diff options
| author | Sergei Trofimovich <slyfox@gentoo.org> | 2021-06-27 20:57:13 +0100 |
|---|---|---|
| committer | Emmanuele Bassi <ebassi@gnome.org> | 2021-11-23 23:04:26 +0000 |
| commit | 62c3c955547599a58786f20497748569c148379e (patch) | |
| tree | 4779a972940142932143f4140273e1dbef52910b | |
| parent | 2b3153ed2b5d0910aa07ad7cd0bcf06da413886d (diff) | |
| download | gobject-introspection-62c3c955547599a58786f20497748569c148379e.tar.gz | |
girffi.c: fix return value for g_callable_info_prepare_closure()
The initial failure was observed on `meld` against recently released
`libffi-3.4-rc1`. There `meld` crashes as:
```
$ meld
Segmentation fault (core dumped)
$ gdb --args /usr/bin/python3.9 /usr/bin/meld
(gdb) run
...
Thread 1 "python3.9" received signal SIGSEGV, Segmentation fault.
0x00007fffe9ac1ae8 in g_callable_info_free_closure (
callable_info=0x555555d45990, closure=0x7fffe9e70c20)
at ../gobject-introspection-1.68.0/girepository/girffi.c:428
428 g_free (wrapper->ffi_closure.cif->arg_types);
(gdb) bt
callable_info=0x555555d45990, closure=0x7fffe9e70c20)
at ../gobject-introspection-1.68.0/girepository/girffi.c:428
data=0x555555d252d0)
at ../pygobject-3.40.1/gi/pygi-closure.c:635
...
```
The bug here is in type mismatch between expected return value of
`g_callable_info_prepare_closure()` and actual value (executable
code pointer):
```c
ffi_closure * g_callable_info_prepare_closure(...) {
gpointer exec_ptr;
...
status = ffi_prep_closure_loc (&closure->ffi_closure, cif, callback, user_data, exec_ptr);
return exec_ptr;
}
```
Note: `exec_ptr` is a code pointer that could be directly executed by
caller, like `((rt (*)(a1,a2))exec_ptr)(1,2);` It should never be wrapped
into an `ffi_closure*`, which is normally called via `ffi_call(closure, ...)`.
We see the problem when we try to free direct code pointer instead of
`ffi_closure()` as starting from libffi-3.4 executable trampoline and
`ffi_closure()` don't necessarily live in the same block:
https://github.com/libffi/libffi/commit/9ba559217bea0803263a9a9a0bafcf9203606f5b
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
| -rw-r--r-- | girepository/girffi.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/girepository/girffi.c b/girepository/girffi.c index 86a13052..b3b92195 100644 --- a/girepository/girffi.c +++ b/girepository/girffi.c @@ -406,10 +406,7 @@ g_callable_info_prepare_closure (GICallableInfo *callable_info, return NULL; } - /* Return exec_ptr, which points to the same underlying memory as - * closure, but via an executable-non-writable mapping. - */ - return exec_ptr; + return &closure->ffi_closure; } /** |