René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Instances of subclasses of PyLong_Type created in C extensions use Java object handles, possibly causing segmentation faults","articleBody":"With GraalPy 3.12.8 on Linux, built from source at f466f8d5d9 , subclasses of `PyLong_Type` created using the C API return Java handles from `__new__` instead of real `PyObject` pointers. When an extension attempts to access an instance of the `PyLong_Type` subclass as a `PyObject`, it tries to dereference the Java handle, possibly causing a segmentation fault.\n\nA real example of code that can expose this bug can be seen in `boost::python`'s [`enum.cpp`](https://github.com/boostorg/python/blob/develop/src/object/enum.cpp). In the `enum_base::add_value` method, `boost::python` needs to access the `name` member of the `enum_object` `struct` it uses for the instances of the `enum_type_object`, but this fails on GraalPy. Similarly, the C example extension below attempts to access the `member` member of the `custom_object` `struct` in its `set_member` function.\n\n```c\n/* custom_pyobject.c */\n#define PY_SSIZE_T_CLEAN\n#include \u003cPython.h\u003e\n#include \u003cstddef.h\u003e\n\ntypedef struct custom_object {\n  PyLongObject base_object;\n  PyObject* member;\n} custom_object;\n\nstatic PyMemberDef custom_members[] = {\n  {\"member\", Py_T_OBJECT_EX, offsetof(custom_object, member), Py_READONLY, 0},\n  {0, 0, 0, 0, 0}\n};\n\nstatic void custom_dealloc(custom_object* self) {\n  Py_XDECREF(self-\u003emember);\n  Py_TYPE(self)-\u003etp_free((PyObject*)self);\n}\n\nstatic PyObject* custom_repr(PyObject* self_) {\n  custom_object* self = (custom_object*)self_;\n  return PyUnicode_FromFormat(\"custom_object(%S)\", PyObject_Repr(self-\u003emember));\n}\n\nstatic PyTypeObject custom_type_object = {\n  PyObject_HEAD_INIT(NULL)\n  \"custom_object\",                          /* tp_name */\n  sizeof(custom_object),                    /* tp_basicsize */\n  0,                                        /* tp_itemsize */\n  (destructor) custom_dealloc,              /* tp_dealloc */\n  0,                                        /* tp_print */\n  0,                                        /* tp_getattr */\n  0,                                        /* tp_setattr */\n  0,                                        /* tp_compare */\n  custom_repr,                              /* tp_repr */\n  0,                                        /* tp_as_number */\n  0,                                        /* tp_as_sequence */\n  0,                                        /* tp_as_mapping */\n  0,                                        /* tp_hash */\n  0,                                        /* tp_call */\n  0,                                        /* tp_str */\n  0,                                        /* tp_getattro */\n  0,                                        /* tp_setattro */\n  0,                                        /* tp_as_buffer */\n  Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /* tp_flags */\n  0,                                        /* tp_doc */\n  0,                                        /* tp_traverse */\n  0,                                        /* tp_clear */\n  0,                                        /* tp_richcompare */\n  0,                                        /* tp_weaklistoffset */\n  0,                                        /* tp_iter */\n  0,                                        /* tp_iternext */\n  0,                                        /* tp_methods */\n  custom_members,                           /* tp_members */\n  0,                                        /* tp_getset */\n  \u0026PyLong_Type,                             /* tp_base */\n  0,                                        /* tp_dict */\n  0,                                        /* tp_descr_get */\n  0,                                        /* tp_descr_set */\n  0,                                        /* tp_dictoffset */\n  0,                                        /* tp_init */\n  0,                                        /* tp_alloc */\n  0,                                        /* tp_new */\n  0,                                        /* tp_free */\n  0,                                        /* tp_is_gc */\n  0,                                        /* tp_bases */\n  0,                                        /* tp_mro */\n  0,                                        /* tp_cache */\n  0,                                        /* tp_subclasses */\n  0,                                        /* tp_weaklist */\n  0                                         /* tp_del */\n};\n\nint custom_pyobject_mod_exec(PyObject* module) {\n  PyModule_AddType(module, \u0026custom_type_object);\n  return 0;\n}\n\nstatic PyModuleDef_Slot custom_pyobject_slots[] = {\n  {Py_mod_exec, custom_pyobject_mod_exec},\n  {0, NULL}\n};\n\nPyObject* set_member(PyObject* self, PyObject* args) {\n  PyObject* inner1;\n  PyObject* inner2;\n  if (!PyArg_ParseTuple(args, \"OO\", \u0026inner1, \u0026inner2)) {\n    return NULL;\n  }\n  custom_object* obj = (custom_object*)inner1;\n  obj-\u003emember = inner2;\n  return Py_None;\n}\n\nstatic PyMethodDef custom_pyobject_methods[] = {\n  {\"set_member\", set_member, METH_VARARGS, \"Set name.\"},\n  {NULL, NULL, 0, NULL}\n};\n\nstatic struct PyModuleDef custom_pyobject_module = {\n  .m_base = PyModuleDef_HEAD_INIT,\n  .m_name = \"custom_pyobject\",\n  .m_size = 0,\n  .m_methods = custom_pyobject_methods,\n  .m_slots = custom_pyobject_slots\n};\n\nPyMODINIT_FUNC PyInit_custom_pyobject(void) {\n  return PyModuleDef_Init(\u0026custom_pyobject_module);\n}\n```\n\nIf the code above is compiled to `custom_pyobject.so`, then the Python code below fails with a segmentation fault on GraalPy:\n\n```python\nimport custom_pyobject\nobj = custom_pyobject.custom_object(10)\ncustom_pyobject.set_member(obj, \"foo\")\nprint(obj)\n```\n\nWith CPython, the code prints `custom_object('foo')`.\n\nThe relevant discussion on Slack can be found at https://graalvm.slack.com/archives/CNA7PDH2N/p1768011927297709 .","author":{"url":"https://github.com/actapia","@type":"Person","name":"actapia"},"datePublished":"2026-01-15T20:54:38.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/595/graalpython/issues/595"}