GNOME Bugzilla – Bug 672889
GLib.utf8_validate does segfault
Last modified: 2015-02-07 16:58:07 UTC
Created attachment 210669 [details] trace for segfault for utf8_validate Trying to utf8 validate a string with the dynamic bindings does cause a segfault (attached is the trace): {{{ from gi.repository import GLib st = 'hallo' GLib.utf8_validate(st, len(st)) }}} Same is true when passing '-1' as max_len [1]. The C code does handle it fine. Gjs does fail as well with a segfault: {{{ const GLib = imports.gi.GLib; GLib.utf8_validate('hallo', -1); }}} There has been one annotation fix in glib more recently [2]. [1] http://developer.gnome.org/glib/2.30/glib-Unicode-Manipulation.html#g-utf8-validate [2] http://git.gnome.org/browse/glib/commit/?id=82a0733751b2dc3306e7dcf76358621eaea02bcb
I confirm this. It seems to happen in the result unmarshalling:
+ Trace 229959
It detected a "glibc", which explains why it crashed. (I still chuckle every time I see this..). I'll have a look at this.
It crashes in if (arg_cache->transfer == GI_TRANSFER_EVERYTHING) g_free (data); in _pygi_marshal_cleanup_to_py_utf8(), when trying to free the "end" out argument. I think what's missing here is a (transfer none) annotation, as the "end" argument is a bit special here: it's not a "classic" out argument which gets allocated by the called function, but merely points into one of its input arguments. As per https://live.gnome.org/GObjectIntrospection/Annotations#Default_Annotations (out) arguments are "transfer full" by default, so we need to annotate it explicitly.
Created attachment 210683 [details] [review] Fix g_utf8_validate() out argument transfer mode With this patch, and refreshing g-i the call now works better: $ jhbuild run python -c 'from gi.repository import GLib; st = "hallo"; print GLib.utf8_validate(st, len(st))' (True, '') In the "invalid UTF-8" case the result is still weird, though: $ jhbuild run python -c 'from gi.repository import GLib; st = b"a\xFF"; print GLib.utf8_validate(st, len(st))' (False, '^G\x02') The returned result is obviously a random piece of memory, so that part could still be a pygobject bug. But at least this fixes the crash in Python and JavaScript.
Review of attachment 210683 [details] [review]: looks okay to me
With 2.32 being out, I guess glib master is unfrozen again and I can push this?
Comment on attachment 210683 [details] [review] Fix g_utf8_validate() out argument transfer mode This got committed a while ago.
You sure this got commited? I'm still crashing in Python with glib and pygobject built with jhbuild.
Erk, indeed. I pushed it to trunk now.
[Mass-moving gobject-introspection tickets to its own Bugzilla product - see bug 708029. Mass-filter your bugmail for this message: introspection20150207 ]