View Issue Details

IDProjectCategoryView StatusLast Update
0036428FPCCompilerpublic2020-02-22 10:36
Reportereugeneloza Assigned To 
Status feedbackResolutionopen 
Product Version3.3.1 
Summary0036428: Strict private class variable memory corruption in an overridden method inside a Lazarus package
DescriptionIn case a class inherits another class and overrides a `strict protected` method used as setter for a `property`, the memory may become corrupted in the overridden method. An internal `strict private` pointer variable may be no longer initialized to `nil`, and can be either a random address, `$baadf00dbaadf00d` or raise a SIGSEGV simply on trying to access the pointer address - depending on the contents of the unit (the last case appears in the attached example).

Reproduced only in a LPK package. If the unit is added "directly" to the Lazarus project, everything works correctly. Also, if the overridden method is changed, e.g. some operations are added before `inherited` the bug also disappears.

The segmentation fault appears on Windows systems (tested on 7x64 and 10x64) since r43370 and is an issue up to at least r43677. Everything is working perfectly in r43369 and below; also not reproduced in latest stable/fixes release. Does not depend on Lazarus version.
Steps To ReproduceOpen the attached minimal project.
Locate the `packages/fail.lpk`.
Compile & run.
Additional InformationTested FPC versions (working - yes/no):
r43677 ---- no (12.12)
r43672 ---- no (11.12)
r43670 ---- no (10.12)
r43665 ---- no (9.12)
r43655 ---- no (6.12)
r43618 ---- no (1.12)
r43609 ---- no (29.11)
r43466 ---- no (14.11)
r43400 ---- no (5.11)
r43386 ---- no (3.11)
r43382 ---- no
r43375 ---- no
r43370 ---- no <=========== here.
r43369 ---- yes
r43368 ---- yes
r43365 ---- yes (2.11)
r43352 ---- yes (1.11)
r43062 ---- yes

Might also be related to Internal error 2014010312. As it sometimes occurs when trying to move `TSimpleTextureFont` into project1.lpr. However, I could not reproduce it on the minimal example attached.
TagsNo tags attached.
Fixed in Revision
Attached Files



2019-12-12 12:05

reporter (2,238 bytes)


2019-12-12 13:13

reporter   ~0119790

i386-linux, i386-win32, x86_64-linux works.
x86_64-win64 gives error.

An unhandled exception occurred at $000000010001AA1F:
EAccessViolation: Access violation
  $000000010001AA1F  SETSIZE,  line 30 of castlefonts.pas
  $000000010000176B  main,  line 10 of project1.lpr
  $0000000100001796  MAIN_WRAPPER,  line 127 of system.pp
  $0000000100015E17  EXE_ENTRY,  line 241 of system.pp
  $0000000100001716  _FPC_MAINCRTSTARTUP,  line 106 of sysinit.pp

FPC trunk r43677.


2019-12-12 13:16

reporter   ~0119791

Last edited: 2019-12-12 13:19

View 3 revisions

It is the optimization flag (-O2). Disabling all optimizations at the package options allows the test program to work under x86_64-win64.


2019-12-12 17:58

reporter   ~0119799

no optimizations
castlefonts.pas:29                        begin
000000010001AA30 55                       push   %rbp
000000010001AA31 4889e5                   mov    %rsp,%rbp
000000010001AA34 488da424b0feffff         lea    -0x150(%rsp),%rsp
000000010001AA3C 48899dd8feffff           mov    %rbx,-0x128(%rbp)
000000010001AA43 48894df0                 mov    %rcx,-0x10(%rbp)
000000010001AA47 f30f114df8               movss  %xmm1,-0x8(%rbp)
castlefonts.pas:30                        inherited SetSize(Value);
000000010001AA4C f30f1045f8               movss  -0x8(%rbp),%xmm0
000000010001AA51 488b45f0                 mov    -0x10(%rbp),%rax
000000010001AA55 4889c1                   mov    %rax,%rcx
000000010001AA58 0f28c8                   movaps %xmm0,%xmm1
000000010001AA5B e8a0ffffff               callq  0x10001aa00 <SETSIZE>
castlefonts.pas:31                        if DrawableImage <> nil then
000000010001AA60 488b45f0                 mov    -0x10(%rbp),%rax
000000010001AA64 4883781000               cmpq   $0x0,0x10(%rax)
000000010001AA69 7502                     jne    0x10001aa6d <SETSIZE+61>
000000010001AA6B eb45                     jmp    0x10001aab2 <SETSIZE+130>
castlefonts.pas:32                        WriteLn(DrawableImage.ClassName)
000000010001AA6D e84e89ffff               callq  0x1000133c0 <fpc_get_output>
000000010001AA72 4889c3                   mov    %rax,%rbx
000000010001AA75 488b45f0                 mov    -0x10(%rbp),%rax
000000010001AA79 488b4010                 mov    0x10(%rax),%rax
000000010001AA7D 488b08                   mov    (%rax),%rcx
000000010001AA80 488d95f0feffff           lea    -0x110(%rbp),%rdx
000000010001AA87 e8c40effff               callq  0x10000b950 <TOBJECT__CLASSNAME>
000000010001AA8C 4c8d85f0feffff           lea    -0x110(%rbp),%r8
000000010001AA93 4889da                   mov    %rbx,%rdx
000000010001AA96 b900000000               mov    $0x0,%ecx
000000010001AA9B e8a08cffff               callq  0x100013740 <fpc_write_text_shortstr>
000000010001AAA0 e84b30ffff               callq  0x10000daf0 <fpc_iocheck>
000000010001AAA5 4889d9                   mov    %rbx,%rcx
000000010001AAA8 e8838bffff               callq  0x100013630 <fpc_writeln_end>
000000010001AAAD e83e30ffff               callq  0x10000daf0 <fpc_iocheck>
castlefonts.pas:33                        end;
000000010001AAB2 488b9dd8feffff           mov    -0x128(%rbp),%rbx
000000010001AAB9 488d6500                 lea    0x0(%rbp),%rsp
000000010001AABD 5d                       pop    %rbp
000000010001AABE c3                       retq   

with -O1

castlefonts.pas:29                        begin
000000010001AA30 55                       push   %rbp
000000010001AA31 4889e5                   mov    %rsp,%rbp
000000010001AA34 488da424b0feffff         lea    -0x150(%rsp),%rsp
000000010001AA3C 48899dd8feffff           mov    %rbx,-0x128(%rbp)
000000010001AA43 48894df0                 mov    %rcx,-0x10(%rbp)
000000010001AA47 f30f114df8               movss  %xmm1,-0x8(%rbp)
castlefonts.pas:30                        inherited SetSize(Value);
000000010001AA4C f30f1045f8               movss  -0x8(%rbp),%xmm0
000000010001AA51 488b4df0                 mov    -0x10(%rbp),%rcx
000000010001AA55 0f28c8                   movaps %xmm0,%xmm1
000000010001AA58 e8a3ffffff               callq  0x10001aa00 <SETSIZE>
castlefonts.pas:31                        if DrawableImage <> nil then
000000010001AA5D 488b45f0                 mov    -0x10(%rbp),%rax
000000010001AA61 4883781000               cmpq   $0x0,0x10(%rax)
000000010001AA66 7502                     jne    0x10001aa6a <SETSIZE+58>
000000010001AA68 eb42                     jmp    0x10001aaac <SETSIZE+124>
castlefonts.pas:32                        WriteLn(DrawableImage.ClassName)
000000010001AA6A e85189ffff               callq  0x1000133c0 <fpc_get_output>
000000010001AA6F 4889c3                   mov    %rax,%rbx
000000010001AA72 488b45f0                 mov    -0x10(%rbp),%rax
000000010001AA76 488b4010                 mov    0x10(%rax),%rax
000000010001AA7A 488b08                   mov    (%rax),%rcx
000000010001AA7D 488d95f0feffff           lea    -0x110(%rbp),%rdx
000000010001AA84 e8c70effff               callq  0x10000b950 <TOBJECT__CLASSNAME>
000000010001AA89 4c8d85f0feffff           lea    -0x110(%rbp),%r8
000000010001AA90 4889da                   mov    %rbx,%rdx
000000010001AA93 31c9                     xor    %ecx,%ecx
000000010001AA95 e8a68cffff               callq  0x100013740 <fpc_write_text_shortstr>
000000010001AA9A e85130ffff               callq  0x10000daf0 <fpc_iocheck>
000000010001AA9F 4889d9                   mov    %rbx,%rcx
000000010001AAA2 e8898bffff               callq  0x100013630 <fpc_writeln_end>
000000010001AAA7 e84430ffff               callq  0x10000daf0 <fpc_iocheck>
castlefonts.pas:33                        end;
000000010001AAAC 488b9dd8feffff           mov    -0x128(%rbp),%rbx
000000010001AAB3 488d6500                 lea    0x0(%rbp),%rsp
000000010001AAB7 5d                       pop    %rbp
000000010001AAB8 c3                       retq   

with -O2

castlefonts.pas:29                        begin
000000010001AA10 53                       push   %rbx
000000010001AA11 56                       push   %rsi
000000010001AA12 488da424d8feffff         lea    -0x128(%rsp),%rsp
castlefonts.pas:30                        inherited SetSize(Value);
000000010001AA1A e8e1ffffff               callq  0x10001aa00 <SETSIZE>
castlefonts.pas:31                        if DrawableImage <> nil then
000000010001AA1F 48837b1000               cmpq   $0x0,0x10(%rbx)
000000010001AA24 7502                     jne    0x10001aa28 <SETSIZE+24>
000000010001AA26 eb3a                     jmp    0x10001aa62 <SETSIZE+82>
castlefonts.pas:32                        WriteLn(DrawableImage.ClassName)
000000010001AA28 e89389ffff               callq  0x1000133c0 <fpc_get_output>
000000010001AA2D 4889c6                   mov    %rax,%rsi
000000010001AA30 488b4310                 mov    0x10(%rbx),%rax
000000010001AA34 488b08                   mov    (%rax),%rcx
000000010001AA37 488d542420               lea    0x20(%rsp),%rdx
000000010001AA3C e80f0fffff               callq  0x10000b950 <TOBJECT__CLASSNAME>
000000010001AA41 4c8d442420               lea    0x20(%rsp),%r8
000000010001AA46 4889f2                   mov    %rsi,%rdx
000000010001AA49 31c9                     xor    %ecx,%ecx
000000010001AA4B e8f08cffff               callq  0x100013740 <fpc_write_text_shortstr>
000000010001AA50 e89b30ffff               callq  0x10000daf0 <fpc_iocheck>
000000010001AA55 4889f1                   mov    %rsi,%rcx
000000010001AA58 e8d38bffff               callq  0x100013630 <fpc_writeln_end>
000000010001AA5D e88e30ffff               callq  0x10000daf0 <fpc_iocheck>
castlefonts.pas:33                        end;
000000010001AA62 90                       nop
000000010001AA63 488da42428010000         lea    0x128(%rsp),%rsp
000000010001AA6B 5e                       pop    %rsi
000000010001AA6C 5b                       pop    %rbx
000000010001AA6D c3                       retq   


2020-02-16 17:58

administrator   ~0121128

@Cyrax: I cannot reproduce it. Is it still broken for you?

Jan Bruns

2020-02-17 08:31

reporter   ~0121138

Does "strict private" really imply initialization semantics? Is that a delphi-mode specific?

Please see 0028022 and 0036652 to verfiy if that might explain the occurence of 2014010312 for you.

Marco van de Voort

2020-02-17 10:00

manager   ~0121142

Since you writeln() in the .lpks, do you actually start the x86_64 lazarus with a console ?

Thaddy de Koning

2020-02-22 10:36

reporter   ~0121189

@Jan Bruns
Yes. Even if the class is not used at all. There are more related reports. (one by me)

Issue History

Date Modified Username Field Change
2019-12-12 12:05 eugeneloza New Issue
2019-12-12 12:05 eugeneloza File Added:
2019-12-12 13:13 Cyrax Note Added: 0119790
2019-12-12 13:16 Cyrax Note Added: 0119791
2019-12-12 13:18 Cyrax Note Edited: 0119791 View Revisions
2019-12-12 13:19 Cyrax Note Edited: 0119791 View Revisions
2019-12-12 17:58 Cyrax Note Added: 0119799
2020-02-16 17:58 Florian Note Added: 0121128
2020-02-17 08:31 Jan Bruns Note Added: 0121138
2020-02-17 10:00 Marco van de Voort Note Added: 0121142
2020-02-21 22:01 Florian Status new => feedback
2020-02-21 22:01 Florian FPCTarget => -
2020-02-22 10:36 Thaddy de Koning Note Added: 0121189