A segmentation fault is generated in _ctypes.so when calling a function that returns a char pointer on a system with 64-bit pointer types. The attached crash dump is from a Python 2.6.3 built from MacPorts ("port install python26 +no_tkinter"), but the same behaviour occurs with the Python 2.6.1 installed by Apple. To reproduce, build the attached sample program ("testlib.c"): % gcc -Wall -c testlib.o % ld -dylib -o testlib.so testlib.o Then, in Python: # Common setup for each of the cases below. >>> from ctypes import * >>> lib = CDLL('testlib.so') # Case 1: Integer return value (no crash). >>> get_value = CFUNCTYPE(c_int)(lib.get_value) >>> get_value() 12345 # Case 2: Pointer argument value (no crash). >>> buf = create_string_buffer(256) >>> copy_message = CFUNCTYPE(None, c_char_p)(lib.copy_message) >>> copy_message(buf) # Case 3: Pointer return value (crash). >>> get_message = CFUNCTYPE(c_char_p)(lib.get_message) >>> get_message() Segmentation fault -- System information: % uname -a MacOS 10.6.1 Darwin gorion.local 10.0.0 Darwin Kernel Version 10.0.0: Fri Jul 31 22:47:34 PDT 2009; root:xnu- 1456.1.25~1/RELEASE_I386 i386 % python Python 2.6.3 (r263:75183, Oct 17 2009, 01:49:30) [GCC 4.2.1 (Apple Inc. build 5646) (dot 1)] on darwin % gcc --version i686-apple-darwin10-gcc-4.2.1 (GCC) 4.2.1 (Apple Inc. build 5646) (dot 1)
I believe this error occurs because a pointer value is being truncated to 32 bits. The exception code is KERN_INVALID_ADDRESS at 0x00000000002fe020 If you add a diagnostic printout to the body of get_message(), you will see that its return value is 0x1002fe020, so in other words, the high- order word 0x00000001 is being discarded somewhere.
You are using `CFUNCTYPE` wrong. `CFUNCTYPE` returns a type which will take a *Python function* (or an address of a function as integer). You provide `lib.get_message` as Python function, which is a wrapper object for the C function. By default, ctypes assumes an int as return type for C functions. On your platform, the size of an int is not the same as the size of a pointer. Therefore, the return value is truncated. You call the CFUNCTION which then calls `lib.get_message` which returns the truncated pointer as integer and then ctypes tries to make a `c_char_p` out of the integer which segfaults because it's truncated. I think what you are really looking for is ``lib.get_message.restype = c_char_p``.
Thank you for setting me straight. I see now that I misunderstood the scope of `CFUNCTYPE`, as I was using it as a general wrapper when in fact it's only needed for callbacks. Mistakenly, I inferred from reading section 16.15.2.4 of the ctypes manual [1] that it would be necessary to create prototype wrappers for calls into the foreign library as well. Obviously that is not the case, since your described solution works fine. [1] <http://www.python.org/doc/2.6.3/library/ctypes.html#function- prototypes>