Ticket #1623 (closed defect: fixed)

Opened 15 years ago

Last modified 15 years ago

Crash on editor replace dialog at cancel

Reported by: dmartina Owned by: andrew_b
Priority: critical Milestone: 4.7.0-pre3
Component: mc-search Version: master
Keywords: Cc:
Blocked By: Blocking:
Branch state: Votes for changeset:

Description

After 14/9/2009 changes:

Edit file with F4, then F4+ESC+ESC=crash. If using the proper cancel button it crashes as well.

  • It doesn't happen with this morning's build (I kept it)
  • I tried to reproduce it with no locale (LANG= mc) but there's no crash in English, just in Spanish

gdb/bt:
#0 0xb7f11410 in kernel_vsyscall ()
#1 0xb7c16085 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7c17a01 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0xb7c4eb7c in ?? () from /lib/tls/i686/cmov/libc.so.6
#4 0xb7c5a61b in free () from /lib/tls/i686/cmov/libc.so.6
#5 0xb7d79b81 in g_free () from /usr/lib/libglib-2.0.so.0
#6 0xb7d9132f in g_strfreev () from /usr/lib/libglib-2.0.so.0
#7 0x080c80f8 in editcmd_dialog_replace_show (edit=0x81fcd40,

search_default=0x2 <Address 0x2 out of bounds>,
replace_default=0x81e83b0 "", search_text=0xbfe2faec,
replace_text=0xbfe2fae8) at editcmd_dialogs.c:129

#8 0x080baeba in edit_replace_cmd (edit=0x81fcd40, again=0) at editcmd.c:1482
#9 0x080b6a6b in edit_execute_cmd (edit=0x81fcd40, command=303,

char_for_insertion=-1) at edit.c:3039

#10 0x080b5710 in edit_execute_key_command (edit=0x81fcd40, command=303,

char_for_insertion=-1) at edit.c:2534

#11 0x080bf087 in edit_callback (w=0x81fcd40, msg=WIDGET_KEY, parm=1004)

at editwidget.c:354

#12 0x080bebf3 in send_message (w=0x81fcd40, msg=WIDGET_KEY, parm=1004)

at ../src/tty/../../src/dialog.h:227

#13 0x080bec5c in cmd_F4 (edit=0x81fcd40) at editwidget.c:255
#14 0x080a6d65 in buttonbar_call (bb=0x81e6e50, i=3) at widget.c:2494
#15 0x080a6e31 in buttonbar_callback (w=0x81e6e50, msg=WIDGET_HOTKEY,

parm=1004) at widget.c:2522

#16 0x08071916 in send_message (w=0x81e6e50, msg=WIDGET_HOTKEY, parm=1004)

at ../src/tty/../../src/dialog.h:227

#17 0x08072015 in dlg_try_hotkey (h=0x81e70b0, d_key=1004) at dialog.c:681
#18 0x080720ea in dlg_key_event (h=0x81e70b0, d_key=1004) at dialog.c:717
#19 0x080724c0 in dlg_process_event (h=0x81e70b0, key=1004, event=0xbfe310f8)

at dialog.c:826

#20 0x08072599 in frontend_run_dlg (h=0x81e70b0) at dialog.c:858
#21 0x080725f5 in run_dlg (h=0x81e70b0) at dialog.c:873
#22 0x080beb1b in edit_file (_file=0x81ea710 "config.log", line=0)

at editwidget.c:214

#23 0x0806b25a in do_edit_at_line (what=0x81ea710 "config.log", start_line=0)

at cmd.c:304

#24 0x0806b2d2 in do_edit (what=0x81ea710 "config.log") at cmd.c:322
#25 0x0806b336 in edit_cmd () at cmd.c:329
#26 0x080a6d37 in buttonbar_call (bb=0x81e1ca0, i=3) at widget.c:2491
#27 0x080a6e31 in buttonbar_callback (w=0x81e1ca0, msg=WIDGET_HOTKEY,

parm=1004) at widget.c:2522

#28 0x08071916 in send_message (w=0x81e1ca0, msg=WIDGET_HOTKEY, parm=1004)

at ../src/tty/../../src/dialog.h:227

#29 0x08072015 in dlg_try_hotkey (h=0x81d9a58, d_key=1004) at dialog.c:681
#30 0x080720ea in dlg_key_event (h=0x81d9a58, d_key=1004) at dialog.c:717
#31 0x080724c0 in dlg_process_event (h=0x81d9a58, key=1004, event=0xbfe312c8)

at dialog.c:826

#32 0x08072599 in frontend_run_dlg (h=0x81d9a58) at dialog.c:858
#33 0x080725f5 in run_dlg (h=0x81d9a58) at dialog.c:873
#34 0x0808b776 in setup_panels_and_run_mc () at main.c:1614
#35 0x0808b9aa in do_nc () at main.c:1686
#36 0x0808c1eb in main (argc=1, argv=0xbfe31494) at main.c:2004

gdb/bt full:

#0 0xb7f11410 in kernel_vsyscall ()
No symbol table info available.
#1 0xb7c16085 in raise () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#2 0xb7c17a01 in abort () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#3 0xb7c4eb7c in ?? () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#4 0xb7c5a61b in free () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#5 0xb7d79b81 in g_free () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#6 0xb7d9132f in g_strfreev () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#7 0x080c80f8 in editcmd_dialog_replace_show (edit=0x81fcd40,

search_default=0x2 <Address 0x2 out of bounds>,
replace_default=0x81e83b0 "", search_text=0xbfe2faec,
replace_text=0xbfe2fae8) at editcmd_dialogs.c:129

list_of_types = (gchar ) 0x81e83d0
REPLACE_DLG_HEIGHT = 16
quick_widgets = {{widget_type = quick_button, relative_x = 6,

x_divisions = 10, relative_y = 13, y_divisions = 16, widget = 0x81e3278,
u = {checkbox = {text = 0x825164c "&Cancelar", state = 0x1}, button = {

text = 0x825164c "&Cancelar", action = 1, callback = 0}, input = {
text = 0x825164c "&Cancelar", len = 1, flags = 0, histname = 0x0,
result = 0x0}, label = {text = 0x825164c "&Cancelar"}, radio = {
count = 136648268, items = 0x1, value = 0x0}}}, {

widget_type = quick_button, relative_x = 2, x_divisions = 10,
relative_y = 13, y_divisions = 16, widget = 0x81e3340, u = {checkbox = {

text = 0x825165c "&Aceptar", state = 0x2}, button = {
text = 0x825165c "&Aceptar", action = 2, callback = 0}, input = {
text = 0x825165c "&Aceptar", len = 2, flags = 0, histname = 0x0,
result = 0x0}, label = {text = 0x825165c "&Aceptar"}, radio = {
count = 136648284, items = 0x2, value = 0x0}}}, {

widget_type = quick_checkbox, relative_x = 33, x_divisions = 58,
relative_y = 11, y_divisions = 16, widget = 0x81e3410, u = {checkbox = {

text = 0x825166c "en co&Dificaciones", state = 0x81fedb8}, button = {
text = 0x825166c "en co&Dificaciones", action = 136310200,
callback = 0}, input = {text = 0x825166c "en co&Dificaciones",
len = 136310200, flags = 0, histname = 0x0, result = 0x0}, label = {
text = 0x825166c "en co&Dificaciones"}, radio = {count = 136648300,
items = 0x81fedb8, value = 0x0}}}, {widget_type = quick_checkbox,

relative_x = 33, x_divisions = 58, relative_y = 10, y_divisions = 16,
widget = 0x81e5e00, u = {checkbox = {

text = 0x8251684 "&Palabras completas", state = 0x81fedb4}, button = {
text = 0x8251684 "&Palabras completas", action = 136310196,
callback = 0}, input = {text = 0x8251684 "&Palabras completas",
len = 136310196, flags = 0, histname = 0x0, result = 0x0}, label = {
text = 0x8251684 "&Palabras completas"}, radio = {count = 136648324,
items = 0x81fedb4, value = 0x0}}}, {widget_type = quick_checkbox,

relative_x = 33, x_divisions = 58, relative_y = 9, y_divisions = 16,
widget = 0x81e5e98, u = {checkbox = {

text = 0x825169c "sólo en se&Lección", state = 0x81fedb0}, button = {
text = 0x825169c "sólo en se&Lección", action = 136310192,
callback = 0}, input = {text = 0x825169c "sólo en se&Lección",
len = 136310192, flags = 0, histname = 0x0, result = 0x0}, label = {
text = 0x825169c "sólo en se&Lección"}, radio = {count = 136648348,
items = 0x81fedb0, value = 0x0}}}, {widget_type = quick_checkbox,

relative_x = 33, x_divisions = 58, relative_y = 8, y_divisions = 16,
widget = 0x81e5f58, u = {checkbox = {text = 0x82516b8 "&Hacia atrás",

state = 0x81feda8}, button = {text = 0x82516b8 "&Hacia atrás",
action = 136310184, callback = 0}, input = {
text = 0x82516b8 "&Hacia atrás", len = 136310184, flags = 0,
histname = 0x0, result = 0x0}, label = {
text = 0x82516b8 "&Hacia atrás"}, radio = {count = 136648376,
items = 0x81feda8, value = 0x0}}}, {widget_type = quick_checkbox,

relative_x = 33, x_divisions = 58, relative_y = 7, y_divisions = 16,
widget = 0x81e6018, u = {checkbox = {

text = 0x82516cc "distinguir &May/min", state = 0x81fedac}, button = {
text = 0x82516cc "distinguir &May/min", action = 136310188,
callback = 0}, input = {text = 0x82516cc "distinguir &May/min",
len = 136310188, flags = 0, histname = 0x0, result = 0x0}, label = {
text = 0x82516cc "distinguir &May/min"}, radio = {count = 136648396,
items = 0x81fedac, value = 0x0}}}, {widget_type = quick_radio,

relative_x = 3, x_divisions = 58, relative_y = 7, y_divisions = 16,
widget = 0x81e6090, u = {checkbox = {

text = 0x4 <Address 0x4 out of bounds>, state = 0x81e83d0}, button = {
text = 0x4 <Address 0x4 out of bounds>, action = 136217552,
callback = 0x81feda0}, input = {
text = 0x4 <Address 0x4 out of bounds>, len = 136217552,
flags = 136310176, histname = 0x0, result = 0x0}, label = {
text = 0x4 <Address 0x4 out of bounds>}, radio = {count = 4,
items = 0x81e83d0, value = 0x81feda0}}}, {widget_type = quick_label,

relative_x = 2, x_divisions = 58, relative_y = 4, y_divisions = 16,
widget = 0x81e61f8, u = {checkbox = {

text = 0x82516e4 " Teclee el cambio a realizar:", state = 0x0},

button = {text = 0x82516e4 " Teclee el cambio a realizar:", action = 0,

callback = 0}, input = {
text = 0x82516e4 " Teclee el cambio a realizar:", len = 0, flags = 0,
histname = 0x0, result = 0x0}, label = {
text = 0x82516e4 " Teclee el cambio a realizar:"}, radio = {
count = 136648420, items = 0x0, value = 0x0}}}, {

widget_type = quick_input, relative_x = 3, x_divisions = 58,
relative_y = 5, y_divisions = 16, widget = 0x81e6238, u = {checkbox = {

text = 0x81e83b0 "", state = 0x34}, button = {text = 0x81e83b0 "",
action = 52, callback = 0}, input = {text = 0x81e83b0 "", len = 52,
flags = 0, histname = 0x812bd56 "replace", result = 0xbfe2fae8},

label = {text = 0x81e83b0 ""}, radio = {count = 136217520, items = 0x34,

value = 0x0}}}, {widget_type = quick_label, relative_x = 2,

x_divisions = 58, relative_y = 2, y_divisions = 16, widget = 0x8253118,
u = {checkbox = {text = 0x8251708 " Teclee el texto a buscar:",

state = 0x0}, button = {text = 0x8251708 " Teclee el texto a buscar:",
action = 0, callback = 0}, input = {
text = 0x8251708 " Teclee el texto a buscar:", len = 0, flags = 0,
histname = 0x0, result = 0x0}, label = {
text = 0x8251708 " Teclee el texto a buscar:"}, radio = {
count = 136648456, items = 0x0, value = 0x0}}}, {

widget_type = quick_input, relative_x = 3, x_divisions = 58,
relative_y = 3, y_divisions = 16, widget = 0x8255e08, u = {checkbox = {

text = 0x2 <Address 0x2 out of bounds>, state = 0x34}, button = {
text = 0x2 <Address 0x2 out of bounds>, action = 52, callback = 0},

input = {text = 0x2 <Address 0x2 out of bounds>, len = 52, flags = 0,

histname = 0x812bd74 "mc.shared.search", result = 0xbfe2faec},

label = {text = 0x2 <Address 0x2 out of bounds>}, radio = {count = 2,

items = 0x34, value = 0x0}}}, {widget_type = quick_end,

relative_x = 0, x_divisions = 0, relative_y = 0, y_divisions = 0,
widget = 0x0, u = {checkbox = {text = 0x0, state = 0x0}, button = {

text = 0x0, action = 0, callback = 0}, input = {text = 0x0, len = 0,
flags = 0, histname = 0x0, result = 0x0}, label = {text = 0x0},

radio = {count = 0, items = 0x0, value = 0x0}}}}

Quick_input = {xlen = 58, ylen = 16, xpos = -1, ypos = -1,

title = 0x8251638 " Reemplazar ", help = 0x812bd8f "[Input Line Keys]",
widgets = 0xbfe2f808, i18n = 0}

#8 0x080baeba in edit_replace_cmd (edit=0x81fcd40, again=0) at editcmd.c:1482

disp1 = 0x81e8390 ""
disp2 = 0x81e83b0 ""
input1 = 0x0
input2 = 0x0
replace_yes = -1210884108
times_replaced = 0
last_search = 230412
once_found = 0
saved1 = 0x0
saved2 = 0x0

#9 0x080b6a6b in edit_execute_cmd (edit=0x81fcd40, command=303,

char_for_insertion=-1) at edit.c:3039

No locals.
#10 0x080b5710 in edit_execute_key_command (edit=0x81fcd40, command=303,

char_for_insertion=-1) at edit.c:2534

No locals.
#11 0x080bf087 in edit_callback (w=0x81fcd40, msg=WIDGET_KEY, parm=1004)

at editwidget.c:354

cmd = 303
ch = -1
e = (WEdit *) 0x81fcd40

#12 0x080bebf3 in send_message (w=0x81fcd40, msg=WIDGET_KEY, parm=1004)

at ../src/tty/../../src/dialog.h:227

No locals.
#13 0x080bec5c in cmd_F4 (edit=0x81fcd40) at editwidget.c:255
No locals.
#14 0x080a6d65 in buttonbar_call (bb=0x81e6e50, i=3) at widget.c:2494
No locals.
#15 0x080a6e31 in buttonbar_callback (w=0x81e6e50, msg=WIDGET_HOTKEY,

parm=1004) at widget.c:2522

bb = (WButtonBar *) 0x81e6e50
i = 3 text = 0x0

#16 0x08071916 in send_message (w=0x81e6e50, msg=WIDGET_HOTKEY, parm=1004)

at ../src/tty/../../src/dialog.h:227

No locals.
#17 0x08072015 in dlg_try_hotkey (h=0x81e70b0, d_key=1004) at dialog.c:681

hot_cur = (Widget *) 0x81e6e50
handled = MSG_NOT_HANDLED
c = 1004

#18 0x080720ea in dlg_key_event (h=0x81e70b0, d_key=1004) at dialog.c:717

handled = MSG_NOT_HANDLED

#19 0x080724c0 in dlg_process_event (h=0x81e70b0, key=1004, event=0xbfe310f8)

at dialog.c:826

No locals.
#20 0x08072599 in frontend_run_dlg (h=0x81e70b0) at dialog.c:858

d_key = 1004
event = {buttons = 24 '\030', modifiers = 17 '\021', vc = 49123,

dx = 9244, dy = 2055, x = -1, y = 2078, wdx = 0, wdy = 0, type = 0,
clicks = 134682602, margin = 136212656}

#21 0x080725f5 in run_dlg (h=0x81e70b0) at dialog.c:873
No locals.
#22 0x080beb1b in edit_file (_file=0x81ea710 "config.log", line=0)

at editwidget.c:214

edit_dlg = (Dlg_head *) 0x81e70b0
edit_bar = (WButtonBar *) 0x81e6e50
made_directory = 1

#23 0x0806b25a in do_edit_at_line (what=0x81ea710 "config.log", start_line=0)

at cmd.c:304

editor = 0x0

#24 0x0806b2d2 in do_edit (what=0x81ea710 "config.log") at cmd.c:322
No locals.
#25 0x0806b336 in edit_cmd () at cmd.c:329
No locals.
#26 0x080a6d37 in buttonbar_call (bb=0x81e1ca0, i=3) at widget.c:2491
No locals.
#27 0x080a6e31 in buttonbar_callback (w=0x81e1ca0, msg=WIDGET_HOTKEY,

parm=1004) at widget.c:2522

bb = (WButtonBar *) 0x81e1ca0
i = 3
text = 0x0

#28 0x08071916 in send_message (w=0x81e1ca0, msg=WIDGET_HOTKEY, parm=1004)

at ../src/tty/../../src/dialog.h:227

No locals.
#29 0x08072015 in dlg_try_hotkey (h=0x81d9a58, d_key=1004) at dialog.c:681

hot_cur = (Widget *) 0x81e1ca0
handled = MSG_NOT_HANDLED
c = 1004

#30 0x080720ea in dlg_key_event (h=0x81d9a58, d_key=1004) at dialog.c:717

handled = MSG_NOT_HANDLED

#31 0x080724c0 in dlg_process_event (h=0x81d9a58, key=1004, event=0xbfe312c8)

at dialog.c:826

No locals.
#32 0x08072599 in frontend_run_dlg (h=0x81d9a58) at dialog.c:858

d_key = 1004
event = {buttons = 232 '�', modifiers = 18 '\022', vc = 49123,

dx = 9244, dy = 2055, x = -1, y = 2077, wdx = 0, wdy = 0, type = 0,
clicks = 134683770, margin = 136157784}

#33 0x080725f5 in run_dlg (h=0x81d9a58) at dialog.c:873
No locals.
#34 0x0808b776 in setup_panels_and_run_mc () at main.c:1614
No locals.
#35 0x0808b9aa in do_nc () at main.c:1686

midnight_colors = {1, 7, 22, 1}

#36 0x0808c1eb in main (argc=1, argv=0xbfe31494) at main.c:2004

s = {st_dev = 2055, pad1 = 0, st_ino = 693721, st_mode = 16877,

st_nlink = 3, st_uid = 1001, st_gid = 1001, st_rdev = 0, pad2 = 0,
st_size = 4096, st_blksize = 4096, st_blocks = 8, st_atim = {

tv_sec = 1252920052, tv_nsec = 0}, st_mtim = {tv_sec = 1253086044,
tv_nsec = 0}, st_ctim = {tv_sec = 1253086044, tv_nsec = 0},

st_ino = 693721}

mc_dir = 0x81d9868 "core"

config:
LDFLAGS=-s ./configure --with-samba --with-x --with-included-text --enable-mcserver --enable-charset --enable-extcharset --enable-vfs-mcfs --with-gpm-mouse --with-included-gettext --enable-vfs-undelfs --enable-mcserver

Change History

comment:1 follow-up: ↓ 4 Changed 15 years ago by dmartina

  • Priority changed from major to critical

I have been debugging this for a copuple of hours. I think I got some clues:

1) src/search/libc.c (251): mc_search_get_types_strings_array
ret = g_malloc0(sizeof(char) * sizeof(types_str) );

Is the last sizeof(types_str) giving the size of the array or just the size of a pointer? I tested it and always got 4 whatever I chopped the array! Here we need 4 strings plus a null. Should be fixed. I mean completely fixed.

2) edit/editcmd_dialogs.c (122):editcmd_dialog_replace_show
When back from QuickDialog? the list_of_types has new string pointers with the same content. I suppose that these strings are translated twice, QuickDialog? is getting rid (gfree) of the second set and we get the error when trying to free the second set twice. Maybe it's just memory we try to steal from gettext if we didn't strdup somewhere... Memory leak: ¿where did the first set go?

3) If 2) is right we may avoid the _() call used in the 1) function.

4) Cross fingers not to have many more side-effects.

comment:2 Changed 15 years ago by dmartina

Sorry, I forgot:

3b) Call to g_strfreev(list_of_types) to be removed.

comment:3 Changed 15 years ago by dmartina

I'm afraid the _() is yet needed for i18n. If removed the types display in English.

comment:4 in reply to: ↑ 1 Changed 15 years ago by andrew_b

  • Status changed from new to accepted
  • Owner set to andrew_b
  • Component changed from mc-core to mc-search
  • Blocked By 1621 added

Replying to dmartina:

I have been debugging this for a copuple of hours. I think I got some clues:

1) src/search/libc.c (251): mc_search_get_types_strings_array
ret = g_malloc0(sizeof(char) * sizeof(types_str) );

Is the last sizeof(types_str) giving the size of the array or just the size of a pointer? I tested it and always got 4 whatever I chopped the array! Here we need 4 strings plus a null. Should be fixed. I mean completely fixed.

Seems this bug and #1621 have the same root.

2) edit/editcmd_dialogs.c (122):editcmd_dialog_replace_show
When back from QuickDialog? the list_of_types has new string pointers with the same content. I suppose that these strings are translated twice, QuickDialog? is getting rid (gfree) of the second set and we get the error when trying to free the second set twice. Maybe it's just memory we try to steal from gettext if we didn't strdup somewhere... Memory leak: ¿where did the first set go?

Yepp. :(

3) If 2) is right we may avoid the _() call used in the 1) function.

I agree.

4) Cross fingers not to have many more side-effects.

comment:5 Changed 15 years ago by S_Paul

  • Blocked By 1621 removed

(In #1621) stil segfault..
attach

comment:6 Changed 15 years ago by andrew_b

  • Blocked By 1556 added

The one piece of code is modified in several tickets. Thus set blockedby #1556.

comment:7 Changed 15 years ago by andrew_b

  • Blocked By 1556 removed

(In #1556) Merged to master.
changeset:434ebd3780d400cffa274b96ea29614e668f58fc

All other dialogs will be fixed in #64.

comment:8 Changed 15 years ago by andrew_b

Please test 1621_segfault_search_f7 branch (http://www.midnight-commander.org/ticket/1621#comment:18)

comment:9 Changed 15 years ago by slavazanko

#1621 now in master. What about this ticket?

comment:10 Changed 15 years ago by iNode

Master branch checked with the same configure options - crash not reproduceable.

We can wait day or two for reporter's response.

comment:11 Changed 15 years ago by dmartina

Sorry, I voted in #1621. All is fine for me.

comment:12 Changed 15 years ago by andrew_b

  • Status changed from accepted to testing
  • Resolution set to fixed

OK, I close this ticket as this bug was fixed in #1621.

comment:13 Changed 15 years ago by andrew_b

  • Status changed from testing to closed
Note: See TracTickets for help on using tickets.