You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucy.apache.org by "Nick Wellnhofer (JIRA)" <ji...@apache.org> on 2016/03/01 12:31:18 UTC
[lucy-issues] [jira] [Commented] (CLOWNFISH-37) Order of refcount manipulation
when overwriting
[ https://issues.apache.org/jira/browse/CLOWNFISH-37?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15173632#comment-15173632 ]
Nick Wellnhofer commented on CLOWNFISH-37:
------------------------------------------
I think it's impossible to trigger this from C without writing code that's obviously buggy. In the example above, a caller from C space must also own an additional refcount on {{thing}}. It would be wrong for the caller to have decref'd {{thing}} (maybe assuming that {{Foo}} owns another refcount) and continue using it.
> Order of refcount manipulation when overwriting
> -----------------------------------------------
>
> Key: CLOWNFISH-37
> URL: https://issues.apache.org/jira/browse/CLOWNFISH-37
> Project: Apache Lucy-Clownfish
> Issue Type: Bug
> Components: Core
> Reporter: Marvin Humphrey
> Priority: Minor
> Fix For: 0.5.0
>
>
> There are a number of places in Clownfish where we decref a member variable then overwrite it with an incref'd argument. This can cause problem if for example a value overwrites itself, because the decref can cause the refcount to fall to 0.
> We should instead first capture the incref to a temp variable, then decref, then overwrite.
> {code}
> void
> Foo_Set_Thing_IMP(Foo *self, Obj *thing) {
> - DECREF(self->thing);
> - self->thing = INCREF(thing);
> + Obj *temp = INCREF(thing);
> + DECREF(self->thing);
> + self->thing = temp;
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)