[Python-bugs-list] [Bug #116405] Bug in buffer interface
noreply@sourceforge.net
noreply@sourceforge.net
Thu, 12 Oct 2000 09:17:20 -0700
Bug #116405, was updated on 2000-Oct-09 02:25
Here is a current snapshot of the bug.
Project: Python
Category: Core
Status: Closed
Resolution: Later
Bug Group: Feature Request
Priority: 5
Summary: Bug in buffer interface
Details: Consider the following code:
PyObject *base = PyBuffer_New(100);
PyObject *buffer = PyBuffer_FromObject(base);
Py_DECREF(base);
After this code is executed,
buffer points to deallocated memory (because
buffer does not hold a reference to base anymore).
Follow-Ups:
Date: 2000-Oct-09 05:48
By: gvanrossum
Comment:
Do you know the old joke that begins with "Doctor, it hurts if I do this..." ?
That code is broken.
-------------------------------------------------------
Date: 2000-Oct-09 05:57
By: theller
Comment:
I know this joke, but it really won't help me.
Are we NOT going to fix this?
How can I use the buffer interface?
-------------------------------------------------------
Date: 2000-Oct-09 06:23
By: gvanrossum
Comment:
Make sure the base stays alive as long as the buffer. The buffer is for advanced uses -- I have a feeling you don't know what it is for and are trying to use it to solve something it isn't intended to solve.
In any case this is not a topic for a bug report.
-------------------------------------------------------
Date: 2000-Oct-09 07:13
By: gvanrossum
Comment:
Reopened.
In private mail, Thomas explained things better. The missing arguments to PyBuffer_FromObject() were a typo in the bug report. The real problem is that the base is already a buffer object! Thomas writes:
The problem is the following piece of code in bufferobject.c:,
function _PyBuffer_FromObject:
/* if the base object is another buffer, then "deref" it */
if ( PyBuffer_Check(base) )
base = ((PyBufferObject *)base)->b_base;
return _PyBuffer_FromMemory(base, (char *)p + offset, size, readonly);
}
which should be changed to (IMO)
/* if the base object is another buffer, then "deref" it */
if ( PyBuffer_Check(base) && ((PyBufferObject *)base->b_base)
base = ((PyBufferObject *)base)->b_base;
return _PyBuffer_FromMemory(base, (char *)p + offset, size, readonly);
}
If base is an object which had been created by PyBuffer_New(),
then its b_base is NULL, and in this case the newly created object
MUST keep the reference to base itself, and not base->b_base.
-------------------------------------------------------
Date: 2000-Oct-12 09:17
By: gvanrossum
Comment:
Added to PEP-42.
-------------------------------------------------------
For detailed info, follow this link:
http://sourceforge.net/bugs/?func=detailbug&bug_id=116405&group_id=5470