[issue10181] Problems with Py_buffer management in memoryobject.c (and elsewhere?)

Mark Dickinson report at bugs.python.org
Fri Jan 7 11:41:15 CET 2011


Mark Dickinson <dickinsm at gmail.com> added the comment:

> by the time the relevant C stack frame goes away, ReleaseBuffer should 
> already have been called.

Hmm. I'm not sure I understand how/when that would happen.  Looking at the current py3k code, in Objects/memoryobject.c at line 92, we have:

PyObject *
PyMemoryView_FromObject(PyObject *base)
{
    PyMemoryViewObject *mview;
    Py_buffer view;

    if (!PyObject_CheckBuffer(base)) {
        PyErr_SetString(PyExc_TypeError,
            "cannot make memory view because object does "
            "not have the buffer interface");
        return NULL;
    }

    if (PyObject_GetBuffer(base, &view, PyBUF_FULL_RO) < 0)
        return NULL;

    mview = (PyMemoryViewObject *)PyMemoryView_FromBuffer(&view);
    if (mview == NULL) {
        PyBuffer_Release(&view);
        return NULL;
    }

    return (PyObject *)mview;
}

So here 'view' is being allocated on the stack, and its address passed to PyObject_GetBuffer;  PyBuffer_Release isn't called (except when an error happens) before the function exits and the stack frame becomes invalid.

Sorry for the odd questions;  it's clear to me that I'm misunderstanding something fundamental, but I'm struggling to figure out what.

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue10181>
_______________________________________


More information about the Python-bugs-list mailing list