View Issue Details

IDProjectCategoryView StatusLast Update
0000944Ecere SDKide:parsingpublic2013-08-07 03:33
Reporterjerome Assigned Tojerome  
PriorityimmediateSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version0.44.07 
Target Version0.44.08Fixed in Version0.44.08 
Summary0000944: Crash opening historic ecere.h
DescriptionAs summarized
TagsNo tags attached.

Activities

2013-06-29 21:36

 

ecere.h (56,814 bytes)

jerome

2013-07-01 18:35

administrator   ~0000916

Came across a freed memory read in grammar parser while checking under the Valgrind microscope:

https://github.com/ecere/sdk/commit/48f24abaf11aa95772c5c7adcfad367ffc0f4ecf

That was not however the main issue causing the crash.

jerome

2013-07-01 18:36

administrator   ~0000917

Simplified the test case to the following contents:

typedef struct { void * first, * last; DWORD offset; BOOL circ; } List;

#define LLITEM(t) t * prev, * next

#define DECL_ITEM(n) \
   typedef struct n n;\
   struct n {\
      LLITEM(n);

#define END_ITEM };

DECL_ITEM(Item)
END_ITEM

DECL_ITEM(LLVOID)
   void * data;
END_ITEM

typedef struct
{
   float a,r,g,b;
} Color;

typedef struct
{
   Color diffuse, ambient, specular, emissive;
   float power;
   Bitmap * baseMap, * bumpMap, * envMap;
} Material;

jerome

2013-07-01 19:20

administrator   ~0000918

Last edited: 2013-07-01 19:21

Further simplification (crashes on freeing):

typedef int foo;
A (B) C A (E) C
typedef struct { } G;

jerome

2013-07-01 19:22

administrator   ~0000919

Last edited: 2013-07-01 19:23

==9653== Invalid read of size 8
==9653== at 0x501BEAA: __ecereMethod___ecereNameSpace__ecere__sys__BinaryTree_Remove (BinaryTree.ec:90)
==9653== by 0x95CCD9D: FreeContext (freeAst.ec:235)
==9653== by 0x4842C3: __ecereMethod_CodeEditor_FreeParser (CodeEditor.ec:2511)
==9653== by 0x48245A: __ecereMethod_CodeEditor_OnDestroy (CodeEditor.ec:2112)
==9653== by 0x4FE7D0E: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5577)
==9653== by 0x4FE7D5F: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5586)
==9653== by 0x4FE7D5F: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5586)
==9653== by 0x4FE7D5F: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5586)
==9653== by 0x4FEB932: __ecereMethod___ecereNameSpace__ecere__gui__Window_Destroy (Window.ec:6409)
==9653== by 0x4E6A09: __ecereInstMeth___ecereNameSpace__ecere__gui__controls__MenuItem_NotifySelect__00000030 (ide.ec:822)
==9653== by 0x4F70EF3: __ecereMethod___ecereNameSpace__ecere__gui__controls__PopupMenu_MenuItemSelection (Menu.ec:891)
==9653== by 0x4F73379: __ecereMethod___ecereNameSpace__ecere__gui__controls__PopupMenu_OnKeyDown (Menu.ec:1279)
==9653== Address 0x92e02e8 is 40 bytes inside a block of size 344 free'd
==9653== at 0x4C2B6A6: free (vg_replace_malloc.c:446)
==9653== by 0x5028437: __ecereNameSpace__ecere__com___myfree (instance.ec:1235)
==9653== by 0x50289FF: __ecereNameSpace__ecere__com_(float, long double,...)(...) (instance.ec:1772)
==9653== by 0x5035028: __ecereNameSpace__ecere__com__eSystem_Delete (instance.ec:5777)
==9653== by 0x95CC5E0: FreeType (freeAst.ec:82)
==9653== by 0x95CC4AE: FreeType (freeAst.ec:54)
==9653== by 0x95CC629: FreeSymbol (freeAst.ec:94)
==9653== by 0x95CCD67: FreeContext (freeAst.ec:231)
==9653== by 0x4842C3: __ecereMethod_CodeEditor_FreeParser (CodeEditor.ec:2511)
==9653== by 0x48245A: __ecereMethod_CodeEditor_OnDestroy (CodeEditor.ec:2112)
==9653== by 0x4FE7D0E: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5577)
==9653== by 0x4FE7D5F: __ecereMethod___ecereNameSpace__ecere__gui__Window_DestroyEx (Window.ec:5586)
==9653==

jerome

2013-07-01 20:08

administrator   ~0000920

Fixed by https://github.com/ecere/sdk/commit/79b69b9a135900a02474d1a0cb9493317d382915

Issue History

Date Modified Username Field Change
2013-06-29 21:36 jerome New Issue
2013-06-29 21:36 jerome Status new => assigned
2013-06-29 21:36 jerome Assigned To => jerome
2013-06-29 21:36 jerome File Added: ecere.h
2013-07-01 18:35 jerome Note Added: 0000916
2013-07-01 18:36 jerome Note Added: 0000917
2013-07-01 19:20 jerome Note Added: 0000918
2013-07-01 19:21 jerome Note Edited: 0000918
2013-07-01 19:22 jerome Note Added: 0000919
2013-07-01 19:23 jerome Note Edited: 0000919
2013-07-01 20:08 jerome Status assigned => resolved
2013-07-01 20:08 jerome Fixed in Version => 0.44.10 64
2013-07-01 20:08 jerome Resolution open => fixed
2013-07-01 20:08 jerome Note Added: 0000920
2013-07-04 19:43 jerome Status resolved => closed
2013-08-07 03:33 jerome Fixed in Version 0.44.10 64 => 0.44.08
2013-08-07 03:33 jerome Target Version 0.44.10 64 => 0.44.08