Opened 12 years ago

Closed 12 years ago

#305 closed defect (fixed)

Renaming species crashes ARB

Reported by: aboeckma Owned by: devel
Priority: critical Milestone:
Component: no idea Version: gtkport
Keywords: Cc:

Description

  • select some species
  • open specifes information window
  • click species in the menubar
  • click rename
  • enter some name
  • click ok
  • click yes
  • BOOM

Debugger points to AW_rename.cxx linen 419: free(addid);

stack trace 

__pthread_kill ()
pthread_kill ()
abort ()
free ()
AWTC_recreate_name (gb_species=(class GBDATA *) 0x102b7f030)
species_rename_cb (aww=(AW_window *) 0x103d9b5f0, cl_gb_main=4372625392)
AW_cb_struct::run_callback (this=(AW_cb_struct *) 0x103ccd0e0)
AW_window::click_handler (aw_cb_struct=(gpointer) 0x103ccd0e0)
g_closure_invoke ()
signal_emit_unlocked_R ()
g_signal_emit_valist ()
g_signal_emit ()
gtk_widget_activate ()
gtk_menu_shell_activate_item ()
gtk_menu_shell_button_release ()
gtk_menu_button_release ()
_gtk_marshal_BOOLEAN__BOXED ()
g_closure_invoke ()
signal_emit_unlocked_R ()
g_signal_emit_valist ()
g_signal_emit ()
gtk_widget_event_internal ()
gtk_propagate_event ()
gtk_main_do_event ()
gdk_event_dispatch ()
g_main_context_dispatch ()
g_main_context_iterate ()
g_main_loop_run ()
gtk_main ()
AW_root::main_loop (this=(AW_root *) 0x102b15660)
startup_gui (cl=(NtreeCommandLine &) @0x7fff5fbff9d8: {\n  <Noncopyable> = {<No data fields>}, \n  members of NtreeCommandLine: \n  _vptr$NtreeCommandLine = 0x1003aef08, \n  arg_count = 0, \n  args = 0x7fff5fbffa80, \n  help_requested = false, \n  do_import = false, \n  macro_name = 0x0\n}, error=(ARB_ERROR &) @0x7fff5fbff9d0: {\n  error = {\n    object = 0x103d0acd0\n  }\n})
ARB_main (argc=1, argv=(char **) 0x7fff5fbffa78)
main (argc=1, argv=(char **) 0x7fff5fbffa78)

Change History (2)

comment:1 Changed 12 years ago by aboeckma

  • Component changed from Library (GUI) to !NoIdea
  • Priority changed from major to critical

This seems to be an OSX only bug.

Upon renaming eventually the function AWTC_recreate_name from AW_rename.cxx is called. At some point the variable addid is created> 

char *addid     = gb_addfield ? GB_read_as_string(gb_addfield) : strdup("");

Since gb_addfield is NULL addid is initialized with an empty string.

a few lines later aisc_get is called. 

aisc_get(name_server.getLink(), AN_LOCAL, name_server.getLocs(),
                     LOCAL_DEL_SHORT,   &deleted,
                     NULL)

After this call added points to address 0x10000000 which is obviously invalid. Upon freeing addid the program crashes.

This bug only appears on OSX. On linux everything works as indented.

comment:2 Changed 12 years ago by aboeckma

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.