Data corruption when passing a 0-terminated array of GVariant
We get data corruption when executing the following three tests from the gobject-introspection test suite:
/**
* gi_marshalling_tests_array_gvariant_none_in:
* @variants: (array zero-terminated) (transfer none):
*
* Returns: (array zero-terminated) (transfer none):
*/
GVariant** gi_marshalling_tests_array_gvariant_none_in(GVariant** variants);
/**
* gi_marshalling_tests_array_gvariant_container_in:
* @variants: (array zero-terminated) (transfer container):
*
* Returns: (array zero-terminated) (transfer container):
*/
GVariant** gi_marshalling_tests_array_gvariant_container_in(GVariant** variants);
/**
* gi_marshalling_tests_array_gvariant_full_in:
* @variants: (array zero-terminated) (transfer full):
*
* Returns: (array zero-terminated) (transfer full):
*/
GVariant** gi_marshalling_tests_array_gvariant_full_in (GVariant** variants);
At least in the transfer-full case there is outright data corruption as the GVariant fails an assertion for one of its fields. In the other two cases there is a refcount mismatch, which may be an actual refcount mismatch in GJS code or it may also be data corruption (the refcount field is filled with garbage < 0).
The fix can be verified by un-disabling the test in testGIMarshalling.js and checking that it passes correctly.