Memory Leak

[ghost]

There is a memory leak associated with events delivered
through the IConnectionPoint interface. The leak
occurs when a ByRef VARIANT parameter is passed
through the interface as an inout parameter.

The culprit appears to be oleargs.cpp, specifically the
routine PythonOleArgHelper::MakeObjToVariant, which
is called to replace the original VARIANT with the
returned one. In the case VT_VARIANT | VT_BYREF,
with bCreateBuffers as false, the routine calls
VariantClear(var), which only clears the referencing
VARIANT and not the referenced one. This call should
be VariantClear(V_VARIANTREF(var)), which will clear
memory held by the referenced VARIANT before the
subsequent call to PyCom_VariantFromPyObject
simply overwrites that VARIANT.

The code as written depends on V_VARIANTREF(var) to
remain valid after calling VariantClear(var), which seems
a dangerous assumption.

Note that this repair follows the same logic as is used in
the existing code for the VT_BSTR | VT_BYREF case,
in which SysFreeString(*V_BSTRREF(var)) is called, for
the reason that VariantClear(var) wouldn't free the
indirectly referenced BSTR.

Reported by: shacktoms

Original Ticket: "pywin32/bugs/17":https://sourceforge.net/p/pywin32/bugs/17

[ghost]

patch against rev 1.19 of oleargs.cpp

Original comment by: shacktoms

[ghost]

Logged In: YES
user_id=14198

Thanks! Looks right to me. I will check it in as soon as I
re-run all the tests.

Original comment by: mhammond

[ghost]

• labels: --> com
• assigned_to: nobody --> mhammond

Original comment by: mhammond

[ghost]

• status: open --> closed-fixed

Original comment by: mhammond

[ghost]

Logged In: YES
user_id=14198

Fixed in revision 1.21, so already in the latest win32all

Thanks

Original comment by: mhammond