GNOME Bugzilla – Bug 567792
gio.InputStream.read_async can cause memory corruption
Last modified: 2009-01-29 19:40:18 UTC
Pair _wrap_g_input_stream_read_async / async_result_callback_marshal_read uses different ways to allocate and free notify->buffer: g_malloc() and Py_DECREF. This can easily cause memory corruption. Fix follows.
Created attachment 126450 [details] [review] fix + more code cleanup This patch fixes the bug and additionally plugs a serious memory leak noticed by Gustavo: marshaller leaks objects when invoking callback. Additionally, this patch merges the two marshaller functions into one. I added another bunch of new functions too. Incorporating code into meaningful functions (even if trivial) is less prone to programming bugs.
Sending ChangeLog Sending gio/ginputstream.override Sending gio/gio.override Transmitting file data ... Committed revision 999. 2009-01-29 Paul Pogonyshev <pogonyshev@gmx.net> Bug 567792 – gio.InputStream.read_async can cause memory corruption * gio/gio.override (py_decref_callback): Remove (unused now). (pygio_notify_allocate_buffer, pygio_notify_attach_to_result) (pygio_notify_get_attached): New functions. (async_result_callback_marshal): Attach to the result object if asked and then don't free self. Fix reference leak (spotted by Gustavo). * gio/ginputstream.override (async_result_callback_marshal_read): Remove. Use new attachment functionality in async_result_callback_marshal() instead. (_wrap_g_input_stream_read_async): Use the new functions (also those mentioned in the cleanup log below). (_wrap_g_input_stream_read_finish): Use the new functions.