On Tue, Apr 12, 2005 at 11:41:23PM +0200, Michael Vogt wrote:
> I tried to reproduce the problem with the latest tla version of
> python-apt and it seems to work with it (at least I didn't managed to
> make it segfault). Could you verify this? The source is available via
> gnu arch (tla) at:
> http://people.debian.org/~mdz/arch/
> as
> apt@packages.debian.org/python-apt--main--0
>
> it also contains a implementation of many bits of the
> depcache. Looking over your example code it looks like it contains
> many bits that you may want (what version is the candidate, is it
> upgradable etc). See the doc/examples/depcache.py code for example
> usage. There is some work going on to improve python-apt, if you are
> interessted in helping/testing, please let me know :)
I haven't tried it, but looking at the source the problem is still
there. You allocate the object with CppPyObject_NEW, and deallocate
it with CppOwnedDealloc. Below is the code.
========= START =========
template <class T> struct CppPyObject : public PyObject
{
T Object;
};
template <class T> struct CppOwnedPyObject : public CppPyObject<T>
{
PyObject *Owner;
};
template <class T>
inline CppPyObject<T> *CppPyObject_NEW(PyTypeObject *Type)
{
CppPyObject<T> *New = PyObject_NEW(CppPyObject<T>,Type);
new (&New->Object) T;
return New;
}
template <class T>
void CppOwnedDealloc(PyObject *iObj)
{
CppOwnedPyObject<T> *Obj = (CppOwnedPyObject<T> *)iObj;
Obj->Object.~T();
if (Obj->Owner != 0)
Py_DECREF(Obj->Owner);
PyMem_DEL(Obj);
}
========= END =========
As you can see you're accessing Obj->Owner in CppOwnedDealloc, which was
never initialized. Since malloc (used somewhere in PyObject_NEW,
depending on some preprocessor defines) doesn't guarantee initialized
memory, you are accessing a random pointer, and then you Py_DECREF()
it. This may or may not segfault, depending on your luck.
So please apply my patch, or some variation thereof.
Cheers,
Greek0
Attachment:
signature.asc
Description: Digital signature