Skip to content

ctypes: NULL-dereference when using py_result restype #132417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
NicolasT opened this issue Apr 11, 2025 · 1 comment
Closed

ctypes: NULL-dereference when using py_result restype #132417

NicolasT opened this issue Apr 11, 2025 · 1 comment
Labels
extension-modules C modules in the Modules dir topic-ctypes type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@NicolasT
Copy link
Contributor

NicolasT commented Apr 11, 2025
edited by bedevere-app bot
Loading

Crash report

What happened?

When using ctypes with a function which returns a PyObject *, using restype ctypes.py_object, and the function returns NULL, there's a Py_DECREF of the result, leading to a segfault:

import ctypes
PyErr_Occurred = ctypes.pythonapi.PyErr_Occurred
PyErr_Occurred.argtypes = []
PyErr_Occurred.restype = ctypes.py_object
PyErr_Occurred()

The issue lies in GetResult: when O_get is the result handler, it calls Py_DECREF on the result value, even though that can be NULL. O_get handles the NULL case correctly, setting an exception if none was set, and passing on the NULL. Code after the Py_DECREF in GetResult also handles the NULL case correctly, so changing the Py_DECREF into a Py_XDECREF makes things work.

Pull request incoming.

CPython versions tested on:

CPython 3.10, CPython 3.13, CPython main branch

Operating systems tested on:

Linux

Output from running 'python -VV' on the command line:

Python 3.14.0a7+ (heads/main-dirty:deda47d6e18, Apr 11 2025, 20:18:59) [GCC 14.2.1 20240912 (Red Hat 14.2.1-3)]

Linked PRs
@NicolasT NicolasT added the type-crash A hard crash of the interpreter, possibly with a core dump label Apr 11, 2025
NicolasT added a commit to NicolasT/cpython that referenced this issue Apr 11, 2025
@NicolasT
pythonGH-132417: ctypes: Fix potential Py_DECREF(NULL) in py_object h…
e269f4a 
…andling (GH-MMMMMM)
@NicolasT NicolasT mentioned this issue Apr 11, 2025
Merged
NicolasT added a commit to NicolasT/cpython that referenced this issue Apr 11, 2025
@NicolasT
pythonGH-132417: ctypes: Fix potential Py_DECREF(NULL) in py_object h…
6658aea 
…andling (pythonGH-132418)
NicolasT added a commit to NicolasT/cpython that referenced this issue Apr 11, 2025
@NicolasT
pythonGH-132417: ctypes: Fix potential Py_DECREF(NULL) in py_object h…
a34ed49 
…andling (pythonGH-132418)

See: python#132417
NicolasT added a commit to NicolasT/cpython that referenced this issue Apr 11, 2025
@NicolasT
pythonGH-132417: ctypes: Fix potential Py_DECREF(NULL) in py_object h…
7f40914 
…andling (pythonGH-132418)

See: python#132417
@picnixz picnixz added the extension-modules C modules in the Modules dir label Apr 12, 2025
picnixz pushed a commit that referenced this issue Apr 12, 2025
@NicolasT
GH-132417: ctypes: Fix potential Py_DECREF(NULL) when handling func…
2aab2db 
…tions returning `PyObject *` (#132418)

Some functions (such as `PyErr_Occurred`) with a `restype` set to `ctypes.py_object` may return NULL without setting an exception.
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Apr 12, 2025
@NicolasT @miss-islington
pythonGH-132417: ctypes: Fix potential Py_DECREF(NULL) when handlin…
40f818e 
…g functions returning `PyObject *` (pythonGH-132418)

Some functions (such as `PyErr_Occurred`) with a `restype` set to `ctypes.py_object` may return NULL without setting an exception.
(cherry picked from commit 2aab2db)

Co-authored-by: Nicolas Trangez <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Apr 12, 2025
Merged
picnixz pushed a commit that referenced this issue Apr 12, 2025
@miss-islington @NicolasT
[3.13] GH-132417: ctypes: Fix potential Py_DECREF(NULL) when handli…
0aabe44 
…ng functions returning `PyObject *` (GH-132418) (#132425)

GH-132417: ctypes: Fix potential `Py_DECREF(NULL)` when handling functions returning `PyObject *` (GH-132418)

Some functions (such as `PyErr_Occurred`) with a `restype` set to `ctypes.py_object` may return NULL without setting an exception.
(cherry picked from commit 2aab2db)

Co-authored-by: Nicolas Trangez <[email protected]>
@picnixz picnixz closed this as completed Apr 12, 2025
@picnixz
Copy link
Member

picnixz commented Apr 12, 2025

Thank you for the report & fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
extension-modules C modules in the Modules dir topic-ctypes type-crash A hard crash of the interpreter, possibly with a core dump
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@NicolasT @tomasr8 @picnixz