Version-Release number of selected component: fros-1.1-3.fc23 Additional info: reporter: libreport-2.6.1 backtrace_rating: 4 cmdline: /usr/bin/python3 /usr/bin/fros --is-available crash_function: XCloseDisplay executable: /usr/bin/python3.4 global_pid: 12827 kernel: 4.2.0-0.rc2.git1.1.fc24.x86_64 runlevel: N 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (10 frames) #0 XCloseDisplay at ClDisplay.c:51 #1 ffi_call_unix64 at ../src/x86/unix64.S:76 #2 ffi_call at ../src/x86/ffi64.c:525 #3 _call_function_pointer at /usr/src/debug/Python-3.4.3/Modules/_ctypes/callproc.c:811 #4 _ctypes_callproc at /usr/src/debug/Python-3.4.3/Modules/_ctypes/callproc.c:1149 #5 PyCFuncPtr_call at /usr/src/debug/Python-3.4.3/Modules/_ctypes/_ctypes.c:3848 #6 PyObject_Call at /usr/src/debug/Python-3.4.3/Objects/abstract.c:2040 #7 do_call at /usr/src/debug/Python-3.4.3/Python/ceval.c:4495 #8 call_function at /usr/src/debug/Python-3.4.3/Python/ceval.c:4293 #9 PyEval_EvalFrameEx at /usr/src/debug/Python-3.4.3/Python/ceval.c:2862 Potential duplicate: bug 1231482
Created attachment 1053133 [details] File: backtrace
Created attachment 1053134 [details] File: cgroup
Created attachment 1053135 [details] File: core_backtrace
Created attachment 1053136 [details] File: dso_list
Created attachment 1053137 [details] File: environ
Created attachment 1053138 [details] File: limits
Created attachment 1053139 [details] File: maps
Created attachment 1053140 [details] File: mountinfo
Created attachment 1053141 [details] File: namespaces
Created attachment 1053142 [details] File: open_fds
Created attachment 1053143 [details] File: proc_pid_status
I did some debugging and I found out that Python3 correctly gets a return value of XOpenDisplay() but passes the argument of XCloseDisplay() truncated to 4 Bytes because of a bug in Modules/_ctypes/callproc.c at line 1795 where a unsigned long rvalue is assigned to an int lvalue: pa->value.i = (long)PyLong_AsUnsignedLong(obj); pa->value : struct param { ... union value; ... } : union value { ... int i; long l; ...}
Perhaps this should be reported upstream to python?
Actually, there is one more problem in Python ctypes. The return type of all functions is 'c_int' and that leads to truncation of the return value too. Lib/ctypes/__init__.py class CDLL(object): _func_restype_ = c_int When I run a modified reproducer from bug #1020505 comment #2 I get this: print(XLIB.XOpenDisplay._restype_._type_) : i Breakpoint 1, XOpenDisplay (display=0x0) at OpenDis.c:66 66 { (gdb) n ... 115 if ((dpy = Xcalloc(1, sizeof(Display))) == NULL) { (gdb) 119 if ((dpy->display_name = strdup(display_name)) == NULL) { (gdb) p dpy $1 = (Display *) 0x55555590e0d0 (gdb) c Continuing. print(type(DISPLAY)) : <class 'int'> print(hex(DISPLAY)) : 0x5590e0d0 Program received signal SIGSEGV, Segmentation fault. XCloseDisplay (dpy=0x5590e0d0) at ClDisplay.c:51 51 if (!(dpy->flags & XlibDisplayClosing)) If I change _func_restype_ to c_long and run the reproducere again I get this: print(XLIB.XOpenDisplay._restype_._type_) : l Breakpoint 1, XOpenDisplay (display=0x0) at OpenDis.c:66 66 { (gdb) n ... 115 if ((dpy = Xcalloc(1, sizeof(Display))) == NULL) { (gdb) 119 if ((dpy->display_name = strdup(display_name)) == NULL) { (gdb) p dpy $1 = (Display *) 0x55555590dbf0 (gdb) c Continuing. print(type(DISPLAY)) : <class 'int'> print(hex(DISPLAY)) : 0x55555590dbf0 Program received signal SIGSEGV, Segmentation fault. XCloseDisplay (dpy=0x5590dbf0) at ClDisplay.c:51 51 if (!(dpy->flags & XlibDisplayClosing))
I noticed the documentation says that Python ints are always assumed to C ints. There is indeed a Python bug, but in validation: using Python int that fit into a C long but not a C long is quietly truncated. Passing a Python2 long, or Python3 int, that is larger than a C long will fail with an OverflowError. To pass a C long, there are two alternatives: - explicitly wrap the number in c_long [0]: dll.function(ctyles.c_long(param)) - use prototypes [1]: func = dll.function func.argtypes = [c_long] func(param) [0]: https://docs.python.org/2/library/ctypes.html#fundamental-data-types [1]: https://docs.python.org/2/library/ctypes.html#specifying-the-required-argument-types-function-prototypes
D`oh, sorry for the noise! Adding these lines to the reproducer fixes the crash: XOpenDisplay = XLIB.XOpenDisplay XOpenDisplay.restype = c_void_p XCloseDisplay = XLIB.XCloseDisplay XCloseDisplay.argtypes = [c_void_p]
Validation error reported upstream as http://bugs.python.org/issue24747 I'll write a patch for it after vacation, if it's still open.
I have opened a github pull request for the bug in fros: https://github.com/mozeq/fros/pull/12