[pygobject] Fix invalid read error in argument cleanup code

[Simon Feltman <sfeltman src gnome org>]

commit 6181f724bc2c6ea30194c961cb15b2c543a48f95
Author: Simon Feltman <sfeltman src gnome org>
Date:   Wed Sep 10 19:06:35 2014 -0700

    Fix invalid read error in argument cleanup code
    
    Always set initial length argument index for arrays to -1. Ensure we don't
    attempt retrieving Python cleanup arguments until we know it is valid.
    This was causing an invalid read in test_gi.TestArray.test_array_out()

 gi/pygi-array.c           |    1 +
 gi/pygi-marshal-cleanup.c |   13 ++++++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)
---
diff --git a/gi/pygi-array.c b/gi/pygi-array.c
index 4cfbd17..e2598cd 100644
--- a/gi/pygi-array.c
+++ b/gi/pygi-array.c
@@ -803,6 +803,7 @@ pygi_arg_garray_len_arg_setup (PyGIArgCache *arg_cache,
         child_cache->direction = direction;
         child_cache->to_py_marshaller = _pygi_marshal_to_py_basic_type_cache_adapter;
         child_cache->from_py_marshaller = _pygi_marshal_from_py_basic_type_cache_adapter;
+        child_cache->py_arg_index = -1;
 
         /* ugly edge case code:
          *
diff --git a/gi/pygi-marshal-cleanup.c b/gi/pygi-marshal-cleanup.c
index 4ba6159..b0ec05a 100644
--- a/gi/pygi-marshal-cleanup.c
+++ b/gi/pygi-marshal-cleanup.c
@@ -95,8 +95,6 @@ pygi_marshal_cleanup_args_from_py_marshal_success (PyGIInvokeState   *state,
     for (i = 0; i < _pygi_callable_cache_args_len (cache); i++) {
         PyGIArgCache *arg_cache = _pygi_callable_cache_get_arg (cache, i);
         PyGIMarshalCleanupFunc cleanup_func = arg_cache->from_py_cleanup;
-        PyObject *py_arg = PyTuple_GET_ITEM (state->py_in_args,
-                                             arg_cache->py_arg_index);
         gpointer cleanup_data = state->args_cleanup_data[i];
 
         /* Only cleanup using args_cleanup_data when available.
@@ -105,8 +103,9 @@ pygi_marshal_cleanup_args_from_py_marshal_success (PyGIInvokeState   *state,
          * PyGIInvokeState.args_cleanup_data stores this data (via _invoke_marshal_in_args)
          * for the duration of the invoke up until this point.
          */
-        if (cleanup_func && cleanup_data != NULL &&
+        if (cleanup_func && cleanup_data != NULL && arg_cache->py_arg_index >= 0 &&
                 arg_cache->direction & PYGI_DIRECTION_FROM_PYTHON) {
+            PyObject *py_arg = PyTuple_GET_ITEM (state->py_in_args, arg_cache->py_arg_index);
             cleanup_func (state, arg_cache, py_arg, cleanup_data, TRUE);
             state->args_cleanup_data[i] = NULL;
         }
@@ -167,8 +166,12 @@ pygi_marshal_cleanup_args_from_py_parameter_fail (PyGIInvokeState   *state,
         PyGIArgCache *arg_cache = _pygi_callable_cache_get_arg (cache, i);
         PyGIMarshalCleanupFunc cleanup_func = arg_cache->from_py_cleanup;
         gpointer cleanup_data = state->args_cleanup_data[i];
-        PyObject *py_arg = PyTuple_GET_ITEM (state->py_in_args,
-                                             arg_cache->py_arg_index);
+        PyObject *py_arg = NULL;
+
+        if (arg_cache->py_arg_index < 0) {
+            continue;
+        }
+        py_arg = PyTuple_GET_ITEM (state->py_in_args, arg_cache->py_arg_index);
 
         if (cleanup_func && cleanup_data != NULL &&
                 arg_cache->direction == PYGI_DIRECTION_FROM_PYTHON) {