Skip to content

Python loader: fix segfault

Tom Schoonjans requested to merge tschoonj/libpeas:python-loader-fix into master

This patch fixes a segfault caused by pygobject apparently reducing the GObject refcount when decreasing the refcount of the corresponding Python object.

I discovered this when trying the python3 loader on both macOS and Linux and noticed that my class that implements an abstract type kept crashing my app.

This is the valgrind output, which led me to fixing this bug by increasing the GObject refcount:

==28183== Invalid read of size 8
==28183==    at 0x763B029: g_type_check_instance_is_a (in /usr/lib64/libgobject-2.0.so.0.6000.7)
==28183==    by 0x5DED1F4: peas_engine_create_extensionv (peas-engine.c:1345)
==28183==    by 0x5DEEA73: add_extension (peas-extension-set.c:217)
==28183==    by 0x5DEEC62: peas_extension_set_constructed (peas-extension-set.c:283)
==28183==    by 0x761C61B: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.7)
==28183==    by 0x761E347: g_object_new_valist (in /usr/lib64/libgobject-2.0.so.0.6000.7)
==28183==    by 0x761E69C: g_object_new (in /usr/lib64/libgobject-2.0.so.0.6000.7)
==28183==    by 0x5DEF598: peas_extension_set_newv (peas-extension-set.c:637)
==28183==    by 0x5DEF6BB: peas_extension_set_new_valist (peas-extension-set.c:685)
==28183==    by 0x5DEF863: peas_extension_set_new (peas-extension-set.c:734)
==28183==    by 0x487E11A: xmi_msim_gui_sources_dialog_constructed(_GObject*) (xmimsim-gui-sources-dialog.cpp:101)
==28183==    by 0x761C61B: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.7)
==28183==  Address 0xaf4d540 is 368 bytes inside a block of size 432 free'd
==28183==    at 0x4839A0C: free (vg_replace_malloc.c:540)
==28183==    by 0x76B6D7C: g_free (in /usr/lib64/libglib-2.0.so.0.6000.7)
==28183==    by 0x76CF6A3: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.6000.7)
==28183==    by 0x763A345: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.6000.7)
==28183==    by 0x19E0C501: ??? (in /usr/lib64/python3.7/site-packages/gi/_gi.cpython-37m-x86_64-linux-gnu.so)
==28183==    by 0xC4562A8: ??? (in /usr/lib64/libpython3.7m.so.1.0)
==28183==    by 0xC2DCE0E: peas_plugin_loader_python_create_extension (peas-plugin-loader-python.c:148)
==28183==    by 0x5DED1D4: peas_engine_create_extensionv (peas-engine.c:1342)
==28183==    by 0x5DEEA73: add_extension (peas-extension-set.c:217)
==28183==    by 0x5DEEC62: peas_extension_set_constructed (peas-extension-set.c:283)
==28183==    by 0x761C61B: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.7)
==28183==    by 0x761E347: g_object_new_valist (in /usr/lib64/libgobject-2.0.so.0.6000.7)
==28183==  Block was alloc'd at
==28183==    at 0x483880B: malloc (vg_replace_malloc.c:309)
==28183==    by 0x76B6C88: g_malloc (in /usr/lib64/libglib-2.0.so.0.6000.7)
==28183==    by 0x76CEF95: g_slice_alloc (in /usr/lib64/libglib-2.0.so.0.6000.7)
==28183==    by 0x76CF5BD: g_slice_alloc0 (in /usr/lib64/libglib-2.0.so.0.6000.7)
==28183==    by 0x7639F79: g_type_create_instance (in /usr/lib64/libgobject-2.0.so.0.6000.7)
==28183==    by 0x761C42C: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.7)
==28183==    by 0x761DE6F: g_object_newv (in /usr/lib64/libgobject-2.0.so.0.6000.7)
==28183==    by 0xC2DCD90: peas_plugin_loader_python_create_extension (peas-plugin-loader-python.c:122)
==28183==    by 0x5DED1D4: peas_engine_create_extensionv (peas-engine.c:1342)
==28183==    by 0x5DEEA73: add_extension (peas-extension-set.c:217)
==28183==    by 0x5DEEC62: peas_extension_set_constructed (peas-extension-set.c:283)
==28183==    by 0x761C61B: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.7)

Merge request reports