[Checkins] SVN: zope.security/trunk/ fix for potential segfault (LP 181833)

Gary Poster gary.poster at canonical.com
Tue Aug 11 17:32:46 EDT 2009 

Log message for revision 102691:
  fix for potential segfault (LP 181833)

Changed:
  U   zope.security/trunk/CHANGES.txt
  U   zope.security/trunk/src/zope/security/_proxy.c

-=-
Modified: zope.security/trunk/CHANGES.txt
===================================================================
--- zope.security/trunk/CHANGES.txt	2009-08-11 21:11:26 UTC (rev 102690)
+++ zope.security/trunk/CHANGES.txt	2009-08-11 21:32:45 UTC (rev 102691)
@@ -5,7 +5,13 @@
 3.7.1 (unreleased)
 ------------------
 
-- TBD
+- Fix for LP bug 181833 (from Gustavo Niemeyer). Before "visiting" a
+  sub-object, a check should be made to ensure the object is still valid.
+  Because garbage collection may involve loops, if you garbage collect an
+  object, it is possible that the actions done on this object may modify the
+  state of other objects. This may cause another round of garbage collection,
+  eventually generating a segfault (see LP bug). The Py_VISIT macro does the
+  necessary checks, so it is used instead of the previous code.
 
 3.7.0 (2009-05-13)
 ------------------
@@ -17,7 +23,7 @@
 3.6.3 (2009-03-23)
 ------------------
 
-- Ensure that simple zope.schema's VocabularyRegistry is used for 
+- Ensure that simple zope.schema's VocabularyRegistry is used for
   PermissionVocabulary tests, because it's replaced implicitly in
   environments with zope.app.schema installed that makes that tests
   fail.
@@ -65,14 +71,14 @@
 
 - Don't define security checkers for deprecated set types from the
   "sets" module on Python 2.6. It's discouraged to use them and
-  `set` and `frozenset` built-in types should be used instead. 
+  `set` and `frozenset` built-in types should be used instead.
 
 - Change package's mailng list address to zope-dev at zope.org as
   zope3-dev at zope.org is now retired.
 
 - Remove old zpkg-related files.
 
-3.6.0 (2009-01-31) 
+3.6.0 (2009-01-31)
 ------------------
 
 - Install decorated security checker support on LocationProxy from the

Modified: zope.security/trunk/src/zope/security/_proxy.c
===================================================================
--- zope.security/trunk/src/zope/security/_proxy.c	2009-08-11 21:11:26 UTC (rev 102690)
+++ zope.security/trunk/src/zope/security/_proxy.c	2009-08-11 21:32:45 UTC (rev 102691)
@@ -302,10 +302,8 @@
 static int
 proxy_traverse(SecurityProxy *self, visitproc visit, void *arg)
 {
-  if (visit(self->proxy.proxy_object, arg) < 0)
-    return -1;
-  if (visit(self->proxy_checker, arg) < 0)
-    return -1;
+  Py_VISIT(self->proxy.proxy_object);
+  Py_VISIT(self->proxy_checker);
   return 0;
 }

More information about the Checkins mailing list