Ubuntu
python3.2 package

Union within structure causes segfault

Bug #1026227 reported by avxs
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python3.2 (Ubuntu)
New
Undecided
Unassigned

Bug Description

The following C program and python script result in a segmentation fault of the Python interpreter.

C program:

typedef struct AVS_Value AVS_Value;
struct AVS_Value {
 short type;
 short array_size;
 union {
  void* clip;
  long boolean;
  int integer;
  float floating;
  const char* string;
  const AVS_Value* val;
 } d;
};

int avs_set_var(void* p, const char* n, AVS_Value v) {
 return 0;
}

Python script:

import ctypes

avidll = ctypes.CDLL("./libtestlib.so")

class AVS_Value(ctypes.Structure, object):
    def __init__(self, val=None):
        self.type = 0 # 'i'
        self.array_size = 1
        self.d.i = 2

class U(ctypes.Union):
    _fields_ = [("c", ctypes.c_void_p),
                ("b", ctypes.c_long),
                ("i", ctypes.c_int),
                ("f", ctypes.c_float),
                ("s", ctypes.c_char_p),
                ("a", ctypes.POINTER(AVS_Value))]

AVS_Value._fields_ = [("type", ctypes.c_short),
                      ("array_size", ctypes.c_short),
                      ("d", U)]

avs_set_var = avidll.avs_set_var
avs_set_var.restype = ctypes.c_int
avs_set_var.argtypes = [ctypes.c_void_p, ctypes.c_char_p, AVS_Value]

print( avs_set_var(ctypes.c_void_p(), b'test', AVS_Value()) )

Run like this:
$ gcc -shared -O0 mylib.c -o libmylib.so
$ python test.py
(segmentation fault)

(gdb) bt
#0 0x00007ffff5fab000 in ?? () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#1 0x00007ffff5fab12a in ffi_prep_cif_machdep () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#2 0x00007ffff5fa77d7 in ffi_prep_cif () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#3 0x00007ffff61b82a5 in _ctypes_callproc ()
   from /usr/lib/python3.2/lib-dynload/_ctypes.cpython-32mu.so
#4 0x00007ffff61b8aa2 in ?? () from /usr/lib/python3.2/lib-dynload/_ctypes.cpython-32mu.so
#5 0x000000000041ee17 in PyObject_Call ()
#6 0x000000000045c2bc in PyEval_EvalFrameEx ()
#7 0x000000000046002d in PyEval_EvalCodeEx ()
#8 0x0000000000460b9b in PyEval_EvalCode ()
#9 0x0000000000480ce5 in ?? ()
#10 0x0000000000482791 in PyRun_FileExFlags ()
#11 0x00000000004831f9 in PyRun_SimpleFileExFlags ()
#12 0x0000000000494033 in Py_Main ()
#13 0x000000000041d307 in main ()

Revision history for this message
avxs (avxsynth-testing-deactivatedaccount) wrote :

For reference, I tried this on 64-bit Natty and 32-bit Precise, both of which succeeded. The Python 2.7 interpreter also suffers from this issue.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.