Closed ghost closed 6 years ago
patch against rev 1.19 of oleargs.cpp
Original comment by: shacktoms
Logged In: YES user_id=14198
Thanks! Looks right to me. I will check it in as soon as I re-run all the tests.
Original comment by: mhammond
Original comment by: mhammond
Original comment by: mhammond
Logged In: YES user_id=14198
Fixed in revision 1.21, so already in the latest win32all
Thanks
Original comment by: mhammond
There is a memory leak associated with events delivered through the IConnectionPoint interface. The leak occurs when a ByRef VARIANT parameter is passed through the interface as an inout parameter.
The culprit appears to be oleargs.cpp, specifically the routine PythonOleArgHelper::MakeObjToVariant, which is called to replace the original VARIANT with the returned one. In the case VT_VARIANT | VT_BYREF, with bCreateBuffers as false, the routine calls VariantClear(var), which only clears the referencing VARIANT and not the referenced one. This call should be VariantClear(V_VARIANTREF(var)), which will clear memory held by the referenced VARIANT before the subsequent call to PyCom_VariantFromPyObject simply overwrites that VARIANT.
The code as written depends on V_VARIANTREF(var) to remain valid after calling VariantClear(var), which seems a dangerous assumption.
Note that this repair follows the same logic as is used in the existing code for the VT_BSTR | VT_BYREF case, in which SysFreeString(*V_BSTRREF(var)) is called, for the reason that VariantClear(var) wouldn't free the indirectly referenced BSTR.
Reported by: shacktoms
Original Ticket: "pywin32/bugs/17":https://sourceforge.net/p/pywin32/bugs/17