This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: ctypes crash during PyFinalize when librt used
Type: crash Stage:
Components: ctypes Versions: Python 2.7
process
Status: closed Resolution: not a bug
Dependencies: Superseder:
Assigned To: Nosy List: angrylogic, vstinner
Priority: normal Keywords:

Created on 2014-03-12 00:29 by angrylogic, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
show_ctypes_bug.py angrylogic, 2014-03-12 00:29 Example test case that reproduces the crash
Messages (2)
msg213187 - (view) Author: Greg Harris (angrylogic) Date: 2014-03-12 00:29
When interacting with librt via a ctypes.Structure object I can reliably cause the python interpreter to crash during Py_Finalize *after* all of my code has executed.  It appears to only happen on structures that have been passed to the mq_getattributes call in librt.  Below is the output of GDB showing the crash with python2.7-dbg:

(gdb) run show_ctypes_bug.py 
Starting program: /usr/bin/python2.7-dbg show_ctypes_bug.py
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
Starting example
Creating queue
Loading attributes
Cleaning up
Completed example
Debug memory block at address p=0xb7ab5c28: API 'o'
    80 bytes originally requested
    The 3 pad bytes at p-3 are FORBIDDENBYTE, as expected.
    The 4 pad bytes at tail=0xb7ab5c78 are not all FORBIDDENBYTE (0xfb):
        at tail+0: 0x00 *** OUCH
        at tail+1: 0x00 *** OUCH
        at tail+2: 0x00 *** OUCH
        at tail+3: 0x00 *** OUCH
    The block was made by call #0 to debug malloc/realloc.
    Data at p: 00 00 00 00 b8 dd ad b7 ... 00 00 00 00 00 00 00 00
Fatal Python error: bad trailing pad byte

Program received signal SIGABRT, Aborted.
0xb7fdd424 in __kernel_vsyscall ()
(gdb) where
#0  0xb7fdd424 in __kernel_vsyscall ()
#1  0xb7be11df in raise () from /lib/i386-linux-gnu/libc.so.6
#2  0xb7be4825 in abort () from /lib/i386-linux-gnu/libc.so.6
#3  0x0817566a in Py_FatalError (msg=0x820a3a3 "bad trailing pad byte") at ../Python/pythonrun.c:1677
#4  0x080c2fab in _PyObject_DebugCheckAddressApi (api=111 'o', p=0xb7ab5c28) at ../Objects/obmalloc.c:1591
#5  0x080c2c8d in _PyObject_DebugFreeApi (api=111 'o', p=0xb7ab5c28) at ../Objects/obmalloc.c:1478
#6  0x080c2b62 in _PyObject_DebugFree (p=0xb7ab5c28) at ../Objects/obmalloc.c:1422
#7  0x0818d3d3 in PyObject_GC_Del (op=0xb7ab5c34) at ../Modules/gcmodule.c:1507
#8  0xb788e725 in PyCData_dealloc (self=<MessageQueueAttributes at remote 0xb7ab5c34>) at /build/buildd/python2.7-2.7.3/Modules/_ctypes/_ctypes.c:2544
#9  0x080e0251 in subtype_dealloc (self=<MessageQueueAttributes at remote 0xb7ab5c34>) at ../Objects/typeobject.c:1014
#10 0x080c12eb in _Py_Dealloc (op=<MessageQueueAttributes at remote 0xb7ab5c34>) at ../Objects/object.c:2243
#11 0x080b3e51 in insertdict (mp=0xb7bafdf4, key='attributes', hash=673635577, value=None) at ../Objects/dictobject.c:530
#12 0x080b47b4 in PyDict_SetItem (op=<unknown at remote 0x6>, key='attributes', value=None) at ../Objects/dictobject.c:775
#13 0x080bc924 in _PyModule_Clear (m=<module at remote 0xb7b72934>) at ../Objects/moduleobject.c:138
#14 0x08161cc9 in PyImport_Cleanup () at ../Python/import.c:445
#15 0x081726cd in Py_Finalize () at ../Python/pythonrun.c:454
#16 0x0818b4b1 in Py_Main (argc=2, argv=0xbfffef34) at ../Modules/main.c:664
#17 0x0805be8f in main (argc=2, argv=0xbfffef34) at ../Modules/python.c:23

The script being run above (show_ctypes_bug.py) is attached.
msg213188 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2014-03-12 00:35
MessageQueueAttributes structure is incomplete, you forgot a padding of 4 long.

It's not a bug in ctypes, but a bug in your application.
History
Date User Action Args
2022-04-11 14:57:59adminsetgithub: 65092
2014-03-12 00:35:20vstinnersetstatus: open -> closed

nosy: + vstinner
messages: + msg213188

resolution: not a bug
2014-03-12 00:29:02angrylogiccreate