FS#41502 - [python2] stack smash when using libffi to access union

Attached to Project: Arch Linux
Opened by wes (Nisstyre56) - Thursday, 07 August 2014, 22:17 GMT
Last edited by freswa (frederik) - Sunday, 13 September 2020, 13:20 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Angel Velasquez (angvp)
Felix Yan (felixonmars)
Architecture x86_64
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:
python2 fails with a 'stack smashing detected' error and aborts when trying to access a C union using libffi

Steps to reproduce:
gcc -c -fpic -Wall -Wextra -pedantic -Wpointer-arith -Werror -std=c99 -O0 ./test.c -o test.o
gcc -shared -o test.so test.o
python2 test.py

Also fails with clang instead of gcc.

python2 version: 2.7.8
gcc version: 4.9.1
clang version: 3.4.2

I have checked with someone else and the exception does not appear on a machine running Ubuntu 12.04.
This task depends upon

Closed by  freswa (frederik)
Sunday, 13 September 2020, 13:20 GMT
Reason for closing:  Upstream
Comment by wes (Nisstyre56) - Thursday, 07 August 2014, 23:33 GMT
Also the most likely place the bug occurs seems to be http://svn.python.org/projects/python/trunk/Modules/_ctypes/callproc.c specifically _ctypes_callproc which calls the actual C function using libffi's ffi_prep_cif function (which calls ffi_prep_cif_machdep). So this could be a bug in how python2 uses libffi, or just in libffi, but it doesn't appear to be likely to be a libffi bug.
Comment by wes (Nisstyre56) - Friday, 08 August 2014, 21:41 GMT
I've narrowed it down to the system version of libffi, see a shell script I wrote that automates the whole thing: https://primop.me/crashpython.sh
This also causes a segfault on Ubuntu 13.10
Comment by Felix Yan (felixonmars) - Wednesday, 17 September 2014, 08:54 GMT
Hi, this is most likely an upstream bug, so opening an issue on their bug tracker would be more helpful, thanks.
Comment by wes (Nisstyre56) - Wednesday, 17 September 2014, 18:09 GMT
I've done that (a while ago). Never got much response. I think it's a bug in how python uses libffi. http://bugs.python.org/issue22171
Comment by wes (Nisstyre56) - Wednesday, 17 September 2014, 18:10 GMT
Also the version of libffi that comes with python seems to be working (it's an older version). I had planned on trying to narrow it down that way (using git bisect or something) but never got around to it. I might be able to soon.
Comment by wes (Nisstyre56) - Tuesday, 30 September 2014, 05:34 GMT
If I use the git version it seems to work, but I get the error with Arch's build, so I think it is Arch's problem.
i.e.
git clone https://github.com/atgreen/libffi.git
and then LD_PRELOAD=./x86_64-unknown-linux-gnu/.libs/libffi.so python2 test.py after building, that works.

Loading...