0000944: Crash opening historic ecere.h - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0000944	Ecere SDK	ide:parsing	public	2013-06-29 21:36	2013-08-07 03:33

Reporter	jerome	Assigned To	jerome
Priority	immediate	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	0.44.07
Target Version	0.44.08	Fixed in Version	0.44.08

Summary	0000944: Crash opening historic ecere.h
Description	As summarized
Tags	No tags attached.
Attached Files	ecere.h (56,814 bytes)

jerome 2013-07-01 18:35 administrator ~0000916	Came across a freed memory read in grammar parser while checking under the Valgrind microscope: https://github.com/ecere/sdk/commit/48f24abaf11aa95772c5c7adcfad367ffc0f4ecf That was not however the main issue causing the crash.

jerome 2013-07-01 18:36 administrator ~0000917	Simplified the test case to the following contents: typedef struct { void * first, * last; DWORD offset; BOOL circ; } List; #define LLITEM(t) t * prev, * next #define DECL_ITEM(n) \ typedef struct n n;\ struct n {\ LLITEM(n); #define END_ITEM }; DECL_ITEM(Item) END_ITEM DECL_ITEM(LLVOID) void * data; END_ITEM typedef struct { float a,r,g,b; } Color; typedef struct { Color diffuse, ambient, specular, emissive; float power; Bitmap * baseMap, * bumpMap, * envMap; } Material;

jerome 2013-07-01 19:20 administrator ~0000918 Last edited: 2013-07-01 19:21	Further simplification (crashes on freeing): typedef int foo; A (B) C A (E) C typedef struct { } G;

jerome 2013-07-01 19:22 administrator ~0000919 Last edited: 2013-07-01 19:23	==9653== Invalid read of size 8 ==9653== at 0x501BEAA: __ecereMethod___ecereNameSpace__ecere__sys__BinaryTree_Remove (BinaryTree.ec:90) ==9653== by 0x95CCD9D: FreeContext (freeAst.ec:235) ==9653== by 0x4842C3: __ecereMethod_CodeEditor_FreeParser (CodeEditor.ec:2511) ==9653== by 0x48245A: __ecereMethod_CodeEditor_OnDestroy (CodeEditor.ec:2112) ==9653== by 0x4FE7D0E: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5577) ==9653== by 0x4FE7D5F: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5586) ==9653== by 0x4FE7D5F: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5586) ==9653== by 0x4FE7D5F: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5586) ==9653== by 0x4FEB932: __ecereMethod___ecereNameSpace__ecere__gui__Window_Destroy (Window.ec:6409) ==9653== by 0x4E6A09: __ecereInstMeth___ecereNameSpace__ecere__gui__controls__MenuItem_NotifySelect__00000030 (ide.ec:822) ==9653== by 0x4F70EF3: __ecereMethod___ecereNameSpace__ecere__gui__controls__PopupMenu_MenuItemSelection (Menu.ec:891) ==9653== by 0x4F73379: __ecereMethod___ecereNameSpace__ecere__gui__controls__PopupMenu_OnKeyDown (Menu.ec:1279) ==9653== Address 0x92e02e8 is 40 bytes inside a block of size 344 free'd ==9653== at 0x4C2B6A6: free (vg_replace_malloc.c:446) ==9653== by 0x5028437: __ecereNameSpace__ecere__com___myfree (instance.ec:1235) ==9653== by 0x50289FF: __ecereNameSpace__ecere__com_(float, long double,...)(...) (instance.ec:1772) ==9653== by 0x5035028: __ecereNameSpace__ecere__com__eSystem_Delete (instance.ec:5777) ==9653== by 0x95CC5E0: FreeType (freeAst.ec:82) ==9653== by 0x95CC4AE: FreeType (freeAst.ec:54) ==9653== by 0x95CC629: FreeSymbol (freeAst.ec:94) ==9653== by 0x95CCD67: FreeContext (freeAst.ec:231) ==9653== by 0x4842C3: __ecereMethod_CodeEditor_FreeParser (CodeEditor.ec:2511) ==9653== by 0x48245A: __ecereMethod_CodeEditor_OnDestroy (CodeEditor.ec:2112) ==9653== by 0x4FE7D0E: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5577) ==9653== by 0x4FE7D5F: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5586) ==9653==

jerome 2013-07-01 20:08 administrator ~0000920	Fixed by https://github.com/ecere/sdk/commit/79b69b9a135900a02474d1a0cb9493317d382915

Date Modified	Username	Field	Change
2013-06-29 21:36	jerome	New Issue
2013-06-29 21:36	jerome	Status	new => assigned
2013-06-29 21:36	jerome	Assigned To	=> jerome
2013-06-29 21:36	jerome	File Added: ecere.h
2013-07-01 18:35	jerome	Note Added: 0000916
2013-07-01 18:36	jerome	Note Added: 0000917
2013-07-01 19:20	jerome	Note Added: 0000918
2013-07-01 19:21	jerome	Note Edited: 0000918
2013-07-01 19:22	jerome	Note Added: 0000919
2013-07-01 19:23	jerome	Note Edited: 0000919
2013-07-01 20:08	jerome	Status	assigned => resolved
2013-07-01 20:08	jerome	Fixed in Version	=> 0.44.10 64
2013-07-01 20:08	jerome	Resolution	open => fixed
2013-07-01 20:08	jerome	Note Added: 0000920
2013-07-04 19:43	jerome	Status	resolved => closed
2013-08-07 03:33	jerome	Fixed in Version	0.44.10 64 => 0.44.08
2013-08-07 03:33	jerome	Target Version	0.44.10 64 => 0.44.08