From eeeaa0f5cfa4bc5fcc12ffddb0697ad218fa9773 Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Sat, 8 May 2021 11:33:43 +1200 Subject: [PATCH 1/2] pytest:segfault: Add test for assigning to an inline array BUG: https://bugzilla.samba.org/show_bug.cgi?id=14065 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Andreas Schneider (backported from commit 9019e08c61a9b0bfce9ef295089ad42e46e784e2) [josephsutton@catalyst.net.nz: no_gdb_backtrace not present in 4.14] --- python/samba/tests/segfault.py | 7 +++++++ selftest/knownfail.d/python-segfaults | 1 + 2 files changed, 8 insertions(+) diff --git a/python/samba/tests/segfault.py b/python/samba/tests/segfault.py index 07e2d46d56a..2d4b7971c93 100644 --- a/python/samba/tests/segfault.py +++ b/python/samba/tests/segfault.py @@ -174,3 +174,10 @@ class SegfaultTests(samba.tests.TestCase): def test_dcerpc_idl_inline_arrays(self): """Inline arrays were incorrectly handled.""" dnsserver.DNS_RPC_SERVER_INFO_DOTNET().pExtensions + + @segfault_detector + def test_dcerpc_idl_set_inline_arrays(self): + """Setting an inline array was incorrectly handled.""" + a = dnsserver.DNS_EXTENSION(); + x = dnsserver.DNS_RPC_DP_INFO(); + x.pwszReserved = [a, a, a] diff --git a/selftest/knownfail.d/python-segfaults b/selftest/knownfail.d/python-segfaults index 1be0566dcb1..2dc8e4577b6 100644 --- a/selftest/knownfail.d/python-segfaults +++ b/selftest/knownfail.d/python-segfaults @@ -1 +1,2 @@ samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_net_replicate_init__3 +samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_dcerpc_idl_set_inline_arrays -- 2.31.1.362.g311531c9de From 473dd757b1d2b1d701a88db6343f4eb3022935ec Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Thu, 6 May 2021 12:05:26 +1200 Subject: [PATCH 2/2] pidl: Handle assigning to an inline array from Python When obtaining a reference to items in an assigned-from list, ensure that we do not try to use the first element of the inline array as a talloc context, but instead use the talloc context associated with the Python object. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14065 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Fri May 28 09:50:02 UTC 2021 on sn-devel-184 (cherry picked from commit 537f2d19b5513fa9c29034bc53958a2c05768e81) --- pidl/lib/Parse/Pidl/Samba4/Python.pm | 6 +++++- selftest/knownfail.d/python-segfaults | 1 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm b/pidl/lib/Parse/Pidl/Samba4/Python.pm index 578e17d1cbc..5c4d3e8e087 100644 --- a/pidl/lib/Parse/Pidl/Samba4/Python.pm +++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm @@ -1988,7 +1988,11 @@ sub ConvertObjectFromPythonLevel($$$$$$$$$) } $self->pidl("for ($counter = 0; $counter < PyList_GET_SIZE($py_var); $counter++) {"); $self->indent; - $self->ConvertObjectFromPythonLevel($env, $var_name, "PyList_GET_ITEM($py_var, $counter)", $e, $nl, $var_name."[$counter]", $fail, 0); + if (ArrayDynamicallyAllocated($e, $l)) { + $self->ConvertObjectFromPythonLevel($env, $var_name, "PyList_GET_ITEM($py_var, $counter)", $e, $nl, $var_name."[$counter]", $fail, 0); + } else { + $self->ConvertObjectFromPythonLevel($env, $mem_ctx, "PyList_GET_ITEM($py_var, $counter)", $e, $nl, $var_name."[$counter]", $fail, 0); + } $self->deindent; $self->pidl("}"); $self->deindent; diff --git a/selftest/knownfail.d/python-segfaults b/selftest/knownfail.d/python-segfaults index 2dc8e4577b6..1be0566dcb1 100644 --- a/selftest/knownfail.d/python-segfaults +++ b/selftest/knownfail.d/python-segfaults @@ -1,2 +1 @@ samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_net_replicate_init__3 -samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_dcerpc_idl_set_inline_arrays -- 2.31.1.362.g311531c9de