Bug 1244261
Summary: | [abrt] fros: XCloseDisplay(): python3.4 killed by SIGSEGV | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ilia Gradina <ilya.gradina> | ||||||||||||||||||||||||
Component: | fros | Assignee: | Jakub Filak <jfilak> | ||||||||||||||||||||||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||||||||||||||||
Severity: | unspecified | Docs Contact: | |||||||||||||||||||||||||
Priority: | unspecified | ||||||||||||||||||||||||||
Version: | rawhide | CC: | ashokasrpt, awilliam, bkabrda, bugs.michael, debugger94, dumindu.madunuwan, f.alexander.wilms, fast.rizwaan, icywind90, jberan, jfilak, juliux.pigface, mikhail.v.gavrilov, mkluge.04, mstuchli, pradhanphy, pviktori, rkuska, satellitgo, tomspur, willymacha13 | ||||||||||||||||||||||||
Target Milestone: | --- | ||||||||||||||||||||||||||
Target Release: | --- | ||||||||||||||||||||||||||
Hardware: | x86_64 | ||||||||||||||||||||||||||
OS: | Unspecified | ||||||||||||||||||||||||||
URL: | https://retrace.fedoraproject.org/faf/reports/bthash/b6793fa8a03dee1f056808c5391b8f65d61ce402 | ||||||||||||||||||||||||||
Whiteboard: | abrt_hash:601f7547a3eb2c5f398db62891db2ddb94934841 | ||||||||||||||||||||||||||
Fixed In Version: | fros-1.1-4.fc24, fros-1.1-4.fc23 | Doc Type: | Bug Fix | ||||||||||||||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||||||||||||||
Clone Of: | Environment: | ||||||||||||||||||||||||||
Last Closed: | 2015-07-29 15:29:16 UTC | Type: | --- | ||||||||||||||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||||||||||||||
Documentation: | --- | CRM: | |||||||||||||||||||||||||
Verified Versions: | Category: | --- | |||||||||||||||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||||||||||||
Embargoed: | |||||||||||||||||||||||||||
Attachments: |
|
Description
Ilia Gradina
2015-07-17 15:23:17 UTC
Created attachment 1053133 [details]
File: backtrace
Created attachment 1053134 [details]
File: cgroup
Created attachment 1053135 [details]
File: core_backtrace
Created attachment 1053136 [details]
File: dso_list
Created attachment 1053137 [details]
File: environ
Created attachment 1053138 [details]
File: limits
Created attachment 1053139 [details]
File: maps
Created attachment 1053140 [details]
File: mountinfo
Created attachment 1053141 [details]
File: namespaces
Created attachment 1053142 [details]
File: open_fds
Created attachment 1053143 [details]
File: proc_pid_status
I did some debugging and I found out that Python3 correctly gets a return value of XOpenDisplay() but passes the argument of XCloseDisplay() truncated to 4 Bytes because of a bug in Modules/_ctypes/callproc.c at line 1795 where a unsigned long rvalue is assigned to an int lvalue: pa->value.i = (long)PyLong_AsUnsignedLong(obj); pa->value : struct param { ... union value; ... } : union value { ... int i; long l; ...} Perhaps this should be reported upstream to python? Actually, there is one more problem in Python ctypes. The return type of all functions is 'c_int' and that leads to truncation of the return value too. Lib/ctypes/__init__.py class CDLL(object): _func_restype_ = c_int When I run a modified reproducer from bug #1020505 comment #2 I get this: print(XLIB.XOpenDisplay._restype_._type_) : i Breakpoint 1, XOpenDisplay (display=0x0) at OpenDis.c:66 66 { (gdb) n ... 115 if ((dpy = Xcalloc(1, sizeof(Display))) == NULL) { (gdb) 119 if ((dpy->display_name = strdup(display_name)) == NULL) { (gdb) p dpy $1 = (Display *) 0x55555590e0d0 (gdb) c Continuing. print(type(DISPLAY)) : <class 'int'> print(hex(DISPLAY)) : 0x5590e0d0 Program received signal SIGSEGV, Segmentation fault. XCloseDisplay (dpy=0x5590e0d0) at ClDisplay.c:51 51 if (!(dpy->flags & XlibDisplayClosing)) If I change _func_restype_ to c_long and run the reproducere again I get this: print(XLIB.XOpenDisplay._restype_._type_) : l Breakpoint 1, XOpenDisplay (display=0x0) at OpenDis.c:66 66 { (gdb) n ... 115 if ((dpy = Xcalloc(1, sizeof(Display))) == NULL) { (gdb) 119 if ((dpy->display_name = strdup(display_name)) == NULL) { (gdb) p dpy $1 = (Display *) 0x55555590dbf0 (gdb) c Continuing. print(type(DISPLAY)) : <class 'int'> print(hex(DISPLAY)) : 0x55555590dbf0 Program received signal SIGSEGV, Segmentation fault. XCloseDisplay (dpy=0x5590dbf0) at ClDisplay.c:51 51 if (!(dpy->flags & XlibDisplayClosing)) I noticed the documentation says that Python ints are always assumed to C ints. There is indeed a Python bug, but in validation: using Python int that fit into a C long but not a C long is quietly truncated. Passing a Python2 long, or Python3 int, that is larger than a C long will fail with an OverflowError. To pass a C long, there are two alternatives: - explicitly wrap the number in c_long [0]: dll.function(ctyles.c_long(param)) - use prototypes [1]: func = dll.function func.argtypes = [c_long] func(param) [0]: https://docs.python.org/2/library/ctypes.html#fundamental-data-types [1]: https://docs.python.org/2/library/ctypes.html#specifying-the-required-argument-types-function-prototypes D`oh, sorry for the noise! Adding these lines to the reproducer fixes the crash: XOpenDisplay = XLIB.XOpenDisplay XOpenDisplay.restype = c_void_p XCloseDisplay = XLIB.XCloseDisplay XCloseDisplay.argtypes = [c_void_p] Validation error reported upstream as http://bugs.python.org/issue24747 I'll write a patch for it after vacation, if it's still open. I have opened a github pull request for the bug in fros: https://github.com/mozeq/fros/pull/12 |