diff options
author | Luca Weiss <luca@z3ntu.xyz> | 2021-12-24 11:28:12 +0100 |
---|---|---|
committer | David Gibson <david@gibson.dropbear.id.au> | 2021-12-26 15:44:32 +1100 |
commit | d152126bb0293c321cae437bdf7437c393ee3619 (patch) | |
tree | 3662ee5f6299d774c54e753c6a697f07b0622d62 | |
parent | 17739b7ef510917471409d71fb45d8eaf6a1e1fb (diff) | |
download | dtc-d152126bb0293c321cae437bdf7437c393ee3619.zip dtc-d152126bb0293c321cae437bdf7437c393ee3619.tar.gz dtc-d152126bb0293c321cae437bdf7437c393ee3619.tar.bz2 |
Fix Python crash on getprop deallocation
Fatal Python error: none_dealloc: deallocating None
Python runtime state: finalizing (tstate=0x000055c9bac70920)
Current thread 0x00007fbe34e47740 (most recent call first):
<no Python frame>
Aborted (core dumped)
This is caused by a missing Py_INCREF on the returned Py_None, as
demonstrated e.g. in https://github.com/mythosil/swig-python-incref or
described at https://edcjones.tripod.com/refcount.html ("Remember to
INCREF Py_None!")
A PoC for triggering this crash is uploaded to
https://github.com/z3ntu/pylibfdt-crash .
With this patch applied to pylibfdt the crash does not happen.
Signed-off-by: Luca Weiss <luca@z3ntu.xyz>
Message-Id: <20211224102811.70695-1-luca@z3ntu.xyz>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-rw-r--r-- | pylibfdt/libfdt.i | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/pylibfdt/libfdt.i b/pylibfdt/libfdt.i index 075ef70..9ccc57b 100644 --- a/pylibfdt/libfdt.i +++ b/pylibfdt/libfdt.i @@ -1040,14 +1040,16 @@ typedef uint32_t fdt32_t; /* typemap used for fdt_getprop() */ %typemap(out) (const void *) { - if (!$1) + if (!$1) { $result = Py_None; - else + Py_INCREF($result); + } else { %#if PY_VERSION_HEX >= 0x03000000 $result = Py_BuildValue("y#", $1, (Py_ssize_t)*arg4); %#else $result = Py_BuildValue("s#", $1, (Py_ssize_t)*arg4); %#endif + } } /* typemap used for fdt_setprop() */ |