diff options
author | Daniel Colascione <dancol@dancol.org> | 2017-10-24 14:42:43 +0200 |
---|---|---|
committer | Christoph Reiter <creiter@src.gnome.org> | 2017-10-26 20:08:52 +0200 |
commit | b4bf1b9d936e021b1645c069c2e0a3062cfab62b (patch) | |
tree | 1f722b8384907e4e554a0c5018aa1253bd15f252 | |
parent | 1136f385d6080297bd57715b749c67f5e7208ba2 (diff) | |
download | pygobject-b4bf1b9d936e021b1645c069c2e0a3062cfab62b.tar.gz |
Fix potential uninitialized memory access during GC
We use _PyGIDefaultArgPlaceholder as a sentinel value to represent default
values during function argument list construction. Right now, it's a Python
type object. We make it using PyObject_New, so most of its fields end up
uninitialized. The object body being uninitialized wouldn't be a problem if
the placeholder object were unreachable, but the object *can* be reached
during GC by traversal through frame objects.
Depending on the exact contents of the uninitialized memory, the GC can go on
to cause other kinds of memory corruption through the process.
IMHO, the easiest fix for this problem is to just make the placeholder a
simpler data structure, like a list.
https://bugzilla.gnome.org/show_bug.cgi?id=786872
-rw-r--r-- | gi/gimodule.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/gi/gimodule.c b/gi/gimodule.c index e14b4f6a..5f8853c8 100644 --- a/gi/gimodule.c +++ b/gi/gimodule.c @@ -730,7 +730,7 @@ PYGLIB_MODULE_START(_gi, "_gi") /* Place holder object used to fill in "from Python" argument lists * for values not supplied by the caller but support a GI default. */ - _PyGIDefaultArgPlaceholder = PyObject_New(PyObject, &PyType_Type); + _PyGIDefaultArgPlaceholder = PyList_New(0); Py_INCREF (PyGIWarning); PyModule_AddObject (module, "PyGIWarning", PyGIWarning); |