Really nasty blobker for 1.91

From: Martin Sevior (msevior@physics.unimelb.edu.au)
Date: Mon May 05 2003 - 05:23:44 EDT

Next message: Marc aka Foddex: "Patch for bug 5037: Remember past values (for Find and Replace)"

Previous message: Martin Sevior: "commit: Some work for 4991."
Next in thread: Mark Gilbert: "Re: Really nasty blobker for 1.91"
Reply: Mark Gilbert: "Re: Really nasty blobker for 1.91"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Folks,
In working on 4991 I uncovered what I think is a memory corruption bug
in our piecetable. It eventually will lead to random crashes I think. I
would not like 1.91 to be released before this is fixed.

I can't work on this any more tonight.

Martin

PS. Text from 4991.

Ok I found a fix for this I thought. I will commit the change. However
I've uncovered another really nasty mem bug. It appears the piecetable
mem os being corrupted. When running though the algorithim given here.

Valgrind reports that there is a read a read into a free'd part of
memory but not the where the free actually happened.

I think the free in some region of mem that should not get free'd even
the the free is valid.

Here is the valgrind report.

==9121== Invalid read of size 1
==9121== at 0x82116EB: UT_stricmp (ut_string.cpp:172)
==9121== by 0x8239EC8: FV_View::notifyListeners(unsigned short)
(fv_View.cpp:1055)
==9121== by 0x8257EFE: FV_View::_generalUpdate()
(fv_View_protected.cpp:2336)==9121== by 0x82460C5:
FV_View::RestoreSavedPieceTableState() (fv_View.cpp:7014)
==9121== Address 0x43FCB2C4 is 0 bytes inside a block of size 4
free'd
==9121== at 0x40161048: free (vg_clientfuncs.c:185)
==9121== by 0x82D3AB7: PP_AttrProp::setProperty(char const*, char
const*) (pp_AttrProp.cpp:329)
==9121== by 0x82D3834: PP_AttrProp::setAttribute(char const*, char
const*) (pp_AttrProp.cpp:266)
==9121== by 0x82D353E: PP_AttrProp::setAttributes(char const**)
(pp_AttrProp.cpp:131)

Here is the traceback.
0x082116eb in UT_stricmp (s1=0x46277820 "1.000000", s2=0x43fcb2c4 "1.0")
    at ../../../../../abi-unstable/src/af/util/xp/ut_string.cpp:172
172 c2 = tolower (*p2++);
Current language: auto; currently c++
(gdb)
#3 0x08239ec9 in FV_View::notifyListeners(unsigned short)
(this=0x441c05f4,
    hint=5303) at
../../../../../abi-unstable/src/text/fmt/xp/fv_View.cpp:1055
1055 if (UT_stricmp(propsBlock[i],
m_chg.propsBlock[i]))
(gdb) up
#4 0x08257eff in FV_View::_generalUpdate() (this=0x441c05f4)
    at
../../../../../abi-unstable/src/text/fmt/xp/fv_View_protected.cpp:2336
2336 notifyListeners(AV_CHG_TYPING | AV_CHG_FMTCHAR |
AV_CHG_FMTBLOCK | AV_CHG_PAGECOUNT | AV_CHG_FMTSTYLE );
(gdb) up
#5 0x082460c6 in FV_View::RestoreSavedPieceTableState()
(this=0x441c05f4)
    at ../../../../../abi-unstable/src/text/fmt/xp/fv_View.cpp:7014
7014 _generalUpdate();
(gdb) up
#6 0x0812dc14 in ap_EditMethods::dlgHdrFtr(AV_View*,
EV_EditMethodCallData*) (
    pAV_View=0x441c05f4, pCallData=0xbfffda80)
    at ../../../../../abi-unstable/src/wp/ap/xp/ap_EditMethods.cpp:10662
10662 pView->RestoreSavedPieceTableState();

AbiWord eventually crashes after this.

-- 
Martin Sevior <msevior@physics.unimelb.edu.au>
University of Melbourne

Next message: Marc aka Foddex: "Patch for bug 5037: Remember past values (for Find and Replace)"
Previous message: Martin Sevior: "commit: Some work for 4991."
Next in thread: Mark Gilbert: "Re: Really nasty blobker for 1.91"
Reply: Mark Gilbert: "Re: Really nasty blobker for 1.91"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 05 2003 - 04:27:38 EDT