[issue41883] ctypes pointee goes out of scope, then pointer in struct dangles and crashes

[Ian M. Hoffman]

New submission from Ian M. Hoffman :

A description of the problem, complete example code for reproducing it, and a 
work-around are available on SO at the link:

https://stackoverflow.com/questions/64083376/python-memory-corruption-after-successful-return-from-a-ctypes-foreign-function

In summary: (1) create an array within a Python function, (2) create a 
ctypes.Structure with a pointer to that array, (3) return that struct from the 
Python function, (4) pass the struct out and back to a foreign function, (5) 
Python can successfully dereference the return from the foreign function, then 
(6) Python crashes.

As far as I can tell, when the array in the function goes out of scope at the 
end of the function, the pointer to it in the struct becomes dangling ... but 
the dangling doesn't catch up with Python until the very end when the Python 
struct finally goes out of scope in Python and the GC can't find its pointee.

I've reproduced this on Windows and linux with gcc- and MSVC-compiled Python 
3.6 and 3.8.

Perhaps it is not good practice on my part to have let the array go out of 
scope, but perhaps a warning from Python (or at least some internal awareness 
that the memory is no longer addressed) is in order so that Python doesn't 
crash upon failing to free it.

This may be related to #39217; I can't tell.

--
components: ctypes
messages: 377652
nosy: NankerPhelge
priority: normal
severity: normal
status: open
title: ctypes pointee goes out of scope, then pointer in struct dangles and 
crashes
type: crash
versions: Python 3.6, Python 3.7, Python 3.8

___
Python tracker 
<https://bugs.python.org/issue41883>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41883] ctypes pointee goes out of scope, then pointer in struct dangles and crashes

[Ian M. Hoffman]

Ian M. Hoffman  added the comment:

You are correct.

After further review, I found an older ctypes issue #12836 which was then 
enshrined in a workaround in the numpy.ndarray.ctypes interface to vanilla 
ctypes.

https://numpy.org/doc/stable/reference/generated/numpy.ndarray.ctypes.html

Numpy ctypes has both a `data` method for which "a reference will not be kept 
to the array" and a `data_as` method which has the desired behavior: "The 
returned pointer will keep a reference to the array."

So, we've all got our workarounds. What remains is whether/how to implement a 
check in Python for the dangling pointer. I have no advice on that, except that 
it is desirable to avoid the fault crash, no matter who is to blame.

--

___
Python tracker 
<https://bugs.python.org/issue41883>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41883] ctypes pointee goes out of scope, then pointer in struct dangles and crashes

[Ian M. Hoffman]

Ian M. Hoffman  added the comment:

I agree with you. When I wrote "desired behavior" I intended it to mean "my 
selfishly desired outcome of not loading my struct with a dangling pointer." 
This issue seems to have descended into workarounds that treat the symptoms; 
I'm all for treating the cause.

--

___
Python tracker 
<https://bugs.python.org/issue41883>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com