Issue 1013418: Win XP DEP prevents Python call to 'C' DLL (original) (raw)
Created on 2004-08-21 15:05 by ajhewitt, last changed 2022-04-11 14:56 by admin. This issue is now closed.
Messages (7)
Author: ajhewitt (ajhewitt)
Date: 2004-08-21 15:05
Following Mark Hammond's description in "Python Programming on Win32" I built his sample 'C' program, Hello.c which is called from Hellouse.py. The environment in which the DLL file was built is Visual Studio 2003 .NET and Windows XP SP2. When an attempt was made to run the example program hellouse.py, the program aborted with a "Data buffer overflow - program is corrupt" message from XP. I then moved the program files to Windows 2000 (just moved the library and python file) and the program executed correctly (as shown in Mark's book)! I then moved the program to a Windows XP SP1 based system and the program again executed as expected. I then poked around on the XP SP2 box and discovered a new "feature" called Data Execution Prevention. You can see this feature by right clicking on the "My Computer" icon and then clicking on "Properties" and "Advanced". I tried adding Python 2.3 (python and pythonw) to the exceptions list but that didn't help. I don't see any problem executing pure Python programs on the XP SP2 system.
-Alex
Author: Martin v. Löwis (loewis) * 
Date: 2004-08-21 15:25
Logged In: YES user_id=21627
Do you want us to resolve the problem somehow? If so, please attach the sample code, so we can reproduce it.
Author: ajhewitt (ajhewitt)
Date: 2004-08-21 19:08
Logged In: YES user_id=1108513
The problem will definitely need to be resolved. I did find a workaround - disabling XP SP2's "Data Execution Prevention" by editing the boot.ini file and changing "noexecute:XXXX" to "execute". This will degrade XP's security but only to the extent that it was vulnerable prior to SP2.
Author: ajhewitt (ajhewitt)
Date: 2004-08-21 19:09
Logged In: YES user_id=1108513
Here's the Python program that calls the 'C' function...
-Alex
Author: Martin v. Löwis (loewis) *
Date: 2004-08-22 07:06
Logged In: YES user_id=21627
Thanks. I cannot reproduce this at the moment (and I'm uncertain whether reproducing it requires an Athlon 64/Opteron processor), however, mere code inspection shows a potential problem of data buffer overflows. In the message function, you have
char result[64];
so this can accommodate 64 characters. If the string you are passing is too long, the buffer will overflow, which might happen when you pass the string "module " + hello.file.
As a quick work-around, please try to increase the result size to, say,
char result[10000];
and see whether that makes the problem go away.
If so, then a) this is a proper bug, and XP has helped to find it, and b) it is not a bug in Python, but in your code, and c) the proper solution is to either use a variable-sized buffer instead of a fixed-size one, or to check whether the buffer is large enough before copying into it.
Author: ajhewitt (ajhewitt)
Date: 2004-08-22 17:39
Logged In: YES user_id=1108513
Bingo! That fixed it. Thanks for looking. I probably should have caught that myself but I assumed (and we know what assume does ;^)) that the code was fully vetted and correct. I'll report that to the author of the book (Mark Hammond) and see that it get's added to the errata. Unfortunately, you may see more of these "bugs" because XP SP2 is now checking for this kind of thing. BTW, according to the documentation that Microsoft adds to this new feature, there are two types of implementation. One is the software only implementation (that's what I had on my system) and the second would require an AMD 64/Opteron processor. I don't own one of those (yet). You can close this one as a program/user error.
Thanks for checking,
-Alex
Author: ajhewitt (ajhewitt)
Date: 2004-08-23 00:24
Logged In: YES user_id=1108513
This code actually came from the Oreilly book "Programming Python 2nd Edition" by Mark Lutz. I'll still let them know there's a problem.
-Alex
P.S. The code is the "simple C extention module" around page 1,000.