[Python-checkins] r58387 - in python/branches/release25-maint: Lib/bsddb/test/test_misc.py Modules/_bsddb.c

gregory.p.smith python-checkins at python.org
Tue Oct 9 09:25:25 CEST 2007 

Author: gregory.p.smith
Date: Tue Oct  9 09:25:24 2007
New Revision: 58387

Modified:
   python/branches/release25-maint/Lib/bsddb/test/test_misc.py
   python/branches/release25-maint/Modules/_bsddb.c
Log:
Backport 58385 from trunk: fix a double free bug in the _bsddb module
on DBCursor.get (and a friends) when passing in a string key.


Modified: python/branches/release25-maint/Lib/bsddb/test/test_misc.py
==============================================================================
--- python/branches/release25-maint/Lib/bsddb/test/test_misc.py	(original)
+++ python/branches/release25-maint/Lib/bsddb/test/test_misc.py	Tue Oct  9 09:25:24 2007
@@ -52,6 +52,26 @@
         rp = repr(db)
         self.assertEquals(rp, "{}")
 
+    # http://sourceforge.net/tracker/index.php?func=detail&aid=1708868&group_id=13900&atid=313900
+    #
+    # See the bug report for details.
+    #
+    # The problem was that make_key_dbt() was not allocating a copy of
+    # string keys but FREE_DBT() was always being told to free it when the
+    # database was opened with DB_THREAD.
+    def test04_double_free_make_key_dbt(self):
+        try:
+            db1 = db.DB()
+            db1.open(self.filename, None, db.DB_BTREE,
+                     db.DB_CREATE | db.DB_THREAD)
+
+            curs = db1.cursor()
+            t = curs.get("/foo", db.DB_SET)
+            # double free happened during exit from DBC_get
+        finally:
+            db1.close()
+            os.unlink(self.filename)
+
 
 #----------------------------------------------------------------------
 

Modified: python/branches/release25-maint/Modules/_bsddb.c
==============================================================================
--- python/branches/release25-maint/Modules/_bsddb.c	(original)
+++ python/branches/release25-maint/Modules/_bsddb.c	Tue Oct  9 09:25:24 2007
@@ -425,7 +425,19 @@
             return 0;
         }
 
-        key->data = PyString_AS_STRING(keyobj);
+        /*
+         * NOTE(gps): I don't like doing a data copy here, it seems
+         * wasteful.  But without a clean way to tell FREE_DBT if it
+         * should free key->data or not we have to.  Other places in
+         * the code check for DB_THREAD and forceably set DBT_MALLOC
+         * when we otherwise would leave flags 0 to indicate that.
+         */
+        key->data = strdup(PyString_AS_STRING(keyobj));
+        if (key->data == NULL) {
+            PyErr_SetString(PyExc_MemoryError, "Key memory allocation failed");
+            return 0;
+        }
+        key->flags = DB_DBT_REALLOC;
         key->size = PyString_GET_SIZE(keyobj);
     }

More information about the Python-checkins mailing list