#27 invalid stgdict->length == 2 in pointer to pointer

closed-fixed
Thomas Heller
None
5
2006-04-12
2006-04-10
Armin Rigo
No

In the attached example, the line 'pp[0] = q' does
not always properly copy the pointer value of 'q' into
'pp[0]'. The error does not show up consistently,
but I found out why by tracking the problem down to
Pointer_ass_item(): on my machine at least (Pentium),
the stgdict of 'pp' has a size == 4 but length == 2.
As a result, the size computed as the quotient is 2,
and then in _CData_set() the memcpy() only copies 2
bytes from the b_ptr of q into the b_ptr of p.

Discussion

  • Armin Rigo
    Armin Rigo
    2006-04-10

    Bug example (does not fail consistenty)

     
    Attachments
  • Thomas Heller
    Thomas Heller
    2006-04-10

    Logged In: YES
    user_id=11105

    Armin, I confirm that this is a bug. A severe one, I would
    even say ;-). I'll attach a test case (ctypesbug2.py) which
    makes it easier to reproduce it (on WinXP SP 2, at least).

    Thanks for findiing it, will start to work on it ASAP.

     
  • Thomas Heller
    Thomas Heller
    2006-04-10

    Bug example which fails each time on WinXP SP 2, python 2.4.3.

     
    Attachments
  • Thomas Heller
    Thomas Heller
    2006-04-10

    • assigned_to: nobody --> theller
     
  • Thomas Heller
    Thomas Heller
    2006-04-12

    Logged In: YES
    user_id=11105

    Fixed in CVS, and added a test for it.

    Thanks.

     
  • Thomas Heller
    Thomas Heller
    2006-04-12

    • status: open --> closed-fixed