PyUnicode_FromEncodedObject() currently calls PyObject_AsCharBuffer() to
get the buffer pointer and length of a buffer supporting object. It
should be changed to support the buffer protocol correctly instead.

I filed this as a crash bug as the buffer protocol allows a buffer
supporting object to discard its buffer when the release function is
called. The decode function uses the buffer only *after* releasing it,
thus provoking a crash for objects that implement the buffer protocol
correctly in that they do not allow access to the buffer after the release.

@Stefan can you provide a patch for this?

Here's a patch against the latest py3k. The following will call the new code, for example:

  str(memoryview(b'abc'), 'ASCII')

whereas bytes and bytesarray continue to use their own special casing code (which has also changed a bit since I wanted to avoid code duplication).

For testing, I wrote a short Cython module that implements the buffer protocol in an extension type and freshly allocates a new bytes object as buffer on each access:

  from cpython.ref cimport Py_INCREF, Py_DECREF, PyObject

  cdef class Test:
      def __getbuffer__(self, Py_buffer* buffer, int flags):
          s = b'abcdefg' * 10
          buffer.buf = <char*> s
          buffer.obj = self
          buffer.len = len(s)
          Py_INCREF(s)
          buffer.internal = <void*> s

      def __releasebuffer__(self, Py_buffer* buffer):
          Py_DECREF(<object>buffer.internal)

Put it into a file "buftest.pyx", build it, start up Python 3.x and call

    >>> import buftest
    >>> print(len( str(buftest.Test(), "ASCII") ))

Under the unpatched Py3, this raises a decoding exception for me when it tries to decode data from the deallocated bytes object. Other systems may happily crash here. The patched Python runtime prints '70' as expected.

I think the bytearray special-casing should be removed. Otherwise one can reallocate the buffer in another thread while it is being used for decoding.

Doesn't the GIL protect the bytearray buffer? Or does decoding free the GIL?

Regardless of the answer, I think Antoine is right, special cases aren't special enough to break the rules, and this is a special case that's more safely handled as part of the normal buffer case.

Updated patch uploaded.

> Doesn't the GIL protect the bytearray buffer? Or does decoding free the GIL?

Well, decoding can call arbitrary Python code and therefore, yes,
release the GIL.

Ironically, PyUnicode_Decode() itself (called from
PyUnicode_FromEncodedObject()) fills a dummy Py_buffer object before
wrapping it into a memoryview... ;)

... and another complete patch that refactors the complete function to make it clearer what happens. Includes a small code duplication for the bytes object case, which I think it acceptable.

Another updated patch with a readability fix (replacing the last one).

Stefan Behnel wrote:
> 
> Stefan Behnel <scoder@users.sourceforge.net> added the comment:
> 
> Another updated patch with a readability fix (replacing the last one).

While you're at it, you might as well remove references to the
"char buffer" - there's no such thing in Python3 anymore.

We only have read buffers in Python3.

When I read the comments and exception texts in the function, it didn't occur to me that "char buffer" could have been used as a name for the old Py2 buffer interface. From the context, it totally makes sense to me that the function (which decodes a byte sequence into a unicode string) complains about not getting a "bytes object or char buffer" as input. Admittedly, this might sound slightly different when read in Python space.

Patch committed in r84394 (py3k) and r84396 (3.1). Thank you Stefan!