NSData creation from bytes segfaults on MacOSX 10.15 beta

[ronaldoussoren]

Original report by rndblnch (Bitbucket: rndblnch, GitHub: rndblnch).

---

various ways of creating NSData from python bytes segfaults on MacOSX 10.15 beta.

steps to reproduce with default system python on a fresh Catalina install:

Python 2.7.16 (default, Aug 24 2019, 18:37:03) 
[GCC 4.2.1 Compatible Apple LLVM 11.0.0 (clang-1100.0.32.4) (-macos10.15-objc-s on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from Foundation import NSData
>>> NSData.alloc().initWithData_(b'titi')
Segmentation fault: 11

here is the report:

Process:               Python [1727]
Path:                  /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python
Identifier:            Python
Version:               2.7.16 (2.7.16)
Build Info:            python-125000000000000~400
Code Type:             X86-64 (Native)
Parent Process:        bash [1343]
Responsible:           Terminal [1339]
User ID:               501

Date/Time:             2019-09-12 15:11:54.481 +0200
OS Version:            Mac OS X 10.15 (19A558d)
Report Version:        12
Anonymous UUID:        02A27FD4-F7ED-F780-8336-D8EF8EE29E83

Sleep/Wake UUID:       629ACEBF-E6B5-4C2E-9C32-70A5B03B17E7

Time Awake Since Boot: 3900 seconds
Time Since Wake:       1900 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000038
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [1727]

VM Regions Near 0x38:
--> 
    __TEXT                 0000000103488000-000000010348a000 [    8K] r-x/r-x SM=COW  /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libobjc.A.dylib               	0x00007fff6c1fae2a getIvar(objc_class*, char const*) + 32
1   libobjc.A.dylib               	0x00007fff6c1fadc9 _class_getVariable + 70
2   _objc.so                      	0x00000001036a97ee PyObjCClass_New + 706
3   _objc.so                      	0x00000001036a5516 PyObjCObject_New + 59
4   _objc.so                      	0x00000001036bcc8b 0x1036a3000 + 105611
5   _objc.so                      	0x00000001036c211c 0x1036a3000 + 127260
6   org.python.python             	0x00007fff41258319 PyObject_Call + 97
7   org.python.python             	0x00007fff412d440a PyEval_EvalFrameEx + 20636
8   org.python.python             	0x00007fff412ced5e PyEval_EvalCodeEx + 534
9   org.python.python             	0x00007fff412ceb42 PyEval_EvalCode + 32
10  org.python.python             	0x00007fff412f0e2d 0x7fff4124e000 + 667181
11  org.python.python             	0x00007fff412f0c72 PyRun_InteractiveOneFlags + 344
12  org.python.python             	0x00007fff412f0707 PyRun_InteractiveLoopFlags + 87
13  org.python.python             	0x00007fff412f061c PyRun_AnyFileExFlags + 60
14  org.python.python             	0x00007fff41302680 Py_Main + 3204
15  libdyld.dylib                 	0x00007fff6d55e2a5 start + 1

Thread 1:
0   libsystem_pthread.dylib       	0x00007fff6d7675b4 start_wqthread + 0

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000008  rbx: 0x00007fff91fad0c0  rcx: 0x0000000000000307  rdx: 0x0000000020800000
  rdi: 0x00007fff91fad0c0  rsi: 0x00000001036d6002  rbp: 0x00007ffeec7774f0  rsp: 0x00007ffeec7774c0
   r8: 0x000000000000004e   r9: 0x0000000020490009  r10: 0x0000000000000027  r11: 0x0000000000000000
  r12: 0x0000000000000000  r13: 0x00007ff36b044c10  r14: 0x00000001036d6002  r15: 0x00007fff38a2f2d3
  rip: 0x00007fff6c1fae2a  rfl: 0x0000000000010202  cr2: 0x0000000000000038
  
Logical CPU:     2
Error Code:      0x00000004 (no mapping for user data write)
Trap Number:     14

‌

the initWith* variants all leads to the same result, but when invoking NSData.dataWith* (instead of NSData.alloc().initWith*), it works.

[ronaldoussoren]

Original comment by Ronald Oussoren (Bitbucket: ronaldoussoren, GitHub: ronaldoussoren).

---

Is this something you can reproduce using the latest release on PyPI?

The version of PyObjC shipped with macOS is ancient, and is not something I’m involved in.

[ronaldoussoren]

Original comment by Ronald Oussoren (Bitbucket: ronaldoussoren, GitHub: ronaldoussoren).

---

BTW. I cannot test on the latest Catalina beta myself, I’m running the beta’s in a VMware Fusion VM and that’s not compatible with recente beta releases.

[ronaldoussoren]

Original comment by rndblnch (Bitbucket: rndblnch, GitHub: rndblnch).

---

I just managed to test with the system python +pyobjc installed from pip in a virtualenv and get the same behaviour:

‌

Python 2.7.16 (default, Aug 24 2019, 18:37:03) 
[GCC 4.2.1 Compatible Apple LLVM 11.0.0 (clang-1100.0.32.4) (-macos10.15-objc-s on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import objc
>>> objc.__version__
'5.2'
>>> from Foundation import NSData
>>> NSData.alloc().initWithData_(b'titi')
Segmentation fault: 11

‌

[ronaldoussoren]

Original comment by Ronald Oussoren (Bitbucket: ronaldoussoren, GitHub: ronaldoussoren).

---

I can reproduce this issue with python3.8 and the pyobjc 6.x branch on macOS 10.15 (current beta).

[ronaldoussoren]

Original comment by Ronald Oussoren (Bitbucket: ronaldoussoren, GitHub: ronaldoussoren).

---

This appears to be a bug in macOS, the crash happens when PyObjC tries to introspect a placeholder class in Foundation:

(lldb) thread backtrace

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x38)

* frame #0: 0x00007fff5dbace2a libobjc.A.dylib`getIvar(objc_class*, char const*) + 32

frame #1: 0x00007fff5dbacdc9 libobjc.A.dylib`_class_getVariable + 70

frame #2: 0x0000000101199fe9 _objc.cpython-37m-darwin.so`PyObjCClass_New(objc_class=_NSPlaceholderData) at objc-class.m:2173:11 [opt]

frame #3: 0x000000010117f7fb _objc.cpython-37m-darwin.so`PyObjCObject_New(objc_object=0x00007fff8b935b88, flags=1, retain=0) at objc-object.m:1123:31 [opt]

frame #4: 0x00000001011a1b1c _objc.cpython-37m-darwin.so`call_NSObject_alloc(method=0x00000001011449f0, self=<unavailable>, arguments=<unavailable>) at helpers-foundation-nsobject.m:170:12 [opt]

frame #5: 0x00000001011808b5 _objc.cpython-37m-darwin.so`objcsel_call(_self=0x00000001011449f0, args=0x000000010045f050, kwds=<unavailable>) at selector.m:526:23 [opt]

frame #6: 0x00000001001273f1 .Python`_PyObject_FastCallKeywords + 433

[ronaldoussoren]

Original comment by Ronald Oussoren (Bitbucket: ronaldoussoren, GitHub: ronaldoussoren).

---

Issue #271: Crash when creating NSData objects on macOS 10.15

This fixes #271.

[ronaldoussoren]

Original comment by Ronald Oussoren (Bitbucket: ronaldoussoren, GitHub: ronaldoussoren).

---

changes 540efd23070f fixes this on the 5.x branch.

[ronaldoussoren]

Original comment by Ronald Oussoren (Bitbucket: ronaldoussoren, GitHub: ronaldoussoren).

---

Thanks for the report. This is now fixed in the repository, both for the production and development branch.

[ronaldoussoren]

Original comment by rndblnch (Bitbucket: rndblnch, GitHub: rndblnch).

---

thank you for the fix!

and for making pyobjc!