NSData creation from bytes segfaults on MacOSX 10.15 beta

Issue #271 resolved
rndblnch created an issue

various ways of creating NSData from python bytes segfaults on MacOSX 10.15 beta.

steps to reproduce with default system python on a fresh Catalina install:

Python 2.7.16 (default, Aug 24 2019, 18:37:03) 
[GCC 4.2.1 Compatible Apple LLVM 11.0.0 (clang-1100.0.32.4) (-macos10.15-objc-s on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from Foundation import NSData
>>> NSData.alloc().initWithData_(b'titi')
Segmentation fault: 11

here is the report:

Process:               Python [1727]
Path:                  /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python
Identifier:            Python
Version:               2.7.16 (2.7.16)
Build Info:            python-125000000000000~400
Code Type:             X86-64 (Native)
Parent Process:        bash [1343]
Responsible:           Terminal [1339]
User ID:               501

Date/Time:             2019-09-12 15:11:54.481 +0200
OS Version:            Mac OS X 10.15 (19A558d)
Report Version:        12
Anonymous UUID:        02A27FD4-F7ED-F780-8336-D8EF8EE29E83

Sleep/Wake UUID:       629ACEBF-E6B5-4C2E-9C32-70A5B03B17E7

Time Awake Since Boot: 3900 seconds
Time Since Wake:       1900 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000038
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [1727]

VM Regions Near 0x38:
    __TEXT                 0000000103488000-000000010348a000 [    8K] r-x/r-x SM=COW  /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libobjc.A.dylib                 0x00007fff6c1fae2a getIvar(objc_class*, char const*) + 32
1   libobjc.A.dylib                 0x00007fff6c1fadc9 _class_getVariable + 70
2   _objc.so                        0x00000001036a97ee PyObjCClass_New + 706
3   _objc.so                        0x00000001036a5516 PyObjCObject_New + 59
4   _objc.so                        0x00000001036bcc8b 0x1036a3000 + 105611
5   _objc.so                        0x00000001036c211c 0x1036a3000 + 127260
6   org.python.python               0x00007fff41258319 PyObject_Call + 97
7   org.python.python               0x00007fff412d440a PyEval_EvalFrameEx + 20636
8   org.python.python               0x00007fff412ced5e PyEval_EvalCodeEx + 534
9   org.python.python               0x00007fff412ceb42 PyEval_EvalCode + 32
10  org.python.python               0x00007fff412f0e2d 0x7fff4124e000 + 667181
11  org.python.python               0x00007fff412f0c72 PyRun_InteractiveOneFlags + 344
12  org.python.python               0x00007fff412f0707 PyRun_InteractiveLoopFlags + 87
13  org.python.python               0x00007fff412f061c PyRun_AnyFileExFlags + 60
14  org.python.python               0x00007fff41302680 Py_Main + 3204
15  libdyld.dylib                   0x00007fff6d55e2a5 start + 1

Thread 1:
0   libsystem_pthread.dylib         0x00007fff6d7675b4 start_wqthread + 0

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000008  rbx: 0x00007fff91fad0c0  rcx: 0x0000000000000307  rdx: 0x0000000020800000
  rdi: 0x00007fff91fad0c0  rsi: 0x00000001036d6002  rbp: 0x00007ffeec7774f0  rsp: 0x00007ffeec7774c0
   r8: 0x000000000000004e   r9: 0x0000000020490009  r10: 0x0000000000000027  r11: 0x0000000000000000
  r12: 0x0000000000000000  r13: 0x00007ff36b044c10  r14: 0x00000001036d6002  r15: 0x00007fff38a2f2d3
  rip: 0x00007fff6c1fae2a  rfl: 0x0000000000010202  cr2: 0x0000000000000038

Logical CPU:     2
Error Code:      0x00000004 (no mapping for user data write)
Trap Number:     14

the initWith* variants all leads to the same result, but when invoking NSData.dataWith* (instead of NSData.alloc().initWith*), it works.

Comments (9)

  1. Ronald Oussoren repo owner

    Is this something you can reproduce using the latest release on PyPI?

    The version of PyObjC shipped with macOS is ancient, and is not something I’m involved in.

  2. Ronald Oussoren repo owner

    BTW. I cannot test on the latest Catalina beta myself, I’m running the beta’s in a VMware Fusion VM and that’s not compatible with recente beta releases.

  3. rndblnch reporter

    I just managed to test with the system python +pyobjc installed from pip in a virtualenv and get the same behaviour:

    Python 2.7.16 (default, Aug 24 2019, 18:37:03) 
    [GCC 4.2.1 Compatible Apple LLVM 11.0.0 (clang-1100.0.32.4) (-macos10.15-objc-s on darwin
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import objc
    >>> objc.__version__
    >>> from Foundation import NSData
    >>> NSData.alloc().initWithData_(b'titi')
    Segmentation fault: 11

  4. Ronald Oussoren repo owner

    I can reproduce this issue with python3.8 and the pyobjc 6.x branch on macOS 10.15 (current beta).

  5. Ronald Oussoren repo owner

    This appears to be a bug in macOS, the crash happens when PyObjC tries to introspect a placeholder class in Foundation:

    (lldb) thread backtrace

    * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x38)

    * frame #0: 0x00007fff5dbace2a libobjc.A.dylib`getIvar(objc_class*, char const*) + 32

    frame #1: 0x00007fff5dbacdc9 libobjc.A.dylib`_class_getVariable + 70

    frame #2: 0x0000000101199fe9 _objc.cpython-37m-darwin.so`PyObjCClass_New(objc_class=_NSPlaceholderData) at objc-class.m:2173:11 [opt]

    frame #3: 0x000000010117f7fb _objc.cpython-37m-darwin.so`PyObjCObject_New(objc_object=0x00007fff8b935b88, flags=1, retain=0) at objc-object.m:1123:31 [opt]

    frame #4: 0x00000001011a1b1c _objc.cpython-37m-darwin.so`call_NSObject_alloc(method=0x00000001011449f0, self=<unavailable>, arguments=<unavailable>) at helpers-foundation-nsobject.m:170:12 [opt]

    frame #5: 0x00000001011808b5 _objc.cpython-37m-darwin.so`objcsel_call(_self=0x00000001011449f0, args=0x000000010045f050, kwds=<unavailable>) at selector.m:526:23 [opt]

    frame #6: 0x00000001001273f1 .Python`_PyObject_FastCallKeywords + 433

  6. Ronald Oussoren repo owner

    Thanks for the report. This is now fixed in the repository, both for the production and development branch.

  7. Log in to comment