[New-bugs-announce] [issue39217] GC of a ctypes object causes application crash

Kevin Schlossser report at bugs.python.org
Sat Jan 4 20:59:59 EST 2020

New submission from Kevin Schlossser <kevin.g.schlosser at gmail.com>:

I guess this is a question as much as it is a bug report. I know that all kinds of strange behavior can happen when using ctypes improperly. This is what is taking place. I can provide code if needed. but lets work off of my description of what is taking place first.

I am querying DeviceIoControl which is apart of the Windows API..

I have a function that has ctypes objects passed to it.. it does whatever it is that is needed to call DeviceIoControl. I have narrow it down to a single object and I ran the visual studio debugger and it traced the problem back to the garbage collector.

So this is the basic layout..


def IOControl(io_ctrl, inBuffer, outBuffer, outBufferSize=None):

    if outBuffer is None:
        outBufferSize = INT(0) 

        pOutBuffer = ctypes.byref(outBuffer)

        if outBufferSize is None:
            outBufferSize = INT(ctypes.sizeof(outBuffer))
            outBufferSize = INT(outBufferSize)

    if inBuffer is None:
        inBufferSize = INT(0) 
        pInBuffer = ctypes.byref(inBuffer)
        inBufferSize = INT(ctypes.sizeof(inBuffer))


    class SomeStructure(ctypes.Structure):

        _fields_ = [
            ('SomeField1', ULONG),
            ('SomeField2, LONG * 100,

out_buffer = SomeStructure()
buf_size = ctypes.sizeof(out_buffer)

    'some io control code', 
    out_buffer , 

The code above will crash Python and the debug leads back to an error in the GC.

I do not know what the internals of ctypes are or how they function. when using ctypes.byref() to create a pointer I would imagine that the original instance is held somewhere inside of the pointer. But when it gets passed off to the Windows function where it does or what it does is unknown to me. The process if doing this is more complex then what is above It is for example purposes.. There is another in the Windows API that will wait for data to be had from the first function call.

The funny thing is the first time it goes though IOControl without incident. its repeated attempts that cause the appcrash. 

If someone has a reason as to why this is taking place I am ready to learn!!!... I find it odd behavior that once i mode the code from that function into the same namespace where that function was originally called form everything works fine and no application crashes happen 

The debugger pointed to data that was being passed to a GC macro or function that did not have the information correct. It was pretty car into the GC code before the application crash happens. 

I am also able to provide the results of running the debugger

any help/information would be greatly appreciated.

components: ctypes
messages: 359318
nosy: Kevin Schlossser
priority: normal
severity: normal
status: open
title: GC of a ctypes object causes application crash
type: crash
versions: Python 2.7, Python 3.7

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list