[issue10181] Problems with Py_buffer management in memoryobject.c (and elsewhere?)
Mark Dickinson
report at bugs.python.org
Fri Jan 7 11:41:15 CET 2011
Mark Dickinson <dickinsm at gmail.com> added the comment:
> by the time the relevant C stack frame goes away, ReleaseBuffer should
> already have been called.
Hmm. I'm not sure I understand how/when that would happen. Looking at the current py3k code, in Objects/memoryobject.c at line 92, we have:
PyObject *
PyMemoryView_FromObject(PyObject *base)
{
PyMemoryViewObject *mview;
Py_buffer view;
if (!PyObject_CheckBuffer(base)) {
PyErr_SetString(PyExc_TypeError,
"cannot make memory view because object does "
"not have the buffer interface");
return NULL;
}
if (PyObject_GetBuffer(base, &view, PyBUF_FULL_RO) < 0)
return NULL;
mview = (PyMemoryViewObject *)PyMemoryView_FromBuffer(&view);
if (mview == NULL) {
PyBuffer_Release(&view);
return NULL;
}
return (PyObject *)mview;
}
So here 'view' is being allocated on the stack, and its address passed to PyObject_GetBuffer; PyBuffer_Release isn't called (except when an error happens) before the function exits and the stack frame becomes invalid.
Sorry for the odd questions; it's clear to me that I'm misunderstanding something fundamental, but I'm struggling to figure out what.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue10181>
_______________________________________
More information about the Python-bugs-list
mailing list