GNOME Bugzilla – Bug 698829
help(gi.repository.Gtk) makes Python segfault
Last modified: 2013-04-25 12:54:41 UTC
Hi, as originally reported in [1], doing the following set of steps makes Python segfault: 1. python 2. >>> from gi.repository import Gtk 3. >>> help(Gtk) 4. press q I was able to reproduce this both on Python 2.7.3 and Python 2.7.4, which makes me think that the bug is in constructing corrupted help string in pygobject. The commit that introduces the bug seems to be [2]. Specifically, I'd say that the problematic function is "_g_arg_get_pytype_hint" from "pygi_info.c", which is now called when constructing help. The segfault doesn't seem to occur when I comment out "arg.get_pytype_hint()" call. I didn't manage to track the bug down completely, however. Reproduced with: Python 2.7.3 and Python 2.7.4 pygobject 3.8.1 Any chance someone make take a look at this? Thanks! [1] https://bugzilla.redhat.com/show_bug.cgi?id=955651 [2] https://git.gnome.org/browse/pygobject/commit/gi/types.py?id=13629f5a9c9a7022f3521a3616d9ce8fa4a6161b
Created attachment 242408 [details] [review] Test results of g_base_info_get_name for NULL Block against potential NULL result when generating type hint with _g_arg_get_pytype_hint.
Hi, I am unable to reproduce this in both Python 2.7.3 and Python 3.3. However, a quick review of the code reveals a potential safety problem with this line: https://git.gnome.org/browse/pygobject/tree/gi/pygi-info.c?id=3.8.0#n423 The docs specify g_base_info_get_name has the potential to return NULL: https://developer.gnome.org/gi/stable/gi-GIBaseInfo.html#g-base-info-get-name I've attached a patch and committed to both pygobject-3-8 and head, please give that a try.
That fixes the issue for me. Thank you!