[PyQt] New optimization in SIP causes double-deletion
Giovanni Bajo
rasky at develer.com
Thu Oct 29 11:56:06 GMT 2009
Hi Phil,
comparing the generated SIP code between SIP 4.8 and 4.9 in the case of
a function with an argument of type "reference to mapped-type" decorated
with /Out/, I see this difference:
SIP 4.8:
if (sipParseArgs(...))
{
PyObject *sipResult;
a1 = new RETURNTYPE();
func(*a0,*a1);
sipResult = sipConvertFromType(a1,sipType_RETURNTYPE,NULL);
[...]
delete a1;
return sipResult;
}
SIP 4.9:
if (sipParseArgs(...))
{
PyObject *sipResult;
a1 = new RETURNTYPE();
func(*a0,*a1);
sipResult = sipConvertFromNewType(a1,sipType_RETURNTYPE,NULL);
^^^
[...]
delete a1;
return sipResult;
}
So SIP 4.9 switched to call sipConvertFromNewType() instead of
sipConvertFromType(). It is in fact a correct optimization because the
return value is surely a new object from the Python point of view, but
it causes a double-deletion: in fact, sipConvertFromNewType() deletes
the object if sipTransferObject is NULL (see siplib.c:6541); while
sipConvertFromType() does not delete it.
So when the code flow gets to the "delete a1" line, the object pointed
by a1 is deleted twice.
(PS: if you come up with a patch given this info, I'll be happy to test
it but please send it by mail)
--
Giovanni Bajo
Develer S.r.l.
http://www.develer.com
More information about the PyQt
mailing list