After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 773250 - Don't free (transfer none) GValues when converting from Python
Don't free (transfer none) GValues when converting from Python
Status: RESOLVED OBSOLETE
Product: pygobject
Classification: Bindings
Component: introspection
unspecified
Other Linux
: Normal normal
: ---
Assigned To: Nobody's working on this now (help wanted and appreciated)
Python bindings maintainers
Depends on:
Blocks: 773254
 
 
Reported: 2016-10-20 07:23 UTC by Garrett Regier
Modified: 2018-01-10 20:56 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Don't free (transfer none) GValues when converting from Python (1.10 KB, patch)
2016-10-20 07:24 UTC, Garrett Regier 		none Details | Review

Description Garrett Regier 2016-10-20 07:23:42 UTC 
Otherwise the GValue will become invalid once the
called function returns.
Comment 1 Garrett Regier 2016-10-20 07:24:18 UTC 
Created attachment 338069 [details] [review]
Don't free (transfer none) GValues when converting from Python

Otherwise the GValue will become invalid once the called function returns.
Comment 2 Christoph Reiter (lazka) 2016-10-20 13:41:40 UTC 
Shouldn't it still be freed in case the passed in Python object is not a GValue and a temp GValue gets created?
Comment 3 Christian Hergert 2016-10-25 21:38:25 UTC 
(In reply to Christoph Reiter (lazka) from comment #2)
> Shouldn't it still be freed in case the passed in Python object is not a
> GValue and a temp GValue gets created?

copy_reference in pygi_arg_gvalue_from_py_marshal() will always be TRUE from what I can tell. Which would indicate to me that:

@ +120
> } else {
>     value = g_slice_new0 (GValue);
>     g_value_init (value, G_VALUE_TYPE (source_value));
>     g_value_copy (source_value, value);
> }

is all dead code.

There is still the second place where the local allocation occurs:

@ +126
> value = g_slice_new0 (GValue);
> g_value_init (value, object_type);
> if (pyg_value_from_pyobject (value, py_arg) < 0) {

and that does seem like it would be leaking to me.

What about adding an out parameter to arg_struct_from_py_marshal_adapter() that determines whether or not cleanup_data should be set to v_pointer?
Comment 4 Garrett Regier 2016-10-25 23:50:16 UTC 
(In reply to Christoph Reiter (lazka) from comment #2)
> Shouldn't it still be freed in case the passed in Python object is not a
> GValue and a temp GValue gets created?

The issue is that the GValue shouldn't be freed because the function is taking ownership of the GValue (newly created or not). However, I didn't check passing a GValue as I ran into another issue.

The issue I ran into is that (transfer full) on a GValue is fairly unsafe. This is due to the fact that GValue doesn't have a constructor which means it could be allocated with g_new() or g_slice_new(). Thus when the called function goes to cleanup the passed in GValue it could use g_free() or g_slice_free() and cause various issues.

This patch still avoids a double free bug (at least when passing a non-GValue), it would be good to add a test in GI and further investigate this issue.

Looking into the second issue it seems glib, gtk+ and lgi all use g_new() for allocating GValues so switching might be a good fix.
Comment 5 GNOME Infrastructure Team 2018-01-10 20:56:46 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/pygobject/issues/124.