[Matrix-SIG] Bug(s) in Numeric
Peter Craig
p.s.craig@durham.ac.uk
Fri, 24 Sep 1999 16:49:57 +0100
This is a multi-part message in MIME format.
--------------67510CF3F1534029D986A5E6
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Greetings all,
I have finally found two bugs in the Numeric extension which for some
time have been causing occasional segmentation faults in a fairly
heavily used piece of software in my department. I attach a patch for
arrayobject.c from LLNLDistribution11 which fixes both bugs.
Note that these bugs affect only programs using the facility to process
arrays of arbitrary python objects. Arrays of integers, floating point
and strings are not affected.
The bug in both cases is that a pointer from malloc is being incremented
before the call to free!
Cheers,
Peter Craig
--------------67510CF3F1534029D986A5E6
Content-Type: text/plain; charset=us-ascii;
name="patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="patch"
--- arrayobject.c.dist Fri Apr 2 01:14:45 1999
+++ arrayobject.c Fri Sep 24 16:15:28 1999
@@ -159,7 +159,7 @@
/* every python object in the array. */
extern int PyArray_INCREF(PyArrayObject *mp) {
int i, n;
- PyObject **data;
+ PyObject **data, **data2;
if (mp->descr->type_num != PyArray_OBJECT) return 0;
@@ -170,16 +170,17 @@
}
n = SIZE(mp);
+ data2 = data;
for(i=0; i<n; i++, data++) Py_XINCREF(*data);
- if (!ISCONTIGUOUS(mp)) free(data);
+ if (!ISCONTIGUOUS(mp)) free(data2);
return 0;
}
extern int PyArray_XDECREF(PyArrayObject *mp) {
int i, n;
- PyObject **data;
+ PyObject **data, **data2;
if (mp->descr->type_num != PyArray_OBJECT) return 0;
@@ -190,9 +191,10 @@
}
n = SIZE(mp);
+ data2 = data;
for(i=0; i<n; i++, data++) Py_XDECREF(*data);
- if (!ISCONTIGUOUS(mp)) free(data);
+ if (!ISCONTIGUOUS(mp)) free(data2);
return 0;
}
--------------67510CF3F1534029D986A5E6--