diff options
| author | Alexandru Croitor <alexandru.croitor@qt.io> | 2018-02-20 13:32:16 +0100 |
|---|---|---|
| committer | Alexandru Croitor <alexandru.croitor@qt.io> | 2018-02-20 13:10:01 +0000 |
| commit | 793320f9f991bab254c1d447104afdd817551267 (patch) | |
| tree | e58248ab25ffdfc3a55ebd0f232706e6409b1714 | |
| parent | 002b0d6da1c717d54a5a3a0967e41bc7c6213e3e (diff) | |
Fix heap corruption crash on macOS 10.8 CI machine
The macOS 10.8, PySide2 branch 5.6 integrations were misteriously
failing with crashes on exit in the objecttype_test.py test, with a
stack trace similar to:
0x00007fff8899e90a _sigtramp + 26
0x0000000100784710 0x0 + 4302849808 (note the 0x0 address)
0x0000000100055408 dict_traverse + 168
0x0000000100107f77 collect + 407
0x00000001001089f4 PyGC_Collect + 52
0x00000001000ef503 Py_Finalize + 259
0x00000001000eefca handle_system_exit + 250
0x00000001000ef235 PyErr_PrintEx + 469
0x00000001000efebb PyRun_SimpleFileExFlags + 299
0x00000001001071dd Py_Main + 3101
Reproducing it on a CI VM was very difficult, requring dubious
manipulation of PATH, PYTHONPATH and LD_LIBRARY_PATH environment
variables. In the end the issue was diagnosed to be heap corruption,
and thus the difficulty in reproducing it.
The testParentFromCpp test in objecttype_test.py calls
the destroyCppParent method to delete its parent. Because
the deletion of the parent invokes the destructor ~ObjectType(), that
in turn deletes the child. This lead to head corruption, because
the child "o" by destroying its parent, destroys itself, and once
the "delete m_parent" is done, the next "m_parent = 0" would write
to invalid (freed) memory.
In a release build of the Python interpreter, this ends up in
accessing the freed memory in the GC collection phase (but under a
debugger this crashed in several other random places).
The fix is to delete the "m_parent = 0;" statement, so that nothing
is written to freed memory.
Change-Id: I2d7a41b99a3255ebb300e6157b3dd0d78eb27a54
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
| -rw-r--r-- | sources/shiboken2/tests/libsample/objecttype.h | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/sources/shiboken2/tests/libsample/objecttype.h b/sources/shiboken2/tests/libsample/objecttype.h index eae95b3b1..487472b0f 100644 --- a/sources/shiboken2/tests/libsample/objecttype.h +++ b/sources/shiboken2/tests/libsample/objecttype.h @@ -129,7 +129,6 @@ public: void destroyCppParent() { delete m_parent; - m_parent = 0; } //Deprecated test |