[pygobject/pygobject-3-26] Fix potential uninitialized memory access during GC



commit b4bf1b9d936e021b1645c069c2e0a3062cfab62b
Author: Daniel Colascione <dancol dancol org>
Date:   Tue Oct 24 14:42:43 2017 +0200

    Fix potential uninitialized memory access during GC
    
    We use _PyGIDefaultArgPlaceholder as a sentinel value to represent default
    values during function argument list construction. Right now, it's a Python
    type object. We make it using PyObject_New, so most of its fields end up
    uninitialized. The object body being uninitialized wouldn't be a problem if
    the placeholder object were unreachable, but the object *can* be reached
    during GC by traversal through frame objects.
    
    Depending on the exact contents of the uninitialized memory, the GC can go on
    to cause other kinds of memory corruption through the process.
    
    IMHO, the easiest fix for this problem is to just make the placeholder a
    simpler data structure, like a list.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=786872

 gi/gimodule.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/gi/gimodule.c b/gi/gimodule.c
index e14b4f6..5f8853c 100644
--- a/gi/gimodule.c
+++ b/gi/gimodule.c
@@ -730,7 +730,7 @@ PYGLIB_MODULE_START(_gi, "_gi")
     /* Place holder object used to fill in "from Python" argument lists
      * for values not supplied by the caller but support a GI default.
      */
-    _PyGIDefaultArgPlaceholder = PyObject_New(PyObject, &PyType_Type);
+    _PyGIDefaultArgPlaceholder = PyList_New(0);
 
     Py_INCREF (PyGIWarning);
     PyModule_AddObject (module, "PyGIWarning", PyGIWarning);


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]