I haven't looked into why, but my hope is that this makes tests
pass on travis-ci, so we have a starting point and can at least
catch regression in an automated fashion.
07c0b2e...
by
Mikhail Fludkov <email address hidden>
pygobject-object: fix memory corruption around list of closures
The memory corruption occurs because of the race while accessing
PyGObjectData->closures list.
Protect PyGObjectData->closures by GIL in pygobject_unwatch_closure.
Despite the fact that we don't call any Python API in the function. We use
GIL to be sure that PyGObjectData->closures list stays intact while
GC iterating the list inside pygobject_traverse. Otherwise we can
segfault while trying to call 'visit' function on an object that
was just freed in pygobject_unwatch_closure.
overrides: Fix Gtk.Adjustment.__init__ overrides not setting "value" sometimes. Fixes #151
Gtk.Adjustment allows passing positional arguments to __init__ which get
translated to a dict for passing to GObject.Object.__init__. In case of the
first argument "value", if "value" is passed before the upper and
lower bound to Object.__init__ it will be set to 0 instead.
In Python 2 this happened to work (at least on my machine) because
"value" got placed after the bounds (in terms of iteration order)
in the final dict value passed to Object.__init__.
To work around this, set "value" again after __init__().
A similar work around already exists when "value" is passed as a kwarg.
c682126...
by
Christoph Reiter <email address hidden>
version bump
55cb08b...
by
Christoph Reiter <email address hidden>
release 3.26.1
17b4ba8...
by
Christoph Reiter <email address hidden>
pygobject-object: Fix Python GC collecting a ref cycle too early
PyGObject traverses its closures in tp_traverse, but the lifetime of the closures
is tied to the lifetime of the GObject and not the wrapper. This confuses
the Python GC when it sees a ref cycle and tries to break it up with tp_clear.
Since tp_clear will not invalidate the closure and only invalidate the Python
wrapper the closure callback gets called with the now cleared/invalid object.
Instead let the GC only check the Python objects referenced by the closure when tp_clear
would actually free them and as a result break the cycle. This is only the case when
the wrapped object would be freed by tp_clear which is when its reference count is at 1.
Fix potential uninitialized memory access during GC
We use _PyGIDefaultArgPlaceholder as a sentinel value to represent default
values during function argument list construction. Right now, it's a Python
type object. We make it using PyObject_New, so most of its fields end up
uninitialized. The object body being uninitialized wouldn't be a problem if
the placeholder object were unreachable, but the object *can* be reached
during GC by traversal through frame objects.
Depending on the exact contents of the uninitialized memory, the GC can go on
to cause other kinds of memory corruption through the process.
IMHO, the easiest fix for this problem is to just make the placeholder a
simpler data structure, like a list.
Add a flags type which has a value with the highes bit set
and fits in an int. While the C type is a signed int, the type
is registered as flags, which GI interprets as unsigned.
44a8521...
by
Philippe Renon <email address hidden>
fix potential overflow when marshalling flags from py interface
the overflow happens on windows platforms when an unsigned
flags value overflows the capacity of a signed long
on windows long is a 32-bit signed integer.
