From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28708 invoked by alias); 24 Oct 2011 13:20:37 -0000 Received: (qmail 28659 invoked by uid 22791); 24 Oct 2011 13:20:32 -0000 X-SWARE-Spam-Status: No, hits=-6.8 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,SPF_HELO_PASS X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 24 Oct 2011 13:20:13 +0000 Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p9ODKDWp011100 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 24 Oct 2011 09:20:13 -0400 Received: from localhost.localdomain (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p9ODKBLc012902 for ; Mon, 24 Oct 2011 09:20:12 -0400 From: Phil Muldoon To: gdb-patches@sourceware.org Subject: [python] [patch] PR python/13331 Reply-to: pmuldoon@redhat.com X-URL: http://www.redhat.com Date: Mon, 24 Oct 2011 13:30:00 -0000 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2011-10/txt/msg00626.txt.bz2 David Malcolm's GCC plug-in Python reference checker: https://fedorahosted.org/gcc-python-plugin/ Found a path in our code that could result in a segfault. We do not sanity check the result PyTuple_New and cascade those failures later when we try to reference the bogus tuple. This one was a little trickier to fix, as I had to adjust the callers to expect the failure. For some reason, the diff of this patch is ugly, but the summary is as follows: - Return NULL if PyTuple_New fails. - In the caller, check if args is NULL. If it is, do not call the convenience function, and skip onto the exception -> error converter. OK? Cheers, Phil -- 2011-10-24 Phil Muldoon PR python/13331 * python/py-function.c (fnpy_call): Check 'args' is not NULL. (convert_values_to_python): Return on Python tuple allocation failure. -- Index: python/py-function.c =================================================================== RCS file: /cvs/src/src/gdb/python/py-function.c,v retrieving revision 1.10 diff -u -r1.10 py-function.c --- python/py-function.c 5 Aug 2011 14:24:10 -0000 1.10 +++ python/py-function.c 24 Oct 2011 13:15:38 -0000 @@ -38,6 +38,9 @@ { int i; PyObject *result = PyTuple_New (argc); + + if (! result) + return NULL; for (i = 0; i < argc; ++i) { @@ -59,24 +62,35 @@ void *cookie, int argc, struct value **argv) { struct value *value = NULL; - PyObject *result, *callable, *args; + /* 'result' must be set to NULL, this initially indicates whether + the function was called, or not. */ + PyObject *result = NULL; + PyObject *callable, *args; struct cleanup *cleanup; cleanup = ensure_python_env (gdbarch, language); args = convert_values_to_python (argc, argv); + /* convert_values_to_python can return NULL on error. If we + encounter this, do not call the function, but allow the Python -> + error code conversion below to deal with the Python exception. + Note, that this is different if the function simply does not + have arguments. */ - callable = PyObject_GetAttrString ((PyObject *) cookie, "invoke"); - if (! callable) + if (args) { + callable = PyObject_GetAttrString ((PyObject *) cookie, "invoke"); + if (! callable) + { + Py_DECREF (args); + error (_("No method named 'invoke' in object.")); + } + + result = PyObject_Call (callable, args, NULL); + Py_DECREF (callable); Py_DECREF (args); - error (_("No method named 'invoke' in object.")); } - result = PyObject_Call (callable, args, NULL); - Py_DECREF (callable); - Py_DECREF (args); - if (!result) { PyObject *ptype, *pvalue, *ptraceback;