New submission from Lenard Lindstrom <le...@telus.net>: If an exporter returns a Py_buffer with ndim 1, PyMemoryView_FromObject changes the shape and strides pointer fields to point to a local Py_buffer array field. This array field is undocumented. Any heap memory these pointers reference is lost. Should the exporter's bf_releasebuffer later try and free the memory, the Python interpreter may segfault.
Attached is a demonstration program. Its output is: Accessing buffer directly... Accessing buffer through a memory view... * View->shape has changed. Done. where the third line shows bf_releasebuffer has detected a changed pointer. ---------- components: Interpreter Core files: bufrel.c.gz messages: 117644 nosy: kermode priority: normal severity: normal status: open title: PyMemoryView_FromObject alters the Py_buffer after calling PyObject_GetBuffer when ndim 1 type: crash versions: Python 3.2 Added file: http://bugs.python.org/file19060/bufrel.c.gz _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue9990> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com