Bug #1868

Updated by Chris Cannam 3 months ago

Reproduceable on macOS and Linux with VamPy 2.0 or repo tip, system Python 2.7.

* Ensure that you have @vampy.so@ or @vampy.dylib@ in a Vamp plugin directory
* Place the following in a file called @Test.py@ in a Vamp plugin directory. Note that this defines its own @Feature@ class (colliding with the VamPy one), and also takes too few args to @__init__@ of the @Test@ class for it to be usable as a VamPy plugin:

class Feature(object):
def __init__(self):
print "I am a Feature"

class Test:
def __init__(self):
print "I am a Test"

* Run the Piper Vamp plugin server (as used by SV), e.g. with the following incantation

$ echo '{"method": "list"}' | piper-vamp-simple-server -d json

* Observe that the server crashes before printing the return value of the @list@ method call.

If you either remove the @Feature@ class from @Test.py@, or make the @Test@ @__init__@ method take two arguments, then it doesn't crash. If @Test.py@ is the only Python file present in the Vamp path, it also doesn't crash - there must be at least one valid Vamp plugin as well.

Stack trace on Linux via valgrind:

==18262== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==18262== Access not within mapped region at address 0x0
==18262== at 0x76E6054: type_dealloc.lto_priv.57 (in /usr/lib/libpython2.7.so.1.0)
==18262== by 0x7642898: PyDict_Clear (in /usr/lib/libpython2.7.so.1.0)
==18262== by 0x487B231: PyExtensionManager::cleanModule() const (PyExtensionManager.cpp:218)
==18262== by 0x487A80A: PyExtensionManager::~PyExtensionManager() (PyExtensionManager.cpp:91)
==18262== by 0x517B996: __cxa_finalize (in /usr/lib/libc-2.28.so)
==18262== by 0x484CC27: ??? (in /home/cannam/vamp/vampy.so)
==18262== by 0x4015154: _dl_close_worker (in /usr/lib/ld-2.28.so)
==18262== by 0x4015AA1: _dl_close (in /usr/lib/ld-2.28.so)
==18262== by 0x5278F56: _dl_catch_exception (in /usr/lib/libc-2.28.so)
==18262== by 0x5278FF2: _dl_catch_error (in /usr/lib/libc-2.28.so)
==18262== by 0x4E0F8BE: ??? (in /usr/lib/libdl-2.28.so)
==18262== by 0x4E0F287: dlclose (in /usr/lib/libdl-2.28.so)


The crash occurs in @PyExtensionManager::cleanModule@, but it seems to be a consequence of something that happens in the preceding previous call to @PyExtensionManager::cleanLocalNamespace@. If you modify @cleanLocalNamespace@ so as to return immediately when the namespace name matches @"Test"@, then the crash does not occur. Alternatively Alternatively, you can modify @PyExtensionManager::m_exposedNames@ (the set of names cleaned from the local namespace) and to remove @Feature@ to avert which averts this crash, though presumably crash (presumably it would still crash if the "plugin" redefined one of the other classes. classes).