classification
Title: type() cause segmentation fault in callback function called from C extension
Type: Stage:
Components: C API Versions: Python 3.8, Python 3.7
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: Giacomo Mazzamuto, karczex, pablogsal
Priority: normal Keywords:

Created on 2020-01-09 13:52 by karczex, last changed 2020-01-12 20:04 by Giacomo Mazzamuto.

Files
File name Uploaded Description Edit
cpython_type_segfaulter.tgz karczex, 2020-01-09 13:52 type() segfault reproducer
Messages (2)
msg359680 - (view) Author: Paweł Karczewski (karczex) Date: 2020-01-09 13:52
How to reproduce:

1. Create callback function, which may take any object and run type() on it
  def builtin_type_in_callback(obj):
          type(obj)

2. Create C extension with two types defined in it - Internal and External. 
  Eternal type should implement method (let's name it Call), which can get callback function

		static PyObject *
		Call(ExternalObject *self, PyObject* args) {
		PyObject* python_callback;
		if (!PyArg_ParseTuple(args, "O:set_callback",  &python_callback)) {
			return NULL;
		}
		callback_runner(python_callback);
		if(PyErr_Occurred() != NULL)
			return NULL;
		Py_RETURN_NONE;
		}  
  Inside this function create object of Internal type and pass it to callback function
	void callback_runner(void* callback_function)  {
		InternalObject *entry = PyObject_New(InternalObject, &InternalType);
		PyObject_Init((PyObject*)entry, &InternalType);
		PyObject *args = PyTuple_New(1);
		if (args != NULL) {
			if (PyTuple_SetItem(args, 0, (PyObject *)entry) == 0) {
				PyObject *res = PyObject_CallObject((PyObject *) callback_function, args);
				Py_XDECREF(res);
			}
		}
		
When type() is called on object of Internal type segmentation fault occur. However, if dir() was called
on such object before type(), type() works properly and returns type of Internal Object.

For more details please look into reproducer code.
msg359866 - (view) Author: Giacomo Mazzamuto (Giacomo Mazzamuto) Date: 2020-01-12 20:04
Hello,

the segmentation fault is also resolved by finalizing the initialization of InternalType by calling PyType_Ready(&InternalType), just like you do with ExternalType
History
Date User Action Args
2020-01-12 20:04:49Giacomo Mazzamutosetnosy: + Giacomo Mazzamuto
messages: + msg359866
2020-01-09 17:13:03pablogsalsetmessages: - msg359687
2020-01-09 17:10:01pablogsalsetnosy: + pablogsal
messages: + msg359687
2020-01-09 13:52:14karczexcreate