[Bug 1026224] [NEW] Union within structure causes segfault

Zhengxiong Zhang zzhan at umich.edu
Wed Jul 18 16:24:25 UTC 2012 

Public bug reported:

The following C program and python script result in a segmentation fault
of the Python interpreter.

C program:

typedef struct AVS_Value AVS_Value;
struct AVS_Value {
	short type;
	short array_size;
	union {
		void* clip;
		long boolean;
		int integer;
		float floating;
		const char* string;
		const AVS_Value* val;
	} d;
};

int avs_set_var(void* p, const char* n, AVS_Value v) {
	return 0;
}

Python script:

import ctypes

avidll = ctypes.CDLL("./libtestlib.so")


class AVS_Value(ctypes.Structure, object):
    def __init__(self, val=None):
        self.type = 0 # 'i'
        self.array_size = 1
        self.d.i = 2


class U(ctypes.Union):
    _fields_ = [("c", ctypes.c_void_p),
                ("b", ctypes.c_long),
                ("i", ctypes.c_int),
                ("f", ctypes.c_float),
                ("s", ctypes.c_char_p),
                ("a", ctypes.POINTER(AVS_Value))]


AVS_Value._fields_ = [("type", ctypes.c_short),
                      ("array_size", ctypes.c_short),
                      ("d", U)]

avs_set_var = avidll.avs_set_var
avs_set_var.restype = ctypes.c_int
avs_set_var.argtypes = [ctypes.c_void_p, ctypes.c_char_p, AVS_Value]

print avs_set_var(ctypes.c_void_p(), b'test', AVS_Value())


Run like this:
$ gcc -shared -O0 mylib.c -o libmylib.so
$ python test.py
(segmentation fault)

(gdb) bt
#0  0x00007ffff61d6490 in examine_argument () from /usr/lib/python2.7/lib-dynload/_ctypes.so
#1  0x00007ffff61d65ba in ffi_prep_cif_machdep () from /usr/lib/python2.7/lib-dynload/_ctypes.so
#2  0x00007ffff61d3447 in ffi_prep_cif () from /usr/lib/python2.7/lib-dynload/_ctypes.so
#3  0x00007ffff61c7275 in _ctypes_callproc () from /usr/lib/python2.7/lib-dynload/_ctypes.so
#4  0x00007ffff61c7aa2 in PyCFuncPtr_call.2798 () from /usr/lib/python2.7/lib-dynload/_ctypes.so
#5  0x00000000004c7c76 in PyObject_Call ()
#6  0x000000000042aa4a in PyEval_EvalFrameEx ()
#7  0x00000000004317f2 in PyEval_EvalCodeEx ()
#8  0x000000000054b171 in PyRun_FileExFlags ()
#9  0x000000000054b7d8 in PyRun_SimpleFileExFlags ()
#10 0x000000000054c5d6 in Py_Main ()
#11 0x00007ffff68e576d in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#12 0x000000000041b931 in _start ()

** Affects: python2.7 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1026224

Title:
  Union within structure causes segfault

Status in “python2.7” package in Ubuntu:
  New

Bug description:
  The following C program and python script result in a segmentation
  fault of the Python interpreter.

  C program:

  typedef struct AVS_Value AVS_Value;
  struct AVS_Value {
  	short type;
  	short array_size;
  	union {
  		void* clip;
  		long boolean;
  		int integer;
  		float floating;
  		const char* string;
  		const AVS_Value* val;
  	} d;
  };

  int avs_set_var(void* p, const char* n, AVS_Value v) {
  	return 0;
  }

  Python script:

  import ctypes

  avidll = ctypes.CDLL("./libtestlib.so")

  
  class AVS_Value(ctypes.Structure, object):
      def __init__(self, val=None):
          self.type = 0 # 'i'
          self.array_size = 1
          self.d.i = 2

  
  class U(ctypes.Union):
      _fields_ = [("c", ctypes.c_void_p),
                  ("b", ctypes.c_long),
                  ("i", ctypes.c_int),
                  ("f", ctypes.c_float),
                  ("s", ctypes.c_char_p),
                  ("a", ctypes.POINTER(AVS_Value))]

  
  AVS_Value._fields_ = [("type", ctypes.c_short),
                        ("array_size", ctypes.c_short),
                        ("d", U)]

  avs_set_var = avidll.avs_set_var
  avs_set_var.restype = ctypes.c_int
  avs_set_var.argtypes = [ctypes.c_void_p, ctypes.c_char_p, AVS_Value]

  print avs_set_var(ctypes.c_void_p(), b'test', AVS_Value())

  
  Run like this:
  $ gcc -shared -O0 mylib.c -o libmylib.so
  $ python test.py
  (segmentation fault)

  (gdb) bt
  #0  0x00007ffff61d6490 in examine_argument () from /usr/lib/python2.7/lib-dynload/_ctypes.so
  #1  0x00007ffff61d65ba in ffi_prep_cif_machdep () from /usr/lib/python2.7/lib-dynload/_ctypes.so
  #2  0x00007ffff61d3447 in ffi_prep_cif () from /usr/lib/python2.7/lib-dynload/_ctypes.so
  #3  0x00007ffff61c7275 in _ctypes_callproc () from /usr/lib/python2.7/lib-dynload/_ctypes.so
  #4  0x00007ffff61c7aa2 in PyCFuncPtr_call.2798 () from /usr/lib/python2.7/lib-dynload/_ctypes.so
  #5  0x00000000004c7c76 in PyObject_Call ()
  #6  0x000000000042aa4a in PyEval_EvalFrameEx ()
  #7  0x00000000004317f2 in PyEval_EvalCodeEx ()
  #8  0x000000000054b171 in PyRun_FileExFlags ()
  #9  0x000000000054b7d8 in PyRun_SimpleFileExFlags ()
  #10 0x000000000054c5d6 in Py_Main ()
  #11 0x00007ffff68e576d in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
  #12 0x000000000041b931 in _start ()

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1026224/+subscriptions

More information about the foundations-bugs mailing list