[Python-bugs-list] [Bug #116405] Bug in buffer interface

noreply@sourceforge.net noreply@sourceforge.net
Thu, 12 Oct 2000 09:17:20 -0700 

Bug #116405, was updated on 2000-Oct-09 02:25
Here is a current snapshot of the bug.

Project: Python
Category: Core
Status: Closed
Resolution: Later
Bug Group: Feature Request
Priority: 5
Summary: Bug in buffer interface

Details: Consider the following code:

PyObject *base = PyBuffer_New(100);
PyObject *buffer = PyBuffer_FromObject(base);
Py_DECREF(base);

After this code is executed,
buffer points to deallocated memory (because
buffer does not hold a reference to base anymore).


Follow-Ups:

Date: 2000-Oct-09 05:48
By: gvanrossum

Comment:
Do you know the old joke that begins with "Doctor, it hurts if I do this..." ?

That code is broken.
-------------------------------------------------------

Date: 2000-Oct-09 05:57
By: theller

Comment:
I know this joke, but it really won't help me.
Are we NOT going to fix this?
How can I use the buffer interface?
-------------------------------------------------------

Date: 2000-Oct-09 06:23
By: gvanrossum

Comment:
Make sure the base stays alive as long as the buffer. The buffer is for advanced uses -- I have a feeling you don't know what it is for and are trying to use it to solve something it isn't intended to solve.

In any case this is not a topic for a bug report.
-------------------------------------------------------

Date: 2000-Oct-09 07:13
By: gvanrossum

Comment:
Reopened.

In private mail, Thomas explained things better. The missing arguments to PyBuffer_FromObject() were a typo in the bug report. The real problem is that the base is already a buffer object!  Thomas writes:

The problem is the following piece of code in bufferobject.c:,
function _PyBuffer_FromObject:

 /* if the base object is another buffer, then "deref" it */
 if ( PyBuffer_Check(base) )
  base = ((PyBufferObject *)base)->b_base;

 return _PyBuffer_FromMemory(base, (char *)p + offset, size, readonly);
}

which should be changed to (IMO)

 /* if the base object is another buffer, then "deref" it */
 if ( PyBuffer_Check(base) && ((PyBufferObject *)base->b_base)
  base = ((PyBufferObject *)base)->b_base;

 return _PyBuffer_FromMemory(base, (char *)p + offset, size, readonly);
}

If base is an object which had been created by PyBuffer_New(),
then its b_base is NULL, and in this case the newly created object
MUST keep the reference to base itself, and not base->b_base.

-------------------------------------------------------

Date: 2000-Oct-12 09:17
By: gvanrossum

Comment:
Added to PEP-42.
-------------------------------------------------------

For detailed info, follow this link:
http://sourceforge.net/bugs/?func=detailbug&bug_id=116405&group_id=5470