Bug 707887 – Attempting to create GObject Property with underscore prefix segfaults

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 707887 - Attempting to create GObject Property with underscore prefix segfaults


Summary:	Attempting to create GObject Property with underscore prefix segfaults


Status:	RESOLVED FIXED

Product:	glib
Classification:	Platform
Component:	gobject
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-09-10 23:26 UTC by Simon Feltman
Modified:	2013-10-02 02:46 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Fix crashes in various GParamSpec creation functions (5.60 KB, patch) 2013-10-01 11:14 UTC, Simon Feltman	committed	Details \| Review

Description Simon Feltman 2013-09-10 23:26:51 UTC

Example:

from gi.repository import GObject
class O(GObject.Object):
    _value = GObject.Property(type=int)

./gi/_gobject/__init__.py:58: Warning: g_param_spec_internal: assertion '(name[0] >= 'A' && name[0] <= 'Z') || (name[0] >= 'a' && name[0] <= 'z')' failed
  _gobject.type_register(cls, namespace.get('__gtype_name__'))
Segmentation fault (core dumped)

This is most likely due to the prefixed underscore being translated into a hyphen which is not a valid property name. We should make sure this doesn't crash and perhaps give a nicer error back to Python.

Comment 1 Simon Feltman 2013-09-10 23:38:42 UTC

Moving to GLib. After debugging it looks like g_param_spec_int is not checking the results of g_param_spec_internal (which returns NULL for badly named properties).

https://git.gnome.org/browse/glib/tree/gobject/gparamspecs.c?id=2.37.7#n1731

I'm happy to submit a patch if others think a NULL check and return after the 
g_param_spec_internal seems right.

Comment 2 Allison Karlitskaya (desrt) 2013-10-01 08:35:11 UTC

A patch is welcome.

Please take care to look at the full range of types in gparamspecs.c -- just about every one of them is affected by the same issue.

I think the correct thing to do if you see NULL returned is just to return NULL immediately... the critical will already have been logged by _internal().

Thanks!

Comment 3 Simon Feltman 2013-10-01 11:14:36 UTC

Created attachment 256175 [details] [review]
Fix crashes in various GParamSpec creation functions

Add NULL check and return after calls to g_param_spec_internal in GParamSpec
creation functions. This avoids glib crashing due to things like badly named
properties.

Notes:
I verified this fixes things on the PyGObject side (PyGObject was already 
checking for NULL and raising an exception which we get in addition to the 
glib warning).
https://git.gnome.org/browse/pygobject/tree/gi/_gobject/gobjectmodule.c?id=3.10.0#n648

Comment 4 Colin Walters 2013-10-01 12:27:20 UTC

Review of attachment 256175 [details] [review]:

This looks safe.  But note that bindings should still ensure preconditions are met before invoking these functions.

Comment 5 Simon Feltman 2013-10-02 02:46:28 UTC

Attachment 256175 [details] pushed as 2f57139 - Fix crashes in various GParamSpec creation functions