes, patch) 2007-12-18 20:54 UTC, Bryan Silverthorn	none	Details \| Review

Description Bryan Silverthorn 2007-12-18 20:51:28 UTC

The tp_flags fields for PyGTimeout_Type and PyGIdle_Type in gobject/pygsource.c have Py_TPFLAGS_HAVE_GC incorrectly set. The tp_traverse and tp_clear fields are only inherited from a base type if Py_TPFLAGS_HAVE_GC is _not_ set in subtypes (and if Py_TPFLAGS_HAVE_RICHCOMPARE _is_ set, which is covered by Py_TPFLAGS_DEFAULT).

The Python GC therefore dereferences a NULL function pointer when attempting to traverse a timeout or idle source.

Attaching a test case and patch against r721.

Comment 1 Bryan Silverthorn 2007-12-18 20:53:30 UTC

Created attachment 101217 [details]
timeout_segfault.py

Observed behavior:

$ python timeout_segfault.py 
Segmentation fault

Comment 2 Bryan Silverthorn 2007-12-18 20:54:55 UTC

Created attachment 101218 [details] [review]
bcs_pygsource_fix.patch

Comment 3 Bryan Silverthorn 2008-03-16 15:25:48 UTC

The GSource wrapper has additional problems, many of which are fixed by the patch attached to #510511. That patch should be applied instead.

Comment 4 Johan (not receiving bugmail) Dahlin 2008-07-14 21:41:50 UTC

2008-07-14  Johan Dahlin  <johan@gnome.org>
    
    Bug 504337 - crash bug in gobject.Timeout and gobject.Idle
    
    * gobject/pygsource.c:
    * tests/test_source.py:
    Fix crash in Timeout and Idle, patch by Bryan Silverthorn.