[PyQt] sipReleaseType may delete a derived type when it is not

Phil Thompson phil at riverbankcomputing.com
Sat Jun 10 15:20:54 BST 2017


On 7 Jun 2017, at 11:27 am, Denis Rivière <denis.riviere at cea.fr> wrote:
> 
> 
> Hi,
> 
> We experience crashes using sip 4.18 and 4.19, where it works fine using 4.17.
> I have dug for a while in the code, and found out that in some cases, after object conversion into a class using its %ConvertToTypeCode, the object gets deleted after a cast to the wrong sip-derived class.

...

> Here the release code is called with sipIsDerived argument set to 1. However 1 is actually directly the "state" value set in %ConvertToTypeCode, which does not mean SIP_DERIVED_CLASS (which value is 2), but SIP_TEMPORARY.
> 
> In the source code of siplib (siplib.c.in), the code of sip_api_release_type() calls the release function of the type object with complete "state" value, not a boolean meaning if it is derived.
> 
> So I think there is a bug there.
> Am I right ?

I think so - good catch.

Should be fixed in tonight's snapshot.

Thanks,
Phil


More information about the PyQt mailing list