[Bug 1026227] [NEW] Union within structure causes segfault

Zhengxiong Zhang zzhan at umich.edu
Wed Jul 18 16:28:18 UTC 2012 

Public bug reported:

The following C program and python script result in a segmentation fault
of the Python interpreter.

C program:

typedef struct AVS_Value AVS_Value;
struct AVS_Value {
 short type;
 short array_size;
 union {
  void* clip;
  long boolean;
  int integer;
  float floating;
  const char* string;
  const AVS_Value* val;
 } d;
};

int avs_set_var(void* p, const char* n, AVS_Value v) {
 return 0;
}

Python script:

import ctypes

avidll = ctypes.CDLL("./libtestlib.so")

class AVS_Value(ctypes.Structure, object):
    def __init__(self, val=None):
        self.type = 0 # 'i'
        self.array_size = 1
        self.d.i = 2

class U(ctypes.Union):
    _fields_ = [("c", ctypes.c_void_p),
                ("b", ctypes.c_long),
                ("i", ctypes.c_int),
                ("f", ctypes.c_float),
                ("s", ctypes.c_char_p),
                ("a", ctypes.POINTER(AVS_Value))]

AVS_Value._fields_ = [("type", ctypes.c_short),
                      ("array_size", ctypes.c_short),
                      ("d", U)]

avs_set_var = avidll.avs_set_var
avs_set_var.restype = ctypes.c_int
avs_set_var.argtypes = [ctypes.c_void_p, ctypes.c_char_p, AVS_Value]

print( avs_set_var(ctypes.c_void_p(), b'test', AVS_Value()) )

Run like this:
$ gcc -shared -O0 mylib.c -o libmylib.so
$ python test.py
(segmentation fault)

(gdb) bt
#0  0x00007ffff5fab000 in ?? () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#1  0x00007ffff5fab12a in ffi_prep_cif_machdep () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#2  0x00007ffff5fa77d7 in ffi_prep_cif () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#3  0x00007ffff61b82a5 in _ctypes_callproc ()
   from /usr/lib/python3.2/lib-dynload/_ctypes.cpython-32mu.so
#4  0x00007ffff61b8aa2 in ?? () from /usr/lib/python3.2/lib-dynload/_ctypes.cpython-32mu.so
#5  0x000000000041ee17 in PyObject_Call ()
#6  0x000000000045c2bc in PyEval_EvalFrameEx ()
#7  0x000000000046002d in PyEval_EvalCodeEx ()
#8  0x0000000000460b9b in PyEval_EvalCode ()
#9  0x0000000000480ce5 in ?? ()
#10 0x0000000000482791 in PyRun_FileExFlags ()
#11 0x00000000004831f9 in PyRun_SimpleFileExFlags ()
#12 0x0000000000494033 in Py_Main ()
#13 0x000000000041d307 in main ()

** Affects: python3.2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3.2 in Ubuntu.
https://bugs.launchpad.net/bugs/1026227

Title:
  Union within structure causes segfault

Status in “python3.2” package in Ubuntu:
  New

Bug description:
  The following C program and python script result in a segmentation
  fault of the Python interpreter.

  C program:

  typedef struct AVS_Value AVS_Value;
  struct AVS_Value {
   short type;
   short array_size;
   union {
    void* clip;
    long boolean;
    int integer;
    float floating;
    const char* string;
    const AVS_Value* val;
   } d;
  };

  int avs_set_var(void* p, const char* n, AVS_Value v) {
   return 0;
  }

  Python script:

  import ctypes

  avidll = ctypes.CDLL("./libtestlib.so")

  class AVS_Value(ctypes.Structure, object):
      def __init__(self, val=None):
          self.type = 0 # 'i'
          self.array_size = 1
          self.d.i = 2

  class U(ctypes.Union):
      _fields_ = [("c", ctypes.c_void_p),
                  ("b", ctypes.c_long),
                  ("i", ctypes.c_int),
                  ("f", ctypes.c_float),
                  ("s", ctypes.c_char_p),
                  ("a", ctypes.POINTER(AVS_Value))]

  AVS_Value._fields_ = [("type", ctypes.c_short),
                        ("array_size", ctypes.c_short),
                        ("d", U)]

  avs_set_var = avidll.avs_set_var
  avs_set_var.restype = ctypes.c_int
  avs_set_var.argtypes = [ctypes.c_void_p, ctypes.c_char_p, AVS_Value]

  print( avs_set_var(ctypes.c_void_p(), b'test', AVS_Value()) )

  Run like this:
  $ gcc -shared -O0 mylib.c -o libmylib.so
  $ python test.py
  (segmentation fault)

  (gdb) bt
  #0  0x00007ffff5fab000 in ?? () from /usr/lib/x86_64-linux-gnu/libffi.so.6
  #1  0x00007ffff5fab12a in ffi_prep_cif_machdep () from /usr/lib/x86_64-linux-gnu/libffi.so.6
  #2  0x00007ffff5fa77d7 in ffi_prep_cif () from /usr/lib/x86_64-linux-gnu/libffi.so.6
  #3  0x00007ffff61b82a5 in _ctypes_callproc ()
     from /usr/lib/python3.2/lib-dynload/_ctypes.cpython-32mu.so
  #4  0x00007ffff61b8aa2 in ?? () from /usr/lib/python3.2/lib-dynload/_ctypes.cpython-32mu.so
  #5  0x000000000041ee17 in PyObject_Call ()
  #6  0x000000000045c2bc in PyEval_EvalFrameEx ()
  #7  0x000000000046002d in PyEval_EvalCodeEx ()
  #8  0x0000000000460b9b in PyEval_EvalCode ()
  #9  0x0000000000480ce5 in ?? ()
  #10 0x0000000000482791 in PyRun_FileExFlags ()
  #11 0x00000000004831f9 in PyRun_SimpleFileExFlags ()
  #12 0x0000000000494033 in Py_Main ()
  #13 0x000000000041d307 in main ()

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3.2/+bug/1026227/+subscriptions

More information about the foundations-bugs mailing list