From 2c6019a5b2f36dda095d5487aa0111dc8366e17a Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Mon, 10 Jan 2022 04:30:00 +0000 Subject: [PATCH] Fix double free introduced in 9b9e4369d34e24a9dc7f3f1494865a026ca4 This requires correctly setting `holds_ref` as well as handling `holds_ref` on pointed-to objects in the general-case ret_conv in `gen_type_mapping.py`. --- gen_type_mapping.py | 5 ++++- genbindings.py | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/gen_type_mapping.py b/gen_type_mapping.py index 504fbdc0..c7f75484 100644 --- a/gen_type_mapping.py +++ b/gen_type_mapping.py @@ -534,9 +534,12 @@ class TypeMappingGenerator: to_hu_conv = self.consts.var_decl_statement(ty_info.java_hu_ty, "ret_hu_conv", "new " + ty_info.java_hu_ty + "(null, " + ty_info.var_name + ")") + ";\n" + self.consts.add_ref("ret_hu_conv", "this") + ";", to_hu_conv_name = "ret_hu_conv", from_hu_conv = (ty_info.var_name + " == null ? 0 : " + self.consts.get_ptr(ty_info.var_name), self.consts.add_ref("this", ty_info.var_name))) + ret_conv = ("uint64_t ret_" + ty_info.var_name + " = (uint64_t)", ";") + if holds_ref: + ret_conv = (ret_conv[0], " | 1;") return ConvInfo(ty_info = ty_info, arg_name = ty_info.var_name, arg_conv = ty_info.rust_obj + "* " + ty_info.var_name + "_conv = (" + ty_info.rust_obj + "*)(" + ty_info.var_name + " & ~1);", arg_conv_name = ty_info.var_name + "_conv", arg_conv_cleanup = None, - ret_conv = ("uint64_t ret_" + ty_info.var_name + " = (uint64_t)", ";"), ret_conv_name = "ret_" + ty_info.var_name, + ret_conv = ret_conv, ret_conv_name = "ret_" + ty_info.var_name, to_hu_conv = "TODO 3", to_hu_conv_name = None, from_hu_conv = None) # its a pointer, no conv needed assert False # We should have handled every case by now. diff --git a/genbindings.py b/genbindings.py index 5fd20628..1ac132ad 100755 --- a/genbindings.py +++ b/genbindings.py @@ -703,6 +703,7 @@ with open(sys.argv[1]) as in_h, open(f"{sys.argv[2]}/bindings{consts.file_ext}", if check_sfx is not None: write_c("CHECK(" + check_sfx[0] + "owner" + check_sfx[1] + ");\n") write_c("\treturn " + accessor[0] + "owner" + accessor[1] + ";\n") + holds_ref = True else: fn_defn = ptr_fn_defn write_c("static inline " + fn_defn + "{\n") -- 2.39.5