[New-bugs-announce] [issue41883] ctypes pointee goes out of scope, then pointer in struct dangles and crashes

Ian M. Hoffman report at bugs.python.org
Mon Sep 28 23:40:06 EDT 2020


New submission from Ian M. Hoffman <hoffman.ian.m at gmail.com>:

A description of the problem, complete example code for reproducing it, and a work-around are available on SO at the link:

https://stackoverflow.com/questions/64083376/python-memory-corruption-after-successful-return-from-a-ctypes-foreign-function

In summary: (1) create an array within a Python function, (2) create a ctypes.Structure with a pointer to that array, (3) return that struct from the Python function, (4) pass the struct out and back to a foreign function, (5) Python can successfully dereference the return from the foreign function, then (6) Python crashes.

As far as I can tell, when the array in the function goes out of scope at the end of the function, the pointer to it in the struct becomes dangling ... but the dangling doesn't catch up with Python until the very end when the Python struct finally goes out of scope in Python and the GC can't find its pointee.

I've reproduced this on Windows and linux with gcc- and MSVC-compiled Python 3.6 and 3.8.

Perhaps it is not good practice on my part to have let the array go out of scope, but perhaps a warning from Python (or at least some internal awareness that the memory is no longer addressed) is in order so that Python doesn't crash upon failing to free it.

This may be related to #39217; I can't tell.

----------
components: ctypes
messages: 377652
nosy: NankerPhelge
priority: normal
severity: normal
status: open
title: ctypes pointee goes out of scope, then pointer in struct dangles and crashes
type: crash
versions: Python 3.6, Python 3.7, Python 3.8

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue41883>
_______________________________________


More information about the New-bugs-announce mailing list