Segfault when creating Gio.PropertyAction with no arguments
Python crashes due to Segfault when the following program is executed:
import gi
gi.require_version('Gtk', '4.0')
from gi.repository import Gio
Gio.PropertyAction()
I am running on Debian Stable (Bookworm) pygobject version 3.42.2. Debian Testing (Trixie) with pygobject 3.44.1 has the same problem.
GDB shows the stack trace as:
#0 0x00007ffff72236ef in g_property_action_set_property_name (property_name=0x0, paction=0xd5ac80 [GPropertyAction]) at ../../../gio/gpropertyaction.c:316
#1 g_property_action_set_property (object=0xd5ac80 [GPropertyAction], prop_id=<optimized out>, value=<optimized out>, pspec=<optimized out>) at ../../../gio/gpropertyaction.c:359
#2 0x00007ffff740853d in object_set_property (object=object@entry=0xd5ac80 [GPropertyAction], pspec=0xd70950 [GParamString], value=0xd70930, nqueue=nqueue@entry=0x0, user_specified=<optimized out>) at ../../../gobject/gobject.c:1794
#3 0x00007ffff7408de8 in g_object_new_internal (class=class@entry=0xd70300, params=params@entry=0x0, n_params=n_params@entry=0) at ../../../gobject/gobject.c:2273
#4 0x00007ffff740a3fc in g_object_new_with_properties (object_type=0xc896b0 [GPropertyAction], n_properties=<optimized out>, names=0x0, values=0x0) at ../../../gobject/gobject.c:2391
#5 0x00007ffff7598e45 in () at /usr/lib/python3/dist-packages/gi/_gi.cpython-311-x86_64-linux-gnu.so
#6 0x00007ffff75b7261 in () at /usr/lib/python3/dist-packages/gi/_gi.cpython-311-x86_64-linux-gnu.so
#7 0x0000000000517e55 in _PyObject_MakeTpCall ()
#8 0x000000000052b940 in _PyEval_EvalFrameDefault ()
#9 0x000000000052360b in PyEval_EvalCode ()
#10 0x0000000000647497 in ()
#11 0x0000000000644d4f in ()
#12 0x0000000000651010 in ()
#13 0x0000000000650d5b in _PyRun_SimpleFileObject ()
#14 0x0000000000650b84 in _PyRun_AnyFileObject ()
#15 0x000000000064f90f in Py_RunMain ()
#16 0x00000000006275c7 in Py_BytesMain ()
#17 0x00007ffff7cba18a in __libc_start_call_main (main=main@entry=0x627530, argc=argc@entry=2, argv=argv@entry=0x7fffffffe048) at ../sysdeps/nptl/libc_start_call_main.h:58
#18 0x00007ffff7cba245 in __libc_start_main_impl (main=0x627530, argc=2, argv=0x7fffffffe048, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe038) at ../csu/libc-start.c:381
#19 0x0000000000627461 in _start ()
...
I think the cause of this crash is in function pygobject_prepare_construct_properties()
. When kwargs
is NULL, *names
becomes is NULL, but this function returns true. Afterwards, the *names
is passed to g_property_action_set_property_name()
, and it segfaults when dereferencing *names
.