Re: [lmi] Segfault in lmi with wx-2.9.5

[Vadim Zeitlin]

On Sun, 14 Jul 2013 12:53:12 +0000 Greg Chicares <address@hidden> wrote:

GC> > but I just ran into a perfectly reproducible crash: after starting
GC> > LMI, press "Ctrl-N|I" and Escape when the illustration dialog is
GC> > shown. The program immediately crashes. Unfortunately the version I
GC> > built (using the official install script)
GC> 
GC> You actually used lmi's 'GNUmakefile'?

 I've followed the instructions in the INSTALL file to the letter in a
fresh VM as I wasn't sure if I could still build LMI using autotools as I
didn't do it since quite some time.

GC> But I was able to debug it.
GC> 
GC> Here's gdb output. As usual, there are many occurrences of
GC>   Invalid Address specified to RtlFreeHeap

 This is definitely very suspicious but I have no idea what causes this :-(

GC> warning: not enough space for wxSpinCtrl!

 This means that there is not enough space to lay out both the text and
spin button parts of wxSpinCtrl. If the final layout is correct, then it's
harmless as it could be given if the entire space allocated for the parent
window was too small at some stage before being increased which is normal.

GC> Program received signal SIGSEGV, Segmentation fault.
GC> 0x03d2dad1 in ?? ()
GC> (gdb) bt
GC> #0  0x03d2dad1 in ?? ()
GC> #1  0x6eaf1480 in wxDocTemplate::InitDocument(wxDocument*, wxString const&, 
long) ()
GC>    from 
/opt/lmi/local/lib/wxmsw295u_gcc_gcc-345-6b6003713289ea4d3cd9b49c5db5b721.dll
GC> #2  0x6eaec4e7 in wxDocTemplate::CreateDocument(wxString const&, long) ()
GC>    from 
/opt/lmi/local/lib/wxmsw295u_gcc_gcc-345-6b6003713289ea4d3cd9b49c5db5b721.dll

 The trouble is that I really don't see why does it crash here :-(
CreateDocument() checks that the document pointer is non-NULL before
passing it to InitDocument() and InitDocument() doesn't seem to be doing
anything that could crash. So my only hypothesis is that it actually
crashes in wxDocument::DeleteAllViews() called from the dtor of the local
object in this function if wxDocument::OnCreate() fails. The trouble with
this is that

(a) DeleteAllViews() doesn't actually appear in the stack trace
(b) I don't see if IllustrationDocument::OnCreate() actually returns false
(c) I still don't know why would DeleteAllViews() crash neither and my
    attempts to reproduce this outside LMI failed

I'm trying to build LMI with MSVC to debug it right now, hopefully this
will give me more information -- if I can reproduce the crash. Another idea
would be to build it under Linux, where gdb works much better and I'll try
this next if the first approach doesn't work out.

GC> The backtrace seems different than gdb's:
...
GC> Call stack:
GC> AddrPC     AddrReturn AddrFrame  AddrStack  Params
GC> 00FC0600   6F483DA3   0022EEAC   0022EEB0   03C46008   FFFFFFFF   0022EF0C  
 6EAF135C
GC> 00FC0600  lmi_wx_shared.exe:00FC0600C:\opt\lmi\bin\lmi_wx_shared.exe: No 
symbol found
GC> 
GC> 6F483DA3   6EAF1480   0022EF0C   0022EEB0   0022EF74   0022F1B4   00000001  
 03BF9490
GC> 6F483DA3  
wxmsw295u_gcc_gcc-345-6b6003713289ea4d3cd9b49c5db5b721.dll:6F483DA3C:\opt\lmi\local\lib\wxmsw295u_gcc_gcc-345-6b6003713289ea4d3cd9b49c5db5b721.dll:
 No symbol found
GC>   _ZN9wxPenBaseD1Ev
GC> 6EAF1480   6EAEC4E7   0022EF9C   0022EEB0   03BF9490   03C46008   0022F1B4  
 00000001
GC> 6EAF1480  
wxmsw295u_gcc_gcc-345-6b6003713289ea4d3cd9b49c5db5b721.dll:6EAF1480C:\opt\lmi\local\lib\wxmsw295u_gcc_gcc-345-6b6003713289ea4d3cd9b49c5db5b721.dll:
 No symbol found
GC>   _ZN13wxDocTemplate12InitDocumentEP10wxDocumentRK8wxStringl

 I'd trust gdb more because I don't see any wxPens being destroyed here at
all ("_ZN9wxPenBaseD1Ev" is the mangled name of wxPen destructor).

 Anyhow, the good news is that it does seem like I found the same crash
that you saw. The bad news is that I really need to fix it in wxWidgets (if
it's a wxWidgets problem but this seems very likely right now) urgently and
so far I don't know how to do it.

 Regards,
VZ