Bug 658561 – Double free after calling Pango.Context.get_font_description() from python

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 658561 - Double free after calling Pango.Context.get_font_description() from python


Summary:	Double free after calling Pango.Context.get_font_description() from python


Status:	RESOLVED FIXED

Product:	pango
Classification:	Platform
Component:	general
Version:	1.28.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	pango-maint
QA Contact:	pango-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2011-09-08 13:39 UTC by Tony Houghton
Modified:	2011-09-08 23:53 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Tony Houghton 2011-09-08 13:39:03 UTC

If I call Pango.Context.get_font_description() from python, using gi, I get a crash on exit from the function which called that. There's a sort of backtrace which says it's caused by a double free or corruption in pango_font_description_free.

I guess the problem is that python thinks it "owns" the PangoFontDescription object, but the description of pango_context_get_font_description (C version) says it returns "a pointer to the context's default font description. This value must not be modified or freed." However, the result is not const, which might have led to an oversight in gir that this object needs special treatment eg pango_font_description_copy_static().

Comment 1 Behdad Esfahbod 2011-09-08 15:12:49 UTC

I committed this patch.  Can you test?

diff --git a/pango/pango-context.c b/pango/pango-context.c
index 110a6f3..6c1508b 100644
--- a/pango/pango-context.c
+++ b/pango/pango-context.c
@@ -339,8 +339,8 @@ pango_context_set_font_description (PangoContext               *context,
  *
  * Retrieve the default font description for the context.
  *
- * Return value: a pointer to the context's default font description.
- *               This value must not be modified or freed.
+ * Return value: (transfer none) a pointer to the context's default font
+ *               description. This value must not be modified or freed.
  **/
 PangoFontDescription *
 pango_context_get_font_description (PangoContext *context)

Comment 2 Tony Houghton 2011-09-08 18:52:50 UTC

Unfortunately the gir parser doesn't seem to recognise that:

      <method name="get_font_description"
              c:identifier="pango_context_get_font_description">
        <doc xml:whitespace="preserve">Retrieve the default font description for the context.
description. This value must not be modified or freed.</doc>
        <return-value transfer-ownership="full">
          <doc xml:whitespace="preserve">(transfer none) a pointer to the context's default font</doc>
          <type name="FontDescription" c:type="PangoFontDescription*"/>
        </return-value>
      </method>

I noticed the similar pango_layout_get_font_description has transfer-ownership="none" and that has the G_CONST_RETURN attribute. Can that be added here without breaking other things? Or do I need a newer gir scanner?

Comment 3 Behdad Esfahbod 2011-09-08 18:56:03 UTC

My bad.  Need a colon after "(transfer none)".  Pushed fix.

Comment 4 Tony Houghton 2011-09-08 23:53:13 UTC

That seems to fix it for me, thanks.