Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ctypes resize and byref/addressof is not thread-safe under free-threaded build #131336

Open
sergey-miryanov opened this issue Mar 16, 2025 · 1 comment
Open

ctypes resize and byref/addressof is not thread-safe under free-threaded build #131336

sergey-miryanov opened this issue Mar 16, 2025 · 1 comment
Labels
extension-modules C modules in the Modules dir topic-ctypes topic-free-threading type-bug An unexpected behavior, bug, or error

Comments

@sergey-miryanov
Copy link
Contributor

sergey-miryanov commented Mar 16, 2025
edited by github-actions bot
Loading

Bug report

Bug description:

I'm reviewing the https://github.com/python/cpython/blob/main/Modules/_ctypes/callproc.c. I believe I found a possible UB if resize and byref/addressof are used from different threads without any locking (AFAIU it is valid for free-threaded build and not for GIL-enabled).

resize does realloc -

cpython/Modules/_ctypes/callproc.c

Lines 1934 to 1938 in d07e9eb

void * ptr = PyMem_Realloc(obj->b_ptr, size);
if (ptr == NULL)
return PyErr_NoMemory();
obj->b_ptr = ptr;
obj->b_size = size;

After realloc the old value of obj->b_ptr is no longer valid, and any access to it is UB. If another thread calls addressof

cpython/Modules/_ctypes/callproc.c

Line 1847 in d07e9eb

return PyLong_FromVoidPtr(((CDataObject *)obj)->b_ptr);
or byref

cpython/Modules/_ctypes/callproc.c

Line 1827 in d07e9eb

parg->value.p = (char *)((CDataObject *)obj)->b_ptr + offset;
, it may potentially get UB under heavy contention (I believe it is zero or less real cases so far).

Should we protect them with LOCK_PTR?

CPython versions tested on:

CPython main branch

Operating systems tested on:

No response
@sergey-miryanov sergey-miryanov added the type-bug An unexpected behavior, bug, or error label Mar 16, 2025
@sergey-miryanov
Copy link
Contributor Author

Related to gh-127945

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
extension-modules C modules in the Modules dir topic-ctypes topic-free-threading type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sergey-miryanov @picnixz