[New-bugs-announce] [issue9990] PyMemoryView_FromObject alters the Py_buffer after calling PyObject_GetBuffer when ndim 1
Lenard Lindstrom
report at bugs.python.org
Wed Sep 29 21:03:38 CEST 2010
New submission from Lenard Lindstrom <len-l at telus.net>:
If an exporter returns a Py_buffer with ndim 1, PyMemoryView_FromObject changes the shape and strides pointer fields to point to a local Py_buffer array field. This array field is undocumented. Any heap memory these pointers reference is lost. Should the exporter's bf_releasebuffer later try and free the memory, the Python interpreter may segfault.
Attached is a demonstration program. Its output is:
Accessing buffer directly...
Accessing buffer through a memory view...
* View->shape has changed.
Done.
where the third line shows bf_releasebuffer has detected a changed pointer.
----------
components: Interpreter Core
files: bufrel.c.gz
messages: 117644
nosy: kermode
priority: normal
severity: normal
status: open
title: PyMemoryView_FromObject alters the Py_buffer after calling PyObject_GetBuffer when ndim 1
type: crash
versions: Python 3.2
Added file: http://bugs.python.org/file19060/bufrel.c.gz
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9990>
_______________________________________
More information about the New-bugs-announce
mailing list