View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000944Ecere SDKide:parsingpublic2013-06-29 21:362013-08-07 03:33
Reporterjerome 
Assigned Tojerome 
PriorityimmediateSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version0.44.07 
Target Version0.44.08Fixed in Version0.44.08 
Summary0000944: Crash opening historic ecere.h
DescriptionAs summarized
TagsNo tags attached.
Attached Files? file icon ecere.h [^] (56,814 bytes) 2013-06-29 21:36

- Relationships

-  Notes
(0000916)
jerome (administrator)
2013-07-01 18:35

Came across a freed memory read in grammar parser while checking under the Valgrind microscope:

https://github.com/ecere/sdk/commit/48f24abaf11aa95772c5c7adcfad367ffc0f4ecf [^]

That was not however the main issue causing the crash.
(0000917)
jerome (administrator)
2013-07-01 18:36

Simplified the test case to the following contents:

typedef struct { void * first, * last; DWORD offset; BOOL circ; } List;

#define LLITEM(t) t * prev, * next

#define DECL_ITEM(n) \
   typedef struct n n;\
   struct n {\
      LLITEM(n);

#define END_ITEM };

DECL_ITEM(Item)
END_ITEM

DECL_ITEM(LLVOID)
   void * data;
END_ITEM

typedef struct
{
   float a,r,g,b;
} Color;

typedef struct
{
   Color diffuse, ambient, specular, emissive;
   float power;
   Bitmap * baseMap, * bumpMap, * envMap;
} Material;
(0000918)
jerome (administrator)
2013-07-01 19:20
edited on: 2013-07-01 19:21

Further simplification (crashes on freeing):

typedef int foo;
A (B) C A (E) C
typedef struct { } G;

(0000919)
jerome (administrator)
2013-07-01 19:22
edited on: 2013-07-01 19:23

==9653== Invalid read of size 8
==9653== at 0x501BEAA: __ecereMethod___ecereNameSpace__ecere__sys__BinaryTree_Remove (BinaryTree.ec:90)
==9653== by 0x95CCD9D: FreeContext (freeAst.ec:235)
==9653== by 0x4842C3: __ecereMethod_CodeEditor_FreeParser (CodeEditor.ec:2511)
==9653== by 0x48245A: __ecereMethod_CodeEditor_OnDestroy (CodeEditor.ec:2112)
==9653== by 0x4FE7D0E: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5577)
==9653== by 0x4FE7D5F: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5586)
==9653== by 0x4FE7D5F: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5586)
==9653== by 0x4FE7D5F: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5586)
==9653== by 0x4FEB932: __ecereMethod___ecereNameSpace__ecere__gui__Window_Destroy (Window.ec:6409)
==9653== by 0x4E6A09: __ecereInstMeth___ecereNameSpace__ecere__gui__controls__MenuItem_NotifySelect__00000030 (ide.ec:822)
==9653== by 0x4F70EF3: __ecereMethod___ecereNameSpace__ecere__gui__controls__PopupMenu_MenuItemSelection (Menu.ec:891)
==9653== by 0x4F73379: __ecereMethod___ecereNameSpace__ecere__gui__controls__PopupMenu_OnKeyDown (Menu.ec:1279)
==9653== Address 0x92e02e8 is 40 bytes inside a block of size 344 free'd
==9653== at 0x4C2B6A6: free (vg_replace_malloc.c:446)
==9653== by 0x5028437: __ecereNameSpace__ecere__com___myfree (instance.ec:1235)
==9653== by 0x50289FF: __ecereNameSpace__ecere__com_(float, long double,...)(...) (instance.ec:1772)
==9653== by 0x5035028: __ecereNameSpace__ecere__com__eSystem_Delete (instance.ec:5777)
==9653== by 0x95CC5E0: FreeType (freeAst.ec:82)
==9653== by 0x95CC4AE: FreeType (freeAst.ec:54)
==9653== by 0x95CC629: FreeSymbol (freeAst.ec:94)
==9653== by 0x95CCD67: FreeContext (freeAst.ec:231)
==9653== by 0x4842C3: __ecereMethod_CodeEditor_FreeParser (CodeEditor.ec:2511)
==9653== by 0x48245A: __ecereMethod_CodeEditor_OnDestroy (CodeEditor.ec:2112)
==9653== by 0x4FE7D0E: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5577)
==9653== by 0x4FE7D5F: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5586)
==9653==

(0000920)
jerome (administrator)
2013-07-01 20:08

Fixed by https://github.com/ecere/sdk/commit/79b69b9a135900a02474d1a0cb9493317d382915 [^]

- Issue History
Date Modified Username Field Change
2013-06-29 21:36 jerome New Issue
2013-06-29 21:36 jerome Status new => assigned
2013-06-29 21:36 jerome Assigned To => jerome
2013-06-29 21:36 jerome File Added: ecere.h
2013-07-01 18:35 jerome Note Added: 0000916
2013-07-01 18:36 jerome Note Added: 0000917
2013-07-01 19:20 jerome Note Added: 0000918
2013-07-01 19:21 jerome Note Edited: 0000918
2013-07-01 19:22 jerome Note Added: 0000919
2013-07-01 19:23 jerome Note Edited: 0000919
2013-07-01 20:08 jerome Status assigned => resolved
2013-07-01 20:08 jerome Fixed in Version => 0.44.10 64
2013-07-01 20:08 jerome Resolution open => fixed
2013-07-01 20:08 jerome Note Added: 0000920
2013-07-04 19:43 jerome Status resolved => closed
2013-08-07 03:33 jerome Fixed in Version 0.44.10 64 => 0.44.08
2013-08-07 03:33 jerome Target Version 0.44.10 64 => 0.44.08



Copyright © 2000 - 2020 MantisBT Team
Powered by Mantis Bugtracker