-
-
Notifications
You must be signed in to change notification settings - Fork 31.7k
[easy C issue] ctypes: segfault with large number of callback arguments #57306
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
Reproducible in 2.7 and tip: [meadori@motherbrain cpython]$ ./python
Python 3.3.0a0 (default:61de28fa5537+d05350c14e77+, Oct 3 2011, 21:47:04)
[GCC 4.6.0 20110603 (Red Hat 4.6.0-10)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from ctypes import *
>>> NARGS = 2 ** 20
>>> proto = CFUNCTYPE(None, *(c_int,) * NARGS)
>>> def func(*args):
... return (1, "abc", None)
...
>>> cb = proto(func)
>>> cb(*(1,) * NARGS)
Segmentation fault (core dumped) |
As mentioned in bpo-12881, this issue is a result of an unbounded 'alloca' call that trashes the stack. |
Right, alloca() could be replaced by some malloc(), but is it really useful? After all, when a C function calls back to Python, all arguments needs to be pushed to the stack anyway. |
On Wed, Nov 30, 2011 at 6:20 AM, Amaury Forgeot d'Arc
The case is somewhat pathological. However, there are *four* 'alloca' I see two reasons switching to 'malloc' might be beneficial: (1) by That being said, if this does get changed it is low priority. |
Is there really an use case where you need 2 ** 20 (1,048,576) arguments? If yes, I'm not against the torture in this case :-) If no, why not raising an error if there are too many arguments? E.g. limit to 1,024 arguments or maybe just 10? |
On Thu, Dec 1, 2011 at 2:11 AM, STINNER Victor <report@bugs.python.org> wrote:
Not very likely :-) However, the segfault can occur with less
That is certainly an option. |
The issue continues in python 3.8.2. |
I suggest to raise an exception if it's called with more than 1024 arguments. |
Thanks Meador Inge for the bug report and thanks Sean Gillespie for the fix! It just took 9 years to fix this corner case ;-) Copy of the comment on the PR: I tried to rewrite _ctypes_callproc() to use PyMem_Malloc() instead of alloca(), but it's quite complicated. There are 3 arrays with a length of argcount items: args, avalues, atypes. Moreover, resbuf is also allocated with alloca(). When using PyMem_Malloc(), error handling is much more complicated. I also tried to restrict the overall usage of stack memory to 4096 bytes (size of one page on x86), but users would be surprised by CTYPES_MAX_ARGCOUNT value. I would say that raising an exception is better than crashing for a lot of arguments. If someone is blocked by this new limitation, in that case we can revisit the PyMem_Malloc() idea. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: