[Checkins] SVN: zope.security/trunk/ fix for potential segfault (LP 181833)
Gary Poster
gary.poster at canonical.com
Tue Aug 11 17:32:46 EDT 2009
Log message for revision 102691:
fix for potential segfault (LP 181833)
Changed:
U zope.security/trunk/CHANGES.txt
U zope.security/trunk/src/zope/security/_proxy.c
-=-
Modified: zope.security/trunk/CHANGES.txt
===================================================================
--- zope.security/trunk/CHANGES.txt 2009-08-11 21:11:26 UTC (rev 102690)
+++ zope.security/trunk/CHANGES.txt 2009-08-11 21:32:45 UTC (rev 102691)
@@ -5,7 +5,13 @@
3.7.1 (unreleased)
------------------
-- TBD
+- Fix for LP bug 181833 (from Gustavo Niemeyer). Before "visiting" a
+ sub-object, a check should be made to ensure the object is still valid.
+ Because garbage collection may involve loops, if you garbage collect an
+ object, it is possible that the actions done on this object may modify the
+ state of other objects. This may cause another round of garbage collection,
+ eventually generating a segfault (see LP bug). The Py_VISIT macro does the
+ necessary checks, so it is used instead of the previous code.
3.7.0 (2009-05-13)
------------------
@@ -17,7 +23,7 @@
3.6.3 (2009-03-23)
------------------
-- Ensure that simple zope.schema's VocabularyRegistry is used for
+- Ensure that simple zope.schema's VocabularyRegistry is used for
PermissionVocabulary tests, because it's replaced implicitly in
environments with zope.app.schema installed that makes that tests
fail.
@@ -65,14 +71,14 @@
- Don't define security checkers for deprecated set types from the
"sets" module on Python 2.6. It's discouraged to use them and
- `set` and `frozenset` built-in types should be used instead.
+ `set` and `frozenset` built-in types should be used instead.
- Change package's mailng list address to zope-dev at zope.org as
zope3-dev at zope.org is now retired.
- Remove old zpkg-related files.
-3.6.0 (2009-01-31)
+3.6.0 (2009-01-31)
------------------
- Install decorated security checker support on LocationProxy from the
Modified: zope.security/trunk/src/zope/security/_proxy.c
===================================================================
--- zope.security/trunk/src/zope/security/_proxy.c 2009-08-11 21:11:26 UTC (rev 102690)
+++ zope.security/trunk/src/zope/security/_proxy.c 2009-08-11 21:32:45 UTC (rev 102691)
@@ -302,10 +302,8 @@
static int
proxy_traverse(SecurityProxy *self, visitproc visit, void *arg)
{
- if (visit(self->proxy.proxy_object, arg) < 0)
- return -1;
- if (visit(self->proxy_checker, arg) < 0)
- return -1;
+ Py_VISIT(self->proxy.proxy_object);
+ Py_VISIT(self->proxy_checker);
return 0;
}
More information about the Checkins
mailing list