gh-123290: curses: fix reference leaks in error-branches and cleanup module's initialization

[picnixz]

In this PR, we prepare the cursesmodule for #123630 and clean-up some bits. To that end, we:

• ensure that error branches correctly free resources (even if the error is usually "critical", in the sense that the interpreter would exit after reporting it).
• protect macros against dangling else using do { ... } while (0) constructions.
• use upper-case names for global variables; this helps the readability of the module.

There are some un-necessary PyObject * casts that will be removed if I were to move from a static type to a heap type, so I won't do it now.

---

Now I have an important question. There is a global variable named ModDict which is set to the module's dict upon initialization. It is then used in initscr() to add other constants. However, AFACIT, this variable is only used as a convenience to avoid re-querying the module's dict, right? Or is there some deeper meaning where I must use a global variable to store tha module's dict?

cc @vstinner @encukou

• Issue: Multiple reference leaks in curses error-branches  #123290

[vstinner]

I don't think that it's useful since we free() the memory a few lines below. Same remark for wo->encoding = NULL;.

[picnixz]

I didn't really know whether delwin(wo->win) checks if its argument is NULL or not so I wanted to be sure (I'll check the manual more in detail tomorrow).

[picnixz]

FTR, from the man page:

X/Open defines no error conditions. In this implementation

delwin
returns an error if the window pointer is null, or if the window is the parent of another window.
This implementation also maintains a list of windows, and checks that the pointer passed to delwin is one that it created, returning an error if it was not.

I added a comment saying that we silently ignore any error in delwin.

[vstinner]

This check is not needed, PyMem_Free(NULL) is well defined: it does nothing.

[picnixz]

Ah, I see why I thought it wasn't. Actually, the online docs tell me that it's a no-op but the implementation does not tell me directly. I'll make the modifications tomorrow as well (actually I'll do everything tomorrow).

[vstinner]

PyMem_Free():

If p is NULL, no operation is performed.

https://docs.python.org/dev/c-api/memory.html#c.PyMem_Free

[vstinner]

I dislike CHECK_NOT_NULL_OR_ERROR() macro, it makes the code less readable. I prefer the explicit existing if (!result) return NULL; code.

[vstinner]

I don't understand this macro. I would prefer:

if (!update_lines_cols(module)) goto error;

CHECK_RET_FLAG_OR_ERROR + goto makes the code less straightforward.

[picnixz]

Maybe my naming sense is terrible but it was something I found in the code sometimes (e.g., CHECK_INT in _decimal.c). But I'll change the macros since it's probably better to reduce the diff rather than reducing the overall number of lines.

[picnixz]

EDIT: I think I know why the macro was confusing (probably because of the FLAG part; should have been CHECK_RET_BOOL but it's not really a good idea either). I'll remove it and use an explicit if (!(...)).

[vstinner]

Are these 4 variables moved to the module state later? If yes, these changes look redundant. If no, why not? :-)

[picnixz]

Are these 4 variables moved to the module state later?

No. Because I totally forgot about them in the other PR. But here, when I was isolating the components to select, I was like "hum, but those are actually global variables" and it confused me to have them in lowercase as if they were local variables :(

[vstinner]

I think that i'm ok with renaming these variables, but I'm less comfortable with uppercase names. Uppercase is somehow reserved to macros in C (in CPython at least). I suggest to rename these variables to lowercase.

[vstinner]

I would expect a macro getting a module, a key and a value. Rather than a macro taking a function call.

[vstinner]

I suggest to rename the macro to DICT_ADD_INT_VALUE.

[picnixz]

I thought about it but wondered whether it was necessary to indicate in the name the fact that we jump to the error label. If you think a comment is sufficient, I can rename it.

[vstinner]

I don't think that these 3 macros are useful. They hide the goto which makes it to follow code using them (IMO).

[picnixz]

I think it's a matter of personal taste but I can also understand your stand on that matter. Personally, what I find hard to read is when you have all those if(...) { goto error; } spread on 3 lines. I would find them much easier to read if PEP 7 allowed me to write if (!(STATUS)) goto error;. On the other hand, with those macros, you may be also introduce errors where you need to free resources before jumping to error so they should be used carefully...

I had alternatives where you would just put whatever cleanup statements you want when invoking the macro but I felt it would be even less readable...

[picnixz]

Thanks for the review Victor. I'll address your comments tomorrow!

[picnixz]

@vstinner I eventually removed the if (x == NULL) goto error and the if (!x) goto error macros. I kept the CHECK_RET_CODE_OR_ERROR and the macro for adding an int to a dict but removed their _OR_ERROR suffixes and wrote a comment instead.

I also added a local macro for adding the LINES and COLS constants. Please tell me if there is anything else to change! (again, thanks a lot for your feedback).

[vstinner]

I have mixed feelings about this PR. IMO it changes too many different things at once, so it's hard to review. For example, it adds a module argument to update_lines_cols(): the rationale for this change is unclear to me. It also adds ; to PyCursesInitialised which is unrelated. It also renames some variables. And the main part: fixing reference leaks.

Would it be possible to try to write a minimum change only to fix refleaks? Without the large refactoring?

[vstinner]

I would suggest to remove this assertion. It sounds unlikely that the exception is NULL when this macro is used. If there is a risk, I would suggest to handle the test in the caller instead.

[vstinner]

Is this (long) cast really needed?

[picnixz]

I think the compiler won't complain but I'm not entirely sure since we use macros. If an implementation uses typed global variables, we might want to force the cast (I've seen both usages of explicit casting and sometimes not but I don't think the cast hurts)

[vstinner]

Suggested change

	PyObject *module_dict = PyModule_GetDict(module);
	PyObject *module_dict = PyModule_GetDict(module); // borrowed ref

[vstinner]

Can you exit early? Start with if (start_color() == ERR) { ... return ... } so you can remove one indentation level.

[vstinner]

I think that i'm ok with renaming these variables, but I'm less comfortable with uppercase names. Uppercase is somehow reserved to macros in C (in CPython at least). I suggest to rename these variables to lowercase.

[vstinner]

Can you move this comment in the comment 1 line above?

[vstinner]

I don't think that it's useful to undefine macros at the end of the file. It's ok to have macros defined for a whole C file.

[picnixz]

I discussed with Victor and I'll split the work (again) into smaller PRs:

• PR fixing ref-leaks in error branches
• PR protecting existing macros using do { ... } while (0) constructions
• PR renaming global variables and removing the ModDict global variable as well.

(Hence, I'm closing this one, again).