Union within structure causes segfault

Bug #1026227 reported by avxs on 2012-07-18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python3.2 (Ubuntu)

Bug Description

The following C program and python script result in a segmentation fault of the Python interpreter.

C program:

typedef struct AVS_Value AVS_Value;
struct AVS_Value {
 short type;
 short array_size;
 union {
  void* clip;
  long boolean;
  int integer;
  float floating;
  const char* string;
  const AVS_Value* val;
 } d;

int avs_set_var(void* p, const char* n, AVS_Value v) {
 return 0;

Python script:

import ctypes

avidll = ctypes.CDLL("./libtestlib.so")

class AVS_Value(ctypes.Structure, object):
    def __init__(self, val=None):
        self.type = 0 # 'i'
        self.array_size = 1
        self.d.i = 2

class U(ctypes.Union):
    _fields_ = [("c", ctypes.c_void_p),
                ("b", ctypes.c_long),
                ("i", ctypes.c_int),
                ("f", ctypes.c_float),
                ("s", ctypes.c_char_p),
                ("a", ctypes.POINTER(AVS_Value))]

AVS_Value._fields_ = [("type", ctypes.c_short),
                      ("array_size", ctypes.c_short),
                      ("d", U)]

avs_set_var = avidll.avs_set_var
avs_set_var.restype = ctypes.c_int
avs_set_var.argtypes = [ctypes.c_void_p, ctypes.c_char_p, AVS_Value]

print( avs_set_var(ctypes.c_void_p(), b'test', AVS_Value()) )

Run like this:
$ gcc -shared -O0 mylib.c -o libmylib.so
$ python test.py
(segmentation fault)

(gdb) bt
#0 0x00007ffff5fab000 in ?? () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#1 0x00007ffff5fab12a in ffi_prep_cif_machdep () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#2 0x00007ffff5fa77d7 in ffi_prep_cif () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#3 0x00007ffff61b82a5 in _ctypes_callproc ()
   from /usr/lib/python3.2/lib-dynload/_ctypes.cpython-32mu.so
#4 0x00007ffff61b8aa2 in ?? () from /usr/lib/python3.2/lib-dynload/_ctypes.cpython-32mu.so
#5 0x000000000041ee17 in PyObject_Call ()
#6 0x000000000045c2bc in PyEval_EvalFrameEx ()
#7 0x000000000046002d in PyEval_EvalCodeEx ()
#8 0x0000000000460b9b in PyEval_EvalCode ()
#9 0x0000000000480ce5 in ?? ()
#10 0x0000000000482791 in PyRun_FileExFlags ()
#11 0x00000000004831f9 in PyRun_SimpleFileExFlags ()
#12 0x0000000000494033 in Py_Main ()
#13 0x000000000041d307 in main ()

For reference, I tried this on 64-bit Natty and 32-bit Precise, both of which succeeded. The Python 2.7 interpreter also suffers from this issue.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers