After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 567792 - gio.InputStream.read_async can cause memory corruption
gio.InputStream.read_async can cause memory corruption
Status: RESOLVED FIXED
Product: pygobject
Classification: Bindings
Component: gio
Git master
Other All
: Normal major
: ---
Assigned To: Nobody's working on this now (help wanted and appreciated)
Python bindings maintainers
Depends on:
Blocks:
 
 
Reported: 2009-01-14 19:50 UTC by Paul Pogonyshev
Modified: 2009-01-29 19:40 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
fix + more code cleanup (7.82 KB, patch)
2009-01-14 19:54 UTC, Paul Pogonyshev
committed Details | Review

Description Paul Pogonyshev 2009-01-14 19:50:52 UTC
Pair _wrap_g_input_stream_read_async / async_result_callback_marshal_read uses different ways to allocate and free notify->buffer: g_malloc() and Py_DECREF.  This can easily cause memory corruption.

Fix follows.
Comment 1 Paul Pogonyshev 2009-01-14 19:54:42 UTC
Created attachment 126450 [details] [review]
fix + more code cleanup

This patch fixes the bug and additionally plugs a serious memory leak noticed by Gustavo: marshaller leaks objects when invoking callback.  Additionally, this patch merges the two marshaller functions into one.  I added another bunch of new functions too.  Incorporating code into meaningful functions (even if trivial) is less prone to programming bugs.
Comment 2 Paul Pogonyshev 2009-01-29 19:40:18 UTC
Sending        ChangeLog
Sending        gio/ginputstream.override
Sending        gio/gio.override
Transmitting file data ...
Committed revision 999.


2009-01-29  Paul Pogonyshev  <pogonyshev@gmx.net>

	Bug 567792 – gio.InputStream.read_async can cause memory
	corruption

	* gio/gio.override (py_decref_callback): Remove (unused now).
	(pygio_notify_allocate_buffer, pygio_notify_attach_to_result)
	(pygio_notify_get_attached): New functions.
	(async_result_callback_marshal): Attach to the result object if
	asked and then don't free self.  Fix reference leak (spotted by
	Gustavo).

	* gio/ginputstream.override (async_result_callback_marshal_read):
	Remove.  Use new attachment functionality in
	async_result_callback_marshal() instead.
	(_wrap_g_input_stream_read_async): Use the new functions (also
	those mentioned in the cleanup log below).
	(_wrap_g_input_stream_read_finish): Use the new functions.