[prev in list] [next in list] [prev in thread] [next in thread]
List: pykde
Subject: [PyQt] New optimization in SIP causes double-deletion
From: Giovanni Bajo <rasky () develer ! com>
Date: 2009-10-29 11:56:06
Message-ID: 1256817366.4265.9.camel () lilax
[Download RAW message or body]
Hi Phil,
comparing the generated SIP code between SIP 4.8 and 4.9 in the case of
a function with an argument of type "reference to mapped-type" decorated
with /Out/, I see this difference:
SIP 4.8:
if (sipParseArgs(...))
{
PyObject *sipResult;
a1 = new RETURNTYPE();
func(*a0,*a1);
sipResult = sipConvertFromType(a1,sipType_RETURNTYPE,NULL);
[...]
delete a1;
return sipResult;
}
SIP 4.9:
if (sipParseArgs(...))
{
PyObject *sipResult;
a1 = new RETURNTYPE();
func(*a0,*a1);
sipResult = sipConvertFromNewType(a1,sipType_RETURNTYPE,NULL);
^^^
[...]
delete a1;
return sipResult;
}
So SIP 4.9 switched to call sipConvertFromNewType() instead of
sipConvertFromType(). It is in fact a correct optimization because the
return value is surely a new object from the Python point of view, but
it causes a double-deletion: in fact, sipConvertFromNewType() deletes
the object if sipTransferObject is NULL (see siplib.c:6541); while
sipConvertFromType() does not delete it.
So when the code flow gets to the "delete a1" line, the object pointed
by a1 is deleted twice.
(PS: if you come up with a patch given this info, I'll be happy to test
it but please send it by mail)
--
Giovanni Bajo
Develer S.r.l.
http://www.develer.com
_______________________________________________
PyQt mailing list PyQt@riverbankcomputing.com
http://www.riverbankcomputing.com/mailman/listinfo/pyqt
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic