Skip to content

Commit

Permalink
pythongh-46376: Return existing pointer when possible in ctypes (pyth…
Browse files Browse the repository at this point in the history
  • Loading branch information
code-of-kpp authored Jul 31, 2023
1 parent 68f9471 commit 08447b5
Show file tree
Hide file tree
Showing 3 changed files with 57 additions and 0 deletions.
27 changes: 27 additions & 0 deletions Lib/test/test_ctypes/test_keeprefs.py
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,33 @@ def test_p_cint(self):
x = pointer(i)
self.assertEqual(x._objects, {'1': i})

def test_pp_ownership(self):
d = c_int(123)
n = c_int(456)

p = pointer(d)
pp = pointer(p)

self.assertIs(pp._objects['1'], p)
self.assertIs(pp._objects['0']['1'], d)

pp.contents.contents = n

self.assertIs(pp._objects['1'], p)
self.assertIs(pp._objects['0']['1'], n)

self.assertIs(p._objects['1'], n)
self.assertEqual(len(p._objects), 1)

del d
del p

self.assertIs(pp._objects['0']['1'], n)
self.assertEqual(len(pp._objects), 2)

del n

self.assertEqual(len(pp._objects), 2)

class PointerToStructure(unittest.TestCase):
def test(self):
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Prevent memory leak and use-after-free when using pointers to pointers with ctypes
29 changes: 29 additions & 0 deletions Modules/_ctypes/_ctypes.c
Original file line number Diff line number Diff line change
Expand Up @@ -5129,6 +5129,8 @@ static PyObject *
Pointer_get_contents(CDataObject *self, void *closure)
{
StgDictObject *stgdict;
PyObject *keep, *ptr_probe;
CDataObject *ptr2ptr;

if (*(void **)self->b_ptr == NULL) {
PyErr_SetString(PyExc_ValueError,
Expand All @@ -5138,6 +5140,33 @@ Pointer_get_contents(CDataObject *self, void *closure)

stgdict = PyObject_stgdict((PyObject *)self);
assert(stgdict); /* Cannot be NULL for pointer instances */

keep = GetKeepedObjects(self);
if (keep != NULL) {
// check if it's a pointer to a pointer:
// pointers will have '0' key in the _objects
ptr_probe = PyDict_GetItemString(keep, "0");

if (ptr_probe != NULL) {
ptr2ptr = (CDataObject*) PyDict_GetItemString(keep, "1");
if (ptr2ptr == NULL) {
PyErr_SetString(PyExc_ValueError,
"Unexpected NULL pointer in _objects");
return NULL;
}
// don't construct a new object,
// return existing one instead to preserve refcount
assert(
*(void**) self->b_ptr == ptr2ptr->b_ptr ||
*(void**) self->b_value.c == ptr2ptr->b_ptr ||
*(void**) self->b_ptr == ptr2ptr->b_value.c ||
*(void**) self->b_value.c == ptr2ptr->b_value.c
); // double-check that we are returning the same thing
Py_INCREF(ptr2ptr);
return (PyObject *) ptr2ptr;
}
}

return PyCData_FromBaseObj(stgdict->proto,
(PyObject *)self, 0,
*(void **)self->b_ptr);
Expand Down

0 comments on commit 08447b5

Please sign in to comment.