Python-GDL crashes

[olebole]

I am just packaging the new version for Debian. The build (and builtin tests) look fine. The Python tests also pass, but Python exits with a crash on exit. This is the stacktrace:

#0  0x00007f3e378fdf37 in IsEventLogging () at magick/log.c:482
#1  0x00007f3e378fdf74 in LogMagickEventList
    (type=CacheEvent, module=0x7f3e37a83ef4 "magick/pixel_cache.c", function=0x7f3e37a84950 <__func__.47> "DestroyCacheInfo", line=3661, format=0x7f3e37a83ffc "destroy cache %.1024s", operands=0x7ffdb27b8df0)
    at magick/log.c:556
#2  0x00007f3e378fe045 in LogMagickEvent
    (type=type@entry=CacheEvent, module=module@entry=0x7f3e37a83ef4 "magick/pixel_cache.c", function=function@entry=0x7f3e37a84950 <__func__.47> "DestroyCacheInfo", line=line@entry=3661, format=format@entry=0x7f3e37a83ffc "destroy cache %.1024s") at magick/log.c:945
#3  0x00007f3e3790b1b8 in DestroyCacheInfo (cache_info=0x270bec0) at magick/pixel_cache.c:3661
#4  0x00007f3e3790b348 in DestroyImagePixels (image=image@entry=0x270a340) at magick/pixel_cache.c:3696
#5  0x00007f3e378ec199 in DestroyImage (image=0x270a340) at magick/image.c:1471
#6  0x00007f3e3991991c in Magick::ImageRef::~ImageRef() (this=0x27064d0, __in_chrg=<optimized out>)
    at Magick++/lib/ImageRef.cpp:68
#7  0x00007f3e3990f7de in Magick::Image::~Image() (this=0x24f1808, __in_chrg=<optimized out>)
    at Magick++/lib/Image.cpp:296
#8  Magick::Image::~Image() (this=0x24f1808, __in_chrg=<optimized out>) at Magick++/lib/Image.cpp:285
#9  0x00007f3e3b2fa91d in lib::destroy() () at ./src/magick_cl.cpp:72
#10 0x00007f3e3fea9373 in _dl_fini () at dl-fini.c:138
#11 0x00007f3e3fb314d7 in __run_exit_handlers
    (status=0, listp=0x7f3e3fcb1718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108
#12 0x00007f3e3fb3167a in __GI_exit (status=<optimized out>) at exit.c:139
#13 0x00007f3e3fb19d11 in __libc_start_main (main=
    0x5ea6b0 <main>, argc=4, argv=0x7ffdb27b9738, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffdb27b9728) at ../csu/libc-start.c:342
#14 0x00000000005ea5ea in _start ()

The crash happens on cleaning up ImageMagick, so it may be a problem there. But it may also be an urelated bug (double free or so). Any ideas? GraphicsMagic is 1.3.36.

This is reproducible with a simple python3 -c "import GDL".

[olebole]

I tried to look into this with a debugger. The primary cause for the crash is that the static LogInfo * log_info in magick/log.c is accessed in IsEventLogging() after it was destroyed (which sets this pointer to NULL). The stack trace for the cleanup is

#0  DestroyLogInfo () at magick/log.c:281
#1  0x00007ffff2e55de5 in DestroyMagick () at magick/magick.c:199
#2  0x00007ffff4e6d059 in Magick::MagickCleanUp::~MagickCleanUp()
    (this=<optimized out>, __in_chrg=<optimized out>) at Magick++/lib/Image.cpp:4237
#3  0x00007ffff7c644d7 in __run_exit_handlers
    (status=0, listp=0x7ffff7de4718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108
#4  0x00007ffff7c6467a in __GI_exit (status=<optimized out>) at exit.c:139
#5  0x00007ffff7c4cd11 in __libc_start_main (main=
    0x5ea6b0 <main>, argc=3, argv=0x7fffffffe098, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe088) at ../csu/libc-start.c:342
#6  0x00000000005ea5ea in _start ()

--> The order of the functions called in atexit() seems wrong; there is an Image destroyed after the cleanup.

[olebole]

Further info: This does not happen when using ImageMagick.

[pjb7687]

I found that this happens in line 72 of magick_cl.cpp. Indeed this seems to be due to double free.

I think #1063 fixes this, I just changed the array to vector, so that it will be automatically freed when exit.

[GillesDuvert]

We have a crash #1101 with any magick operation today. reopening this in case fix is just a revert.