[ python-Bugs-1701409 ] Segfault in c_char_p of ctypes
SourceForge.net
noreply at sourceforge.net
Thu Apr 19 08:58:13 CEST 2007
Bugs item #1701409, was opened at 2007-04-16 03:45
Message generated for change (Comment added) made by nnorwitz
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1701409&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Extension Modules
Group: None
Status: Open
Resolution: None
>Priority: 6
Private: No
Submitted By: sebastien Martini (seb_martini)
Assigned to: Thomas Heller (theller)
Summary: Segfault in c_char_p of ctypes
Initial Comment:
Hi,
I experienced a segmentation fault (when providing a wrong argument type to c_char_p) in the ctypes module under Linux and with the version 2.5 .
sundae:~$ python
Python 2.5.1c1 (release25-maint, Apr 6 2007, 22:02:36)
[GCC 4.1.2 (Ubuntu 4.1.2-0ubuntu4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from ctypes import *
>>> c_char_p(42)
zsh: segmentation fault (core dumped) python
sundae:~$
Regards,
Sebastien Martini
----------------------------------------------------------------------
>Comment By: Neal Norwitz (nnorwitz)
Date: 2007-04-18 23:58
Message:
Logged In: YES
user_id=33168
Originator: NO
> Do other platforms have a function that can do this check?
There's no platform independent way to do this.
I don't know anything about ctypes, but what might be a way to handle this
is providing a way to convert an integer into a pointer (like a void*).
Then all these routines could accept this void* type that you would define,
but not accept a raw integer. That means people would still have access to
do the same thing they can currently do, but it would be clearer that they
are playing with fire by converting any int into a pointer.
There are so many ways to use ctypes to crash, I'm not sure if this is
worth fixing, except perhaps in the docs to point out the issues.
----------------------------------------------------------------------
Comment By: Thomas Heller (theller)
Date: 2007-04-18 12:20
Message:
Logged In: YES
user_id=11105
Originator: NO
This is a difficult issue. The integer (which is interpreted as address)
is allowed because some libraries use 'char *' pointers initialized to
small, invalid addresses for special purposes.
On windows, printing a c_char_p(42) does not crash, it raises a ValueError
instead:
>>> from ctypes import *
>>> c_char_p(42)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ValueError: invalid string pointer 0x00B20B48
>>>
Windows does this by checking if there is a valid string at the address
(see Modules/_ctypes/cfield.c, line 1366) by calling the IsBadStringPointer
api function. Do other platforms have a function that can do this check?
If not, I'm afraid we would have to give up on the very convenient repr of
'normal' c_char_p instances:
>>> c_char_p("foo bar")
c_char_p('foo bar')
>>>
and only print the address (at least on non-windows).
----------------------------------------------------------------------
Comment By: Neal Norwitz (nnorwitz)
Date: 2007-04-18 00:37
Message:
Logged In: YES
user_id=33168
Originator: NO
Thanks for the bug report Sebastien.
This bug occurs in 2.5 and in the trunk, so it's not a regression.
Thomas, could you take a look? Integers are specifically allowed here
(floats are not). The problem is when trying to print the repr:
#0 PyString_FromString (str=0x2a <Address 0x2a out of bounds>) at
Objects/stringobject.c:108
#1 z_get (ptr=0x2ae1aa9d6450, size=8) at Modules/_ctypes/cfield.c:1373
#2 Simple_get_value (self=0x2ae1aa9d63f8) at
Modules/_ctypes/_ctypes.c:4007
#3 Simple_repr (self=0x2ae1aa9d63f8) at Modules/_ctypes/_ctypes.c:4095
#4 PyObject_Repr (v=0x2ae1aa9d63f8) at Objects/object.c:361
----------------------------------------------------------------------
Comment By: sebastien Martini (seb_martini)
Date: 2007-04-16 12:40
Message:
Logged In: YES
user_id=1528211
Originator: YES
c_wchar_p also contains this bug.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1701409&group_id=5470
More information about the Python-bugs-list
mailing list