[New-bugs-announce] [issue18909] Segfaults on win-amd64 due to corrupt pointer to Tkapp_Interp

[Christoph Gohlke]

New submission from Christoph Gohlke:

Using 64 bit CPython 2.6.6, 2.7.5, 3.2.5 or 3.3.2, numpy 1.7.1 and matplotlib 1.3.0 on Windows 8 64 bit, the following script segfaults most of the times: 

```
# allocate ~4GB fragmented data
import numpy
a = [numpy.zeros(2**i, 'uint8') for i in range(1, 31)]
b = [numpy.zeros(131072, 'float64') for i in range(2048)]

# plot using TkAgg
import matplotlib
matplotlib.use('TkAgg')
from matplotlib import pyplot
pyplot.plot()
pyplot.show()
```

```
Fatal Python error: Segmentation fault

Current thread 0x00036c5c:
  File "X:\Python33\lib\site-packages\matplotlib\backends\tkagg.py", line 17 in blit
  File "X:\Python33\lib\site-packages\matplotlib\backends\backend_tkagg.py", line 349 in draw
  File "X:\Python33\lib\site-packages\matplotlib\backends\backend_tkagg.py", line 276 in resize
  File "X:\Python33\lib\tkinter\__init__.py", line 1475 in __call__
  File "X:\Python33\lib\tkinter\__init__.py", line 965 in update
  File "X:\Python33\lib\site-packages\matplotlib\backends\backend_tkagg.py", line 574 in show
  File "X:\Python33\lib\site-packages\matplotlib\backend_bases.py", line 87 in __call__
  File "X:\Python33\lib\site-packages\matplotlib\pyplot.py", line 145 in show
  File "tk_crash_win-amd64.py", line 14 in <module>
```

The pointer returned by Python's _tkinter.tkapp.interpaddr() is often wrong because the 64 bit pointer is cast to 32 bit long and returned as PyInt. Instead, the pointer should be cast to Py_ssize_t and returned as PyLong on win-amd64.

The following patches for win-amd64-py2.7.5 and win-amd64-py3.3.2 fix the issue:

```
--- a/Modules/_tkinter.c        Sun Sep 01 19:06:35 2013 -0400
+++ b/Modules/_tkinter.c        Mon Sep 02 17:44:53 2013 -0700
@@ -2814,7 +2814,7 @@
     if (!PyArg_ParseTuple(args, ":interpaddr"))
         return NULL;

-    return PyInt_FromLong((long)Tkapp_Interp(self));
+    return PyInt_FromSsize_t((Py_ssize_t)Tkapp_Interp(self));
 }
```

```
--- a/Modules/_tkinter.c        Sun Sep 01 19:03:41 2013 -0400
+++ b/Modules/_tkinter.c        Mon Sep 02 17:44:02 2013 -0700
@@ -2688,7 +2688,7 @@
     if (!PyArg_ParseTuple(args, ":interpaddr"))
         return NULL;

-    return PyLong_FromLong((long)Tkapp_Interp(self));
+    return PyLong_FromSsize_t((Py_ssize_t)Tkapp_Interp(self));
 }
```

Updated _tkinter.pyd files are available at <http://www.lfd.uci.edu/~cgohlke/pythonlibs/#_tkinter>.

----------
messages: 196819
nosy: cgohlke
priority: normal
severity: normal
status: open
title: Segfaults on win-amd64 due to corrupt pointer to Tkapp_Interp
type: crash
versions: Python 2.6, Python 2.7, Python 3.2, Python 3.3

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue18909>
_______________________________________