Fix possible leak of return of PySequence_GetItem. #13333

QuLogic · Jan 31, 2019

PR Summary

PySequence_GetItem returns a new reference, which we should decrement.

Note: Technically, the string (from PyBytes_AsString) requires the object to be ref'd, but we know it won't get GC'd because there's a ref by the containing object, and doing it early means we don't have to worry about error handling.

PR Checklist

Has Pytest style unit tests
Code is Flake 8 compliant
[N/A] New features are documented, with examples if plot related
Documentation is sphinx and numpydoc compliant
Added an entry to doc/users/next_whats_new/ if major new feature (follow instructions in README.rst there)
Documented in doc/api/api_changes.rst if API changed in a backward-incompatible way

anntzer · Jan 31, 2019

src/_path_wrapper.cpp

@@ -727,6 +727,7 @@ static PyObject *Py_convert_to_string(PyObject *self, PyObject *args, PyObject *
            return NULL;
        }
        codes[i] = PyBytes_AsString(item);
+        Py_DECREF(item);


Just change the PyArg_ParseTuple call to use a (yyyyy) format for parsing the codes argument instead?

I am 50/50 on that. It lets python do more of the work, but is also a bigger change.

I think all of our callers pass the right length lists, but as I'm targeting 3.0.3 with this, I'm not sure if it's quite as safe to be backporting that version.

But we already error out a few lines above if the length is not 5.
Anyways I don't want to insist too much on this, if you don't want to make the bigger change that's fine with me too.

NelleV

Thanks @QuLogic !

…ce_GetItem.

…333-on-v3.0.x Backport PR #13333 on branch v3.0.x (Fix possible leak of return of PySequence_GetItem.)

Fix possible leak of return of PySequence_GetItem.

f0c5969

QuLogic added this to the v3.0.3 milestone Jan 31, 2019

anntzer reviewed Jan 31, 2019

View reviewed changes

tacaswell approved these changes Feb 1, 2019

View reviewed changes

NelleV approved these changes Feb 2, 2019

View reviewed changes

NelleV merged commit 8d62769 into matplotlib:master Feb 2, 2019

meeseeksmachine mentioned this pull request Feb 2, 2019

Backport PR #13333 on branch v3.0.x (Fix possible leak of return of PySequence_GetItem.) #13345

Merged

meeseeksmachine pushed a commit to meeseeksmachine/matplotlib that referenced this pull request Feb 2, 2019

Backport PR matplotlib#13333: Fix possible leak of return of PySequen…

ec0f1fa

…ce_GetItem.

QuLogic deleted the PySequence_GetItem-leak branch February 2, 2019 07:29

timhoffm added a commit that referenced this pull request Feb 2, 2019

Merge pull request #13345 from meeseeksmachine/auto-backport-of-pr-13…

6f0b80c

…333-on-v3.0.x Backport PR #13333 on branch v3.0.x (Fix possible leak of return of PySequence_GetItem.)

anntzer mentioned this pull request Feb 2, 2019

Simplify parsing of tuple in C extension code. #13346

Merged

6 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Fix possible leak of return of PySequence_GetItem. #13333

Fix possible leak of return of PySequence_GetItem. #13333

Uh oh!

QuLogic commented Jan 31, 2019

Uh oh!

anntzer Jan 31, 2019

Uh oh!

tacaswell Feb 1, 2019

Uh oh!

QuLogic Feb 2, 2019

Uh oh!

anntzer Feb 2, 2019

Uh oh!

NelleV left a comment

Uh oh!

Uh oh!

Search code, repositories, users, issues, pull requests...

Uh oh!

Fix possible leak of return of PySequence_GetItem. #13333

Fix possible leak of return of PySequence_GetItem. #13333

Uh oh!

Conversation

QuLogic commented Jan 31, 2019

PR Summary

PR Checklist

Uh oh!

anntzer Jan 31, 2019

Choose a reason for hiding this comment

Uh oh!

tacaswell Feb 1, 2019

Choose a reason for hiding this comment

Uh oh!

QuLogic Feb 2, 2019

Choose a reason for hiding this comment

Uh oh!

anntzer Feb 2, 2019

Choose a reason for hiding this comment

Uh oh!

NelleV left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!