GNOME Bugzilla – Bug 624811
Segfault while wrapping a boxed type
Last modified: 2010-11-19 21:14:53 UTC
When copying a boxed type to be wrapped with a JS object, sometimes g_boxed_copy is passed garbage as src_boxed (and therefore it segfaults). How to reproduce: I encountered this using GnomeBluetooth, which uses a Gtk.TreeStore. Trying to obtain a Gtk.TreeIter, gjs reliably segfaults. Code: const Blueooth = imports.gi.GnomeBluetooth let client = new Bluetooth.BluetoothClient() let model = client.get_model() /* is a Gtk.TreeStore, implements Gtk.TreeModel */ let iter = model.get_iter_first() /* segfault*/ Comments: it may be specific to Gtk.TreeIters (they are not expected to be copied or freed and are not actually boxed types).
This is actually gjs' lack of support for (out caller-allocates), see bug 604749
Created attachment 167675 [details] [review] add support for (out caller-allocates)
Almost three months have passed since this bug was first reported, and (out caller-allocates) was added to gobject-introspection. Any progress reviewing the patch?
Review of attachment 167675 [details] [review]: ::: gi/function.c @@ +525,3 @@ + case GI_INFO_TYPE_ENUM: + GITypeTag type_tag; + if (g_arg_info_is_caller_allocates(&arg_info)) { Just error if this happens; I'll make sure the scanner isn't generating them. @@ +545,3 @@ + case GI_TYPE_TAG_UINT64: + case GI_TYPE_TAG_FLOAT: + case GI_TYPE_TAG_DOUBLE: The same for these, just error out. We only want to support _INTERFACE and _UNION basically. @@ +756,3 @@ + type_tag = g_type_info_get_tag(&arg_type_info); + if (type_tag == GI_TYPE_TAG_INTERFACE) { Aren't we missing a check for g_arg_info_is_caller_allocates(&arg_info) here? @@ +762,3 @@ + interface_info = g_type_info_get_interface(&arg_type_info); + interface_type = g_base_info_get_type(interface_info); + if (interface_type == GI_INFO_TYPE_STRUCT) { Missing handling for GI_INFO_TYPE_UNION.