From 970b8e3af4c379196886ec673f7125a443de009a Mon Sep 17 00:00:00 2001 From: Christian Walther Date: Sun, 27 Nov 2011 10:58:25 +0100 Subject: [PATCH] Fix a potential crash when resizing SDL tuples. _PyTuple_Resize may destroy the original tuple and return a new one through the pointer argument. When it does that and we don?t put the new one back into the map, we end up with a stale pointer to a destroyed object in the map, which is likely to blow up one way or another next time it?s accessed. Untested because, as far as I can see, this code isn?t actually used currently. All uses of this method deal with fixed-size SDL variables. Resizable variables are not used at all in age SDL, only in non-age SDL (animation, avatar, clothing etc.), and I?m not even sure if those are even accessible using this Python API. --- .../Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp b/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp index 0d44acc9..312420e9 100644 --- a/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp +++ b/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp @@ -237,6 +237,8 @@ void plPythonSDLModifier::SetItemIdx(const char* key, int idx, PyObject* value, Py_INCREF(Py_None); PyTuple_SetItem(pyTuple, j, Py_None); } + // _PyTuple_Resize may have changed pyTuple + it->second.obj = pyTuple; } } else