Author Sam.Kerr
Recipients Sam.Kerr, amaury.forgeotdarc, belopolsky, doko, meador.inge, seanmccully, wes.kerfoot
Date 2018-12-27.00:08:16
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1545869296.79.0.99969941233.issue22171@roundup.psfhosted.org>
In-reply-to
Content
I was also able to get the stack smashing behavior with the following:
OS: Linux slaptop 4.19.12-arch1-1-ARCH #1 SMP PREEMPT Fri Dec 21 13:56:54 UTC 2018 x86_64 GNU/Linux
GCC: gcc (GCC) 8.2.1 20181127

I was able to track down the issue into the src/x86/ffi64.c file inside libffi. Because more than 4 (the #define'd MAX_CLASSES value in libffi) items were passed, libffi writes outside an array boundary, which is what causes the stack smashing. 

I forked libffi and added an assert to prove this is what is happening. You can find it at https://github.com/stkerr/libffi/commit/80bca6647702ffd846c655be14d8306ef24ca2dd. Just as a quick test, I tried to increase the MAX_CLASSES value to 40, which is far more than the 9 in the crashing example. I'm 99% positive changing the MAX_CLASSES magic value isn't the right way to solve this issue, but it may give a hint on the proper way to address it.

I'm not sure at this point if this behavior is something for libffi to fix or how Python calls libffi though. I'll keep looking, but hopefully this helps someone else make some progress.
History
Date User Action Args
2018-12-27 00:08:18Sam.Kerrsetrecipients: + Sam.Kerr, doko, amaury.forgeotdarc, belopolsky, meador.inge, seanmccully, wes.kerfoot
2018-12-27 00:08:16Sam.Kerrsetmessageid: <1545869296.79.0.99969941233.issue22171@roundup.psfhosted.org>
2018-12-27 00:08:16Sam.Kerrlinkissue22171 messages
2018-12-27 00:08:16Sam.Kerrcreate