I've managed to make PCB segfault.
I've basically loaded a new PCB, then asked PCB to load a file into its
pastebuffer via DBus. The first time I paste, this works. The second
time I paste (same running PCB), PCB segfaults with valgrind trace:
pcb_dbus: DEBUG: Executing action: LoadFrom( "LayoutToBuffer",
"/home/pcjc2/pcbsrc/test_frag.pcb" )
==17667==
==17667== Invalid write of size 4
==17667== at 0x80B82B4: ClearUndoList (undo.c:1132)
==17667== by 0x80A9235: RemovePCB (remove.c:120)
==17667== by 0x806CA54: LoadLayoutToBuffer (buffer.c:860)
==17667== by 0x805F72B: ActionLoadFrom (action.c:5445)
==17667== by 0x80BB603: hid_actionv (actions.c:216)
==17667== by 0x80BEF98: handle_dbus_message (dbus.c:145)
==17667== by 0x4079A3A: (within /usr/lib/libdbus-1.so.3.0.0)
==17667== by 0x406C939: dbus_connection_dispatch
(in /usr/lib/libdbus-1.so.3.0.0)
==17667== by 0x80BF201: ghid_block_hook_prepare (gtkhid-main.c:978)
==17667== by 0x46CFCD1: g_main_context_prepare
(in /usr/lib/libglib-2.0.so.0.1200.4)
==17667== by 0x46D04A4: (within /usr/lib/libglib-2.0.so.0.1200.4)
==17667== by 0x46D0B88: g_main_loop_run
(in /usr/lib/libglib-2.0.so.0.1200.4)
==17667== Address 0x48 is not stack'd, malloc'd or (recently) free'd
==17667==
==17667== Process terminating with default action of signal 11 (SIGSEGV)
==17667== Access not within mapped region at address 0x48
==17667== at 0x80B82B4: ClearUndoList (undo.c:1132)
==17667== by 0x80A9235: RemovePCB (remove.c:120)
==17667== by 0x806CA54: LoadLayoutToBuffer (buffer.c:860)
==17667== by 0x805F72B: ActionLoadFrom (action.c:5445)
==17667== by 0x80BB603: hid_actionv (actions.c:216)
==17667== by 0x80BEF98: handle_dbus_message (dbus.c:145)
==17667== by 0x4079A3A: (within /usr/lib/libdbus-1.so.3.0.0)
==17667== by 0x406C939: dbus_connection_dispatch
(in /usr/lib/libdbus-1.so.3.0.0)
==17667== by 0x80BF201: ghid_block_hook_prepare (gtkhid-main.c:978)
==17667== by 0x46CFCD1: g_main_context_prepare
(in /usr/lib/libglib-2.0.so.0.1200.4)
==17667== by 0x46D04A4: (within /usr/lib/libglib-2.0.so.0.1200.4)
==17667== by 0x46D0B88: g_main_loop_run
(in /usr/lib/libglib-2.0.so.0.1200.4)
==17667==
The segfault is in undo.c
Line 1131, 1132:
FreeDataMemory (RemoveList);
RemoveList->pcb = PCB;
RemoveList == NULL, (FreeDataMemory doesn't care), then we try to access
it and the program segfaults.
I've re-written that to be:
if (RemoveList) {
FreeDataMemory (RemoveList);
RemoveList->pcb = PCB;
}
It seems to help.
--
Peter Clifton
Electrical Engineering Division,
Engineering Department,
University of Cambridge,
9, JJ Thomson Avenue,
Cambridge
CB3 0FA
Tel: +44 (0)7729 980173 - (No signal in the lab!)
_______________________________________________
geda-dev mailing list
[email protected]
http://www.seul.org/cgi-bin/mailman/listinfo/geda-dev
