-
Notifications
You must be signed in to change notification settings - Fork 106
Segfault with ctypes deep call stack calls
-
Affected Components : builtin, ctypes
-
Operating System : Linux
-
Python Versions : 2.6.x, 2.7.x, 3.1.x, 3.2.x
-
Reproducible : Yes
from ctypes import *
NARGS = 2 ** 20
proto = CFUNCTYPE(None, *(c_int,) * NARGS)
def func(*args):
return (1, "abc", None)
cb = proto(func)
cb(*(1,) * NARGS)To reproduce the problem copy the source code in a file and execute the script using the following command syntax:
$ python -OOBRtt test.pyAlternatively you can open python in interactive mode:
$ python -OOBRtt <press enter>Then copy the lines of code into the interpreter.
Executing the script generates a Segmentation fault error.
python -OOBRtt 'test.py'
Segmentation faultThe problem arises as a result of an unbounded 'alloca' call and because the interpreter does not have protective measures to deal with very deep call stack situations.
For this reason the Segmentation fault system error can even occur with less arguments in environments with low stack space situations.
We are not aware on any easy solution that can fix a deep call stack situation.
[Python ctypes][01] [01]:https://docs.python.org/2/library/ctypes.html
[Python data structures][02] [02]:https://docs.python.org/2/tutorial/datastructures.html
[Python recursion limit][03] [03]:https://docs.python.org/2/library/sys.html#sys.setrecursionlimit
[Python bug 12881][04] [04]:http://bugs.python.org/issue12881
[Python bug 13097][05] [05]:http://bugs.python.org/issue13097
[What is a Segmentation Fault][06] [06]:http://en.wikipedia.org/wiki/Segmentation_fault
Main site: pythonsecurity.org
OWASP Page: owasp.org/index.php/OWASP_Python_Security_Project