MemoryView_FromObject crashes if PyBuffer_GetBuffer fails #51634

pv · 2009-11-23T22:07:06Z

BPO	7385
Nosy	@pitrou, @pv, @florentx
Files	issue7385_memoryview_v2.diff: Patch, apply to trunk

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/pitrou'
closed_at = <Date 2010-02-02.22:52:10.885>
created_at = <Date 2009-11-23.22:07:06.075>
labels = ['interpreter-core', 'type-crash']
title = 'MemoryView_FromObject crashes if PyBuffer_GetBuffer fails'
updated_at = <Date 2010-02-02.22:52:10.884>
user = 'https://github.com/pv'

bugs.python.org fields:

activity = <Date 2010-02-02.22:52:10.884>
actor = 'pitrou'
assignee = 'pitrou'
closed = True
closed_date = <Date 2010-02-02.22:52:10.885>
closer = 'pitrou'
components = ['Interpreter Core']
creation = <Date 2009-11-23.22:07:06.075>
creator = 'pv'
dependencies = []
files = ['16112']
hgrepos = []
issue_num = 7385
keywords = ['patch']
message_count = 8.0
messages = ['95660', '95962', '98578', '98583', '98755', '98759', '98761', '98767']
nosy_count = 3.0
nosy_names = ['pitrou', 'pv', 'flox']
pr_nums = []
priority = 'high'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'crash'
url = 'https://bugs.python.org/issue7385'
versions = ['Python 3.1', 'Python 2.7', 'Python 3.2']

pv · 2009-11-23T22:07:06Z

In Objects/memoryobject.c:PyMemoryView_FromObject there's a
_PyObject_GC_UNTRACK unpaired with corresponding _PyObject_GC_TRACK,
which seems to cause a segmentation fault. This can be triggered by
calling PyMemoryView_FromObject on an object whose bf_getbuffer returns
an error.

PyMemoryView_FromObject(PyObject *base) {
   ...
   if (PyObject_GetBuffer(base, &(mview->view), PyBUF_FULL_RO) < 0) {
       Py_DECREF(mview);
       return NULL;
   } 
   ...
   _PyObject_GC_TRACK(mview);
}
...
static void memory_dealloc(PyMemoryViewObject *self) {
   _PyObject_GC_UNTRACK(self); 
   ....
}

pitrou · 2009-12-04T13:31:50Z

Nice catch. I wonder whether there's a simple way of cooking up an unit
test for this (short of creating a new extension type).

florentx · 2010-01-30T22:39:01Z

Proposed test and fix.
Please comment, there's probably room for improvement.

florentx · 2010-01-30T23:53:02Z

Removed /* XXX */ code

pitrou · 2010-02-02T19:39:47Z

When PyMemoryView_FromObject() doesn't return NULL, you should decref the result. Otherwise, it's "perfect".

florentx · 2010-02-02T22:16:29Z

Thanks.

pitrou · 2010-02-02T22:36:48Z

I've added a missing call to PyBuffer_Release() and committed the patch to trunk (r77916).

pitrou · 2010-02-02T22:52:11Z

Merged in r77918 (py3k) and r77920 (3.1).

pv mannequin added the interpreter-core (Objects, Python, Grammar, and Parser dirs) label Nov 23, 2009

pv mannequin added the type-crash A hard crash of the interpreter, possibly with a core dump label Dec 3, 2009

pitrou self-assigned this Dec 4, 2009

pitrou closed this as completed Feb 2, 2010

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MemoryView_FromObject crashes if PyBuffer_GetBuffer fails #51634

MemoryView_FromObject crashes if PyBuffer_GetBuffer fails #51634

pv mannequin commented Nov 23, 2009

pv mannequin commented Nov 23, 2009

pitrou commented Dec 4, 2009

florentx mannequin commented Jan 30, 2010

florentx mannequin commented Jan 30, 2010

pitrou commented Feb 2, 2010

florentx mannequin commented Feb 2, 2010

pitrou commented Feb 2, 2010

pitrou commented Feb 2, 2010

MemoryView_FromObject crashes if PyBuffer_GetBuffer fails #51634

MemoryView_FromObject crashes if PyBuffer_GetBuffer fails #51634

Comments

pv mannequin commented Nov 23, 2009

pv mannequin commented Nov 23, 2009

pitrou commented Dec 4, 2009

florentx mannequin commented Jan 30, 2010

florentx mannequin commented Jan 30, 2010

pitrou commented Feb 2, 2010

florentx mannequin commented Feb 2, 2010

pitrou commented Feb 2, 2010

pitrou commented Feb 2, 2010