[Python-bugs-list] [ python-Bugs-216405 ] Bug in buffer interface

noreply@sourceforge.net noreply@sourceforge.net
Fri, 19 Oct 2001 06:53:22 -0700 

Bugs item #216405, was opened at 2000-10-09 02:25
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=216405&group_id=5470

Category: Python Interpreter Core
Group: Feature Request
Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Thomas Heller (theller)
Assigned to: Guido van Rossum (gvanrossum)
Summary: Bug in buffer interface

Initial Comment:
Consider the following code:

PyObject *base = PyBuffer_New(100);
PyObject *buffer = PyBuffer_FromObject(base);
Py_DECREF(base);

After this code is executed,
buffer points to deallocated memory (because
buffer does not hold a reference to base anymore).


----------------------------------------------------------------------

>Comment By: Thomas Heller (theller)
Date: 2001-10-19 06:53

Message:
Logged In: YES 
user_id=11105

Fixed in Python 2.2b2

----------------------------------------------------------------------

Comment By: Guido van Rossum (gvanrossum)
Date: 2000-10-12 09:17

Message:
Added to PEP-42.

----------------------------------------------------------------------

Comment By: Guido van Rossum (gvanrossum)
Date: 2000-10-09 07:13

Message:
Reopened.

In private mail, Thomas explained things better. The missing arguments to PyBuffer_FromObject() were a typo in the bug report. The real problem is that the base is already a buffer object!  Thomas writes:

The problem is the following piece of code in bufferobject.c:,
function _PyBuffer_FromObject:

 /* if the base object is another buffer, then "deref" it */
 if ( PyBuffer_Check(base) )
  base = ((PyBufferObject *)base)->b_base;

 return _PyBuffer_FromMemory(base, (char *)p + offset, size, readonly);
}

which should be changed to (IMO)

 /* if the base object is another buffer, then "deref" it */
 if ( PyBuffer_Check(base) && ((PyBufferObject *)base->b_base)
  base = ((PyBufferObject *)base)->b_base;

 return _PyBuffer_FromMemory(base, (char *)p + offset, size, readonly);
}

If base is an object which had been created by PyBuffer_New(),
then its b_base is NULL, and in this case the newly created object
MUST keep the reference to base itself, and not base->b_base.


----------------------------------------------------------------------

Comment By: Guido van Rossum (gvanrossum)
Date: 2000-10-09 06:23

Message:
Make sure the base stays alive as long as the buffer. The buffer is for advanced uses -- I have a feeling you don't know what it is for and are trying to use it to solve something it isn't intended to solve.

In any case this is not a topic for a bug report.

----------------------------------------------------------------------

Comment By: Thomas Heller (theller)
Date: 2000-10-09 05:57

Message:
I know this joke, but it really won't help me.
Are we NOT going to fix this?
How can I use the buffer interface?

----------------------------------------------------------------------

Comment By: Guido van Rossum (gvanrossum)
Date: 2000-10-09 05:48

Message:
Do you know the old joke that begins with "Doctor, it hurts if I do this..." ?

That code is broken.

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=216405&group_id=5470