win32all140 - PyOVERLAPPED does a bad INCREF past end of struct

Alan Klietz alank at NOSPAM.com
Sun Jan 6 19:05:13 EST 2002 

The PyOVERLAPPED object wraps the OVERLAPPED struct for asynchronous I/O.
It appends an extra member, obState, to allow the user to track Python state
during the I/O transfer.  However this extra member is never initialized, so
the INCREF creates a bogus object that later can trash the heap.

*** OLD\PyOVERLAPPED.cpp Thu Jun 21 02:05:56 2001
--- PyOVERLAPPED.cpp Sun Jan 06 23:57:58 2002
***************
*** 83,100 ****
   ob_type = &PyOVERLAPPEDType;
   _Py_NewReference(this);
   memset(&m_overlapped, 0, sizeof(m_overlapped));
   m_obHandle = NULL;
  }

! PyOVERLAPPED::PyOVERLAPPED(const sMyOverlapped *pO)
  {
   ob_type = &PyOVERLAPPEDType;
   _Py_NewReference(this);
!  m_overlapped = *pO;
!  Py_XINCREF(m_overlapped.obState);
   m_obHandle = NULL;
  }

  PyOVERLAPPED::~PyOVERLAPPED(void)
  {
   Py_XDECREF(m_obHandle);
--- 83,103 ----
   ob_type = &PyOVERLAPPEDType;
   _Py_NewReference(this);
   memset(&m_overlapped, 0, sizeof(m_overlapped));
   m_obHandle = NULL;
  }

! //PyOVERLAPPED::PyOVERLAPPED(const sMyOverlapped *pO)
! PyOVERLAPPED::PyOVERLAPPED(const OVERLAPPED *pO) // AEK
  {
   ob_type = &PyOVERLAPPEDType;
   _Py_NewReference(this);
!  //m_overlapped = *pO;  // BUG: copy past end of OVERLAPPED struct! - AEK
!  *(OVERLAPPED*)&m_overlapped = *pO; // AEK
!  //Py_XINCREF(m_overlapped.obState);  // BUG: not initialized! - AEK
!  m_overlapped.obState = NULL; // AEK
   m_obHandle = NULL;
  }

  PyOVERLAPPED::~PyOVERLAPPED(void)
  {
   Py_XDECREF(m_obHandle);


*** OLD\PyWinObjects.h Thu Jun 21 02:05:57 2001
--- PyWinObjects.h Sun Jan 06 23:50:19 2002
***************
*** 130,140 ****
  {
  public:
   OVERLAPPED *GetOverlapped() {return &m_overlapped;}

   PyOVERLAPPED(void);
!  PyOVERLAPPED(const sMyOverlapped *);
   ~PyOVERLAPPED();

   /* Python support */
   int compare(PyObject *ob);

--- 130,141 ----
  {
  public:
   OVERLAPPED *GetOverlapped() {return &m_overlapped;}

   PyOVERLAPPED(void);
!  //PyOVERLAPPED(const sMyOverlapped *);
!  PyOVERLAPPED(const OVERLAPPED *); // AEK
   ~PyOVERLAPPED();

   /* Python support */
   int compare(PyObject *ob);


Regards,
Alan Klietz
alank at algintech.NOSPAM.com  (remove .NOSPAM)

More information about the Python-list mailing list