Text only | Text with Images

The International Simutrans Forum

Simutrans Extended => Simutrans-Extended bug reports => Simutrans-Extended development => Simutrans-Extended closed bug reports => Topic started by: inkelyad on June 25, 2011, 05:51:37 PM

Title: [9.10? BUG] Closing convoy info window -> segfault.
Post by: inkelyad on June 25, 2011, 05:51:37 PM
This one will be hard to catch.
Here is valgrind output:
Code Select

==6689== Invalid free() / delete / delete[]
==6689==    at 0x4023503: operator delete[](void*) (vg_replace_malloc.c:409)
==6689==    by 0x828C129: cbuffer_t::~cbuffer_t() (cbuffer_t.cc:22)
==6689==    by 0x8121D8C: convoi_info_t::~convoi_info_t() (convoi_info_t.cc:247)
==6689==    by 0x826489A: destroy_framed_win(simwin_t*) (simwin.cc:647)
==6689==    by 0x82646ED: process_kill_list() (simwin.cc:605)
==6689==    by 0x8266F0E: check_pos_win(event_t*) (simwin.cc:1290)
==6689==    by 0x8282293: karte_t::interactive(unsigned int) (simworld.cc:6193)
==6689==    by 0x8237610: simu_main(int, char**) (simmain.cc:1274)
==6689==    by 0x82B9674: main (simsys_s.cc:681)
==6689==  Address 0xede7a78 is 0 bytes inside a block of size 256 free'd
==6689==    at 0x4023503: operator delete[](void*) (vg_replace_malloc.c:409)
==6689==    by 0x828C129: cbuffer_t::~cbuffer_t() (cbuffer_t.cc:22)
==6689==    by 0x81129F4: gui_textarea_t::~gui_textarea_t() (gui_textarea.cc:31)
==6689==    by 0x8121D3C: convoi_info_t::~convoi_info_t() (convoi_info_t.cc:247)
==6689==    by 0x826489A: destroy_framed_win(simwin_t*) (simwin.cc:647)
==6689==    by 0x82646ED: process_kill_list() (simwin.cc:605)
==6689==    by 0x8266F0E: check_pos_win(event_t*) (simwin.cc:1290)
==6689==    by 0x8282293: karte_t::interactive(unsigned int) (simworld.cc:6193)
==6689==    by 0x8237610: simu_main(int, char**) (simmain.cc:1274)
==6689==    by 0x82B9674: main (simsys_s.cc:681)

Some memory (buffer inside cbuffer_t) freed twice.
once via ~convoi_info_t() -> ~gui_textarea_t() -> ~cbuffer_t() path.
Second time ~convoi_info_t() -> ~cbuffer_t() path.

Edit. I was lucky.
Here:
Code Select

convoi_info_t::convoi_info_t(convoihandle_t cnv)
   :   gui_frame_t(cnv->get_name(), cnv->get_besitzer()),
       scrolly(&text),
       text(&freight_info),

text is gui_textarea_t, freight_info is cbuffer_t
Code Select

gui_textarea_t::gui_textarea_t(cbuffer_t* buf_)
   {
       buf = buf_;
       recalc_size();
   }

End result:
convoi_info_t.text.buf == &(convoi_info_t.freight_info)

Edit^2:
FIX (https://github.com/inkelyad/simutrans-experimental/commit/3efe6a265eb7d06651335ae76ced0dad6a1ecfb5)

Title: Re: [9.10? BUG] Closing convoy info window -> segfault.
Post by: jamespetts on June 26, 2011, 10:42:57 AM
Inkelyad,

thank you very much indeed for that fix - pushed to the 9.x branch.
Title: Re: [9.10? BUG] Closing convoy info window -> segfault.
Post by: jamespetts on June 26, 2011, 12:18:40 PM
9.10 incorporating this fix is now released.
Text only | Text with Images