From 38747f3f1bc7139f759b30dd0505d52ee5304408 Mon Sep 17 00:00:00 2001 From: Christian Walther Date: Sun, 27 Nov 2011 10:56:49 +0100 Subject: [PATCH 1/2] Don?t modify tuples that others may already have references to. Fixes egg room private chat channels and entering Teledahn buckets with Python 2.7. These and other uses of ptSDL.setIndex() only worked by chance with Python 2.3 because the tuples happened to have reference counts of 1. --- .../FeatureLib/pfPython/plPythonSDLModifier.cpp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp b/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp index 0d8794cf..0d44acc9 100644 --- a/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp +++ b/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp @@ -208,6 +208,22 @@ void plPythonSDLModifier::SetItemIdx(const char* key, int idx, PyObject* value, return; } + if (pyTuple && pyTuple->ob_refcnt != 1) + { + // others already have references to the tuple and expect it to be immutable, must make a copy + int n = PyTuple_Size(pyTuple); + PyObject* newTuple = PyTuple_New(n); + for (int j = 0; j < n; j++) + { + PyObject* item = PyTuple_GetItem(pyTuple, j); + Py_INCREF(item); + PyTuple_SetItem(newTuple, j, item); + } + Py_DECREF(pyTuple); + pyTuple = newTuple; + it->second.obj = newTuple; + } + if (pyTuple) { if (PyTuple_Size(pyTuple) <= idx) From 970b8e3af4c379196886ec673f7125a443de009a Mon Sep 17 00:00:00 2001 From: Christian Walther Date: Sun, 27 Nov 2011 10:58:25 +0100 Subject: [PATCH 2/2] Fix a potential crash when resizing SDL tuples. _PyTuple_Resize may destroy the original tuple and return a new one through the pointer argument. When it does that and we don?t put the new one back into the map, we end up with a stale pointer to a destroyed object in the map, which is likely to blow up one way or another next time it?s accessed. Untested because, as far as I can see, this code isn?t actually used currently. All uses of this method deal with fixed-size SDL variables. Resizable variables are not used at all in age SDL, only in non-age SDL (animation, avatar, clothing etc.), and I?m not even sure if those are even accessible using this Python API. --- .../Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp b/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp index 0d44acc9..312420e9 100644 --- a/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp +++ b/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/FeatureLib/pfPython/plPythonSDLModifier.cpp @@ -237,6 +237,8 @@ void plPythonSDLModifier::SetItemIdx(const char* key, int idx, PyObject* value, Py_INCREF(Py_None); PyTuple_SetItem(pyTuple, j, Py_None); } + // _PyTuple_Resize may have changed pyTuple + it->second.obj = pyTuple; } } else