Ubuntu
python3.2 package

Union within structure causes segfault

  1. Precise (12.04)
  2. Bug #1026224
Bug #1026224 reported by avxs
4
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python2.7 (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned
Ubuntu precise-updates
python3.2 (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned
Ubuntu precise-updates

Bug Description

The following C program and python script result in a segmentation fault of the Python interpreter.

C program:

typedef struct AVS_Value AVS_Value;
struct AVS_Value {
 short type;
 short array_size;
 union {
  void* clip;
  long boolean;
  int integer;
  float floating;
  const char* string;
  const AVS_Value* val;
 } d;
};

int avs_set_var(void* p, const char* n, AVS_Value v) {
 return 0;
}

Python script:

import ctypes

avidll = ctypes.CDLL("./libtestlib.so")

class AVS_Value(ctypes.Structure, object):
    def __init__(self, val=None):
        self.type = 0 # 'i'
        self.array_size = 1
        self.d.i = 2

class U(ctypes.Union):
    _fields_ = [("c", ctypes.c_void_p),
                ("b", ctypes.c_long),
                ("i", ctypes.c_int),
                ("f", ctypes.c_float),
                ("s", ctypes.c_char_p),
                ("a", ctypes.POINTER(AVS_Value))]

AVS_Value._fields_ = [("type", ctypes.c_short),
                      ("array_size", ctypes.c_short),
                      ("d", U)]

avs_set_var = avidll.avs_set_var
avs_set_var.restype = ctypes.c_int
avs_set_var.argtypes = [ctypes.c_void_p, ctypes.c_char_p, AVS_Value]

print avs_set_var(ctypes.c_void_p(), b'test', AVS_Value())

Run like this:
$ gcc -shared -O0 mylib.c -o libmylib.so
$ python test.py
(segmentation fault)

(gdb) bt
#0 0x00007ffff61d6490 in examine_argument () from /usr/lib/python2.7/lib-dynload/_ctypes.so
#1 0x00007ffff61d65ba in ffi_prep_cif_machdep () from /usr/lib/python2.7/lib-dynload/_ctypes.so
#2 0x00007ffff61d3447 in ffi_prep_cif () from /usr/lib/python2.7/lib-dynload/_ctypes.so
#3 0x00007ffff61c7275 in _ctypes_callproc () from /usr/lib/python2.7/lib-dynload/_ctypes.so
#4 0x00007ffff61c7aa2 in PyCFuncPtr_call.2798 () from /usr/lib/python2.7/lib-dynload/_ctypes.so
#5 0x00000000004c7c76 in PyObject_Call ()
#6 0x000000000042aa4a in PyEval_EvalFrameEx ()
#7 0x00000000004317f2 in PyEval_EvalCodeEx ()
#8 0x000000000054b171 in PyRun_FileExFlags ()
#9 0x000000000054b7d8 in PyRun_SimpleFileExFlags ()
#10 0x000000000054c5d6 in Py_Main ()
#11 0x00007ffff68e576d in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#12 0x000000000041b931 in _start ()

Revision history for this message
avxs (avxsynth-testing-deactivatedaccount) wrote :

For reference, I tried this on 64-bit Natty and 32-bit Precise, both of which succeeded. The Python 3.2 interpreter also suffers from this issue.

Revision history for this message
Matthias Klose (doko) wrote :

this works with 2.7 and 3.3 in raring (13.04). Needs identifying the corresponding patch for 12.04 LTS. Maybe you could recheck with a recent libffi backported to 12.04 LTS?

Changed in python2.7 (Ubuntu):
status: New → Fix Released
Changed in python3.2 (Ubuntu):
status: New → Fix Released
Changed in python2.7 (Ubuntu Precise):
milestone: none → precise-updates
Changed in python3.2 (Ubuntu Precise):
milestone: none → precise-updates
Peter J. Mello (roguescholar)
Changed in python3.2 (Ubuntu Precise):
status: New → Fix Released
Changed in python2.7 (Ubuntu Precise):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.