python3 堆栈粉碎 - python 用 c 扩展
python3 stack smashing - python extending with c
我正在用 C 编写 python 扩展。C 中有一个用于覆盆子硬件开发板的库,所以我正在使用它。所以我将一个函数从 C 导出到 python,在调用结束时,python 说 *** stack smashing detected ***: python3 terminated.
python 通话:
print("self.handle="+str(self.handle))
ret=dcc.dcc_send(self.handle, d[0], d[1], d[2], d[3], d[4], d[5])
print("returned: "+str(ret)) # never gets here
C python 导出(完成):
static PyObject* dcc_send(PyObject* self, PyObject* args) {
unsigned char handle, count, b1, b2, b3, b4, b5;
if (!PyArg_ParseTuple(args, "iiiiiii", &handle, &count, &b1, &b2, &b3, &b4, &b5))
return NULL;
printf("1234-handle: %d\n", handle);
int ret = -1;
ret = send_command(handle, count, b1, b2, b3, b4, b5);
printf("1235-after-send_command-return: %d\n", ret);
//Py_RETURN_NONE;
return Py_BuildValue("i", ret);
}
堆栈中的另一个调用:
int send_command(int handle, unsigned char count, unsigned char b1, unsigned char b2, unsigned char b3, unsigned char b4, unsigned char b5) {
unsigned char message[10];
message[0] = CMD_START_VAL;
message[1] = CMD_DCC_MESS;
message[2] = 0;
message[3] = 0xF0 | count; //2 byte size
message[4] = b1;
message[5] = b2;
message[6] = b3;
message[7] = b4;
message[8] = b5;
message[9] = CMD_STOP_VAL;
return write_uart(handle, message,10);
}
堆栈中的最终调用(我没有完整地写那个,我只是从库中取出它并修复了其中的一些东西,比如曾经存在的无效内存访问):
int write_uart(int handle, unsigned char *data,int bytes) {
#ifdef TEST
int length = bytes;
printf("handle: %d\n", handle);
printf("bytes: %d\ndata: ", length);
for (int i=0; i<length; ++i)
printf("%d ", (int) data[i]);
printf("\n---\n");
#endif
int txed;
int offset=0;
while (length) {
txed = write(handle, (unsigned char*)data+offset, length);
if (txed==-1) {
fprintf(stderr,"UART WRITE ERRROR!!\n");
return 0;
}
length -= txed;
offset += txed;
}
tcdrain(handle);
return 1;
}
当我 运行 它时,我得到这个:
self.handle=3
1234-handle: 3
handle: 3
bytes: 10
data: 160 25 0 242 47 130 0 0 0 80
---
1235-after-send_command-return: 1
*** stack smashing detected ***: python3 terminated
Aborted
我做错了什么?谢谢
正如娇气的 ossifrage 所说,问题在于将 'iiiiiii' 用于 char 类型。然后当函数完成并返回堆栈指针时,它偏离了方向并且应用程序崩溃了。
我正在用 C 编写 python 扩展。C 中有一个用于覆盆子硬件开发板的库,所以我正在使用它。所以我将一个函数从 C 导出到 python,在调用结束时,python 说 *** stack smashing detected ***: python3 terminated.
python 通话:
print("self.handle="+str(self.handle))
ret=dcc.dcc_send(self.handle, d[0], d[1], d[2], d[3], d[4], d[5])
print("returned: "+str(ret)) # never gets here
C python 导出(完成):
static PyObject* dcc_send(PyObject* self, PyObject* args) {
unsigned char handle, count, b1, b2, b3, b4, b5;
if (!PyArg_ParseTuple(args, "iiiiiii", &handle, &count, &b1, &b2, &b3, &b4, &b5))
return NULL;
printf("1234-handle: %d\n", handle);
int ret = -1;
ret = send_command(handle, count, b1, b2, b3, b4, b5);
printf("1235-after-send_command-return: %d\n", ret);
//Py_RETURN_NONE;
return Py_BuildValue("i", ret);
}
堆栈中的另一个调用:
int send_command(int handle, unsigned char count, unsigned char b1, unsigned char b2, unsigned char b3, unsigned char b4, unsigned char b5) {
unsigned char message[10];
message[0] = CMD_START_VAL;
message[1] = CMD_DCC_MESS;
message[2] = 0;
message[3] = 0xF0 | count; //2 byte size
message[4] = b1;
message[5] = b2;
message[6] = b3;
message[7] = b4;
message[8] = b5;
message[9] = CMD_STOP_VAL;
return write_uart(handle, message,10);
}
堆栈中的最终调用(我没有完整地写那个,我只是从库中取出它并修复了其中的一些东西,比如曾经存在的无效内存访问):
int write_uart(int handle, unsigned char *data,int bytes) {
#ifdef TEST
int length = bytes;
printf("handle: %d\n", handle);
printf("bytes: %d\ndata: ", length);
for (int i=0; i<length; ++i)
printf("%d ", (int) data[i]);
printf("\n---\n");
#endif
int txed;
int offset=0;
while (length) {
txed = write(handle, (unsigned char*)data+offset, length);
if (txed==-1) {
fprintf(stderr,"UART WRITE ERRROR!!\n");
return 0;
}
length -= txed;
offset += txed;
}
tcdrain(handle);
return 1;
}
当我 运行 它时,我得到这个:
self.handle=3
1234-handle: 3
handle: 3
bytes: 10
data: 160 25 0 242 47 130 0 0 0 80
---
1235-after-send_command-return: 1
*** stack smashing detected ***: python3 terminated
Aborted
我做错了什么?谢谢
正如娇气的 ossifrage 所说,问题在于将 'iiiiiii' 用于 char 类型。然后当函数完成并返回堆栈指针时,它偏离了方向并且应用程序崩溃了。