You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a memory leak associated with events delivered
through the IConnectionPoint interface. The leak
occurs when a ByRef VARIANT parameter is passed
through the interface as an inout parameter.
The culprit appears to be oleargs.cpp, specifically the
routine PythonOleArgHelper::MakeObjToVariant, which
is called to replace the original VARIANT with the
returned one. In the case VT_VARIANT | VT_BYREF,
with bCreateBuffers as false, the routine calls
VariantClear(var), which only clears the referencing
VARIANT and not the referenced one. This call should
be VariantClear(V_VARIANTREF(var)), which will clear
memory held by the referenced VARIANT before the
subsequent call to PyCom_VariantFromPyObject
simply overwrites that VARIANT.
The code as written depends on V_VARIANTREF(var) to
remain valid after calling VariantClear(var), which seems
a dangerous assumption.
Note that this repair follows the same logic as is used in
the existing code for the VT_BSTR | VT_BYREF case,
in which SysFreeString(*V_BSTRREF(var)) is called, for
the reason that VariantClear(var) wouldn't free the
indirectly referenced BSTR.
There is a memory leak associated with events delivered
through the IConnectionPoint interface. The leak
occurs when a ByRef VARIANT parameter is passed
through the interface as an inout parameter.
The culprit appears to be oleargs.cpp, specifically the
routine PythonOleArgHelper::MakeObjToVariant, which
is called to replace the original VARIANT with the
returned one. In the case VT_VARIANT | VT_BYREF,
with bCreateBuffers as false, the routine calls
VariantClear(var), which only clears the referencing
VARIANT and not the referenced one. This call should
be VariantClear(V_VARIANTREF(var)), which will clear
memory held by the referenced VARIANT before the
subsequent call to PyCom_VariantFromPyObject
simply overwrites that VARIANT.
The code as written depends on V_VARIANTREF(var) to
remain valid after calling VariantClear(var), which seems
a dangerous assumption.
Note that this repair follows the same logic as is used in
the existing code for the VT_BSTR | VT_BYREF case,
in which SysFreeString(*V_BSTRREF(var)) is called, for
the reason that VariantClear(var) wouldn't free the
indirectly referenced BSTR.
Reported by: shacktoms
Original Ticket: "pywin32/bugs/17":https://sourceforge.net/p/pywin32/bugs/17
The text was updated successfully, but these errors were encountered: