Fix Python crash on getprop deallocation

Fatal Python error: none_dealloc: deallocating None Python runtime state: finalizing (tstate=0x000055c9bac70920) Current thread 0x00007fbe34e47740 (most recent call first): <no Python frame> Aborted (core dumped) This is caused by a missing Py_INCREF on the returned Py_None, as demonstrated e.g. in https://github.com/mythosil/swig-python-incref or described at https://edcjones.tripod.com/refcount.html ("Remember to INCREF Py_None!") A PoC for triggering this crash is uploaded to https://github.com/z3ntu/pylibfdt-crash . With this patch applied to pylibfdt the crash does not happen. Signed-off-by: Luca Weiss <luca@z3ntu.xyz> Message-Id: <20211224102811.70695-1-luca@z3ntu.xyz> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-12-24 11:28:12 +01:00 · 2021-12-24 11:28:12 +01:00 · d152126bb0
commit d152126bb0
parent 17739b7ef5
1 changed files with 4 additions and 2 deletions
--- a/pylibfdt/libfdt.i
+++ b/pylibfdt/libfdt.i
@ -1040,14 +1040,16 @@ typedef uint32_t fdt32_t;

 /* typemap used for fdt_getprop() */
 %typemap(out) (const void *) {
-	if (!$1)
+	if (!$1) {
 		$result = Py_None;
-	else
+		Py_INCREF($result);
+	} else {
        %#if PY_VERSION_HEX >= 0x03000000
            $result = Py_BuildValue("y#", $1, (Py_ssize_t)*arg4);
        %#else
            $result = Py_BuildValue("s#", $1, (Py_ssize_t)*arg4);
        %#endif
+    }
 }

 /* typemap used for fdt_setprop() */