0038347: crash when opening a file - Free Pascal/Lazarus Bug Tracker

All Projects FPC fpcprojects fpprofiler fpGUI Lazarus Packages Patches Lazarus CCR Mantis pas2js

ID	Project	Category	View Status	Date Submitted	Last Update

0038347	Lazarus	IDE	public	2021-01-12 21:46	2021-01-20 18:21

Reporter	Benito van der Zander	Assigned To
Priority	normal	Severity	minor	Reproducibility	sometimes
Status	new	Resolution	open
Platform	amd64	OS	Ubuntu
Product Version	2.0.10

Summary	0038347: crash when opening a file
Description	Every other time I open a file with the file open dialog, Lazarus crashes
Additional Information	Thread 1 "lazarus" received signal SIGSEGV, Segmentation fault. 0x00007ffff745bbc2 in __GI___libc_free (mem=<optimized out>) at malloc.c:3144 3144 malloc.c: No such file or directory. (gdb) bt 0 0x00007ffff745bbc2 in __GI___libc_free (mem=<optimized out>) at malloc.c:3144 1 0x00007ffff78d7c38 in g_value_unset () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 2 0x00007ffff78b8f39 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 3 0x00007ffff78bb514 in g_object_setv () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 4 0x00007ffff78bc22f in g_object_set_property () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 5 0x00000000008bfad5 in LCLINTFCELLRENDERER_CELLDATAFUNC (CELL_LAYOUT=0x2298a80, CELL=0x227b840, TREE_MODEL=0x243aca0, ITER=0x7fffffffb940, DATA=0x7fffd9ae2f00) at gtk2/gtk2cellrenderer.pas:472 6 0x00007ffff7b459e5 in gtk_tree_view_column_cell_set_cell_data () at /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 7 0x00007ffff7b3116f in () at /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 8 0x00007ffff7b329f5 in () at /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 9 0x00007ffff7a39b9b in () at /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 10 0x00007ffff78b38fa in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 11 0x00007ffff78c5f0e in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 12 0x00007ffff78cc586 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 13 0x00007ffff78ccda3 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 14 0x00007ffff7b5522d in () at /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 15 0x00007ffff7a38390 in gtk_main_do_event () at /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 16 0x00007ffff7f00c4f in () at /lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0 17 0x00007ffff7efd64d in () at /lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0 18 0x00007ffff7efdf80 in gdk_window_process_all_updates () at /lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0 19 0x00007ffff79bbcb9 in () at /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 20 0x00007ffff7edbe99 in () at /lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0 21 0x00007ffff77c03df in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 22 0x00007ffff77c0788 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 23 0x00007ffff77c0853 in g_main_context_iteration () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 24 0x0000000000502269 in APPPROCESSMESSAGES (this=0x7ffff67a3190) at gtk2/gtk2widgetset.inc:2353 25 0x0000000000496fa6 in HANDLEMESSAGE (this=0x7ffff67a2b50) at include/application.inc:1280 26 0x00000000005a00e0 in DOEXECUTE (this=0x7ffff4eca480) at include/commondialog.inc:180 27 0x00000000005a1cda in DOEXECUTE (this=0x7ffff4eca480) at include/filedialog.inc:409 28 0x000000000059fa28 in EXECUTE (this=0x7ffff4eca480) at include/commondialog.inc:41 29 0x00000000004b9412 in MNUOPENCLICKED (this=0x7ffff4fc3b10, SENDER=0x7ffff4fc3b10) at main.pp:2996 30 0x00000000004ba71d in PROCESSIDECOMMAND (this=0x7ffff4fc3b10, SENDER=0x7fffed4d79d0, COMMAND=1206, HANDLED=true) at main.pp:3266 31 0x0000000000bf7e0b in PROCESSPARENTCOMMAND (this=0x7fffed4d79d0, SENDER=0x7fffd9b1bc20, COMMAND=1206, ACHAR=..., DATA=0x0, HANDLED=true) at sourceeditor.pp:8790 32 0x0000000000be44d2 in PROCESSUSERCOMMAND (this=0x7fffd9b1bc20, SENDER=0x7fffd9a439d0, COMMAND=1206, ACHAR=..., DATA=0x0) at sourceeditor.pp:4183 33 0x00000000009e807a in DOONPROCESSCOMMAND (this=0x7fffd9a439d0, COMMAND=1206, ACHAR=..., DATA=0x0) at synedit.pp:7254 34 0x00000000009e4833 in COMMANDPROCESSOR (this=0x7fffd9a439d0, COMMAND=1206, ACHAR=..., DATA=0x0, ASKIPHOOKS=...) at synedit.pp:6600 35 0x00000000009d2dd3 in KEYDOWN (this=0x7fffd9a439d0, KEY=0, SHIFT=...) at synedit.pp:3001 --Type <RET> for more, q to quit, c to continue without paging-- 36 0x00000000005cfb55 in KEYDOWNBEFOREINTERFACE (this=0x7fffd9a439d0, KEY=0, SHIFT=...) at include/wincontrol.inc:5684 37 0x00000000005cff4a in DOKEYDOWNBEFOREINTERFACE (this=0x7fffd9a439d0, MESSAGE=..., ISRECURSECALL=false) at include/wincontrol.inc:5815 38 0x00000000005d418a in CNKEYDOWN (this=0x7fffd9a439d0, MESSAGE=...) at include/wincontrol.inc:7204 39 0x0000000000432931 in SYSTEM$_$TOBJECT_$__$$_DISPATCH$formal () 40 0x00007fffd9a439d0 in () 41 0x00007fffffffd1c8 in () 42 0x000000000000bd00 in () 43 0x0000000000000022 in () 44 0x00000000016954f8 in .Ld231 () 45 0x00000000005d4160 in CONTROLS$_$TWINCONTROL_$__$$_CNKEYDOWN$TLMKEY () 46 0x0000000002888f50 in () 47 0x00007fffd9a439d0 in () 48 0x00007fffd9a439d0 in () 49 0x0000000001aed990 in VMT_$SOURCESYNEDITOR_$$_TIDESYNEDITOR () 50 0x00007fffffffd1c8 in () 51 0x00000000005e1506 in WNDPROC (this=0x7fffd9a439d0, THEMESSAGE=...) at include/control.inc:2241 52 0x00000000005cec0d in WNDPROC (this=0x7fffd9a439d0, MESSAGE=...) at include/wincontrol.inc:5411 53 0x00000000009e27dd in WNDPROC (this=0x7fffd9a439d0, MSG=...) at synedit.pp:6181 54 0x0000000000820339 in DELIVERMESSAGE (TARGET=0x7fffd9a439d0, AMESSAGE=) at lclmessageglue.pas:112 55 0x00000000006f81fb in DELIVERMESSAGE (TARGET=0x7fffd9a439d0, AMESSAGE=) at gtk2/gtk2proc.inc:3780 56 0x00000000006f4bdc in DELIVERKEYMESSAGE (parentfp=0x7fffffffd220, TARGET=0x7fffd9a439d0, AMESSAGE=) at gtk2/gtk2proc.inc:1961 57 0x00000000006f3a75 in HANDLEGTKKEYUPDOWN (AWIDGET=0x27188b0, AEVENT=0x2cbb910, ADATA=0x7fffed4d79d0, ABEFOREEVENT=true, AHANDLEDOWN=true, AEVENTNAME=0x13edf88 "key-press-event") at gtk2/gtk2proc.inc:2393 58 0x000000000070712c in GTKKEYPRESS (WIDGET=0x27188b0, EVENT=0x2cbb910, DATA=0x7fffed4d79d0) at gtk2/gtk2callback.inc:768 59 0x00007ffff7a39b9b in () at /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 60 0x00007ffff78b38fa in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 61 0x00007ffff78c64b3 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 62 0x00007ffff78cc586 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 63 0x00007ffff78ccda3 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 64 0x00007ffff7b5522d in () at /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 65 0x00007ffff7a37d9c in gtk_propagate_event () at /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 66 0x00007ffff7a380c3 in gtk_main_do_event () at /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 67 0x00007ffff7f1a6d0 in () at /lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0 68 0x00007ffff77c04db in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 69 0x00007ffff77c0788 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 70 0x00007ffff77c0853 in g_main_context_iteration () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 71 0x00000000005025bb in APPWAITMESSAGE (this=0x7ffff67a3190) at gtk2/gtk2widgetset.inc:2431 --Type <RET> for more, q to quit, c to continue without paging-- 72 0x0000000000494346 in IDLE (this=0x7ffff67a2b50, WAIT=true) at include/application.inc:414 73 0x0000000000496fbf in HANDLEMESSAGE (this=0x7ffff67a2b50) at include/application.inc:1281 74 0x00000000004977bf in RUNLOOP (this=0x7ffff67a2b50) at include/application.inc:1417 75 0x00000000006dbced in APPRUN (this=0x7ffff67a3190, ALOOP=...) at include/interfacebase.inc:54 76 0x0000000000497721 in RUN (this=0x7ffff67a2b50) at include/application.inc:1405 77 0x0000000000420729 in main () at lazarus.pp:151 (gdb) 5 0x00000000008bfad5 in LCLINTFCELLRENDERER_CELLDATAFUNC (CELL_LAYOUT=0x2298a80, CELL=0x227b840, TREE_MODEL=0x243aca0, ITER=0x7fffffffb940, DATA=0x7fffd9ae2f00) at gtk2/gtk2cellrenderer.pas:472 472 g_object_set_property(PGObject(cell), 'text', @Value); (gdb) lis 467 else 468 if ListColumn.Index-1 <= ListItem.SubItems.Count-1 then 469 Str := ListItem.SubItems.Strings[LCLCellRenderer^.ColumnIndex-1]; 470 471 Value.data[0].v_pointer := PChar(Str); 472 g_object_set_property(PGObject(cell), 'text', @Value); 473 end; 474 475 // DebugLn(['LCLIntfCellRenderer_CellDataFunc ItemIndex=',LCLCellRenderer^.Index]); 476 end; (gdb) print cell A syntax error in expression, near `cell'. (gdb) print cell $2 = 0x227b840 (gdb) print cell^ $3 = {PARENT = {PARENT_INSTANCE = {G_TYPE_INSTANCE = {G_CLASS = 0x255cdc0}, REF_COUNT = 2, QDATA = 0x2d052b0}, FLAGS = 0}, XALIGN = 0, YALIGN = 0.5, WIDTH = -1, HEIGHT = -1, XPAD = 2, YPAD = 2, FLAG0 = 68}
Tags	No tags attached.

Fixed in Revision
LazTarget
Widgetset	GTK 2

Attached Files

Juha Manninen 2021-01-12 23:26 developer ~0128292	Why LCLINTFCELLRENDERER_CELLDATAFUNC is called after many libgtk calls near the crash?

Zeljan Rikalo 2021-01-19 13:42 developer ~0128410	@Juha, because gtk_tree_view_column_cell_set_cell_data() is called somewhere and it calls LCLINTFCELLRENDERER_CELLDATAFUNC again

August Klein 2021-01-19 15:59 reporter ~0128422	A guesswork just watching the code: https://github.com/graemeg/lazarus/blob/upstream/lcl/interfaces/gtk2/gtk2cellrenderer.pas#L466-L473 Here both conditionals can be false so 'Str' variable is not initialized and it can contain rubbish. When 'g_object_set_property' is called again it tries to free the memory that 'Str' points to (some 'random' location in memory).

Juha Manninen 2021-01-19 16:45 developer ~0128428	Indeed, Str may not be initialized. The code is by Andrew from year 2008. Please try with the attached patch. 0001-GTK2CellRenderer-Initialize-Str.patch (1,070 bytes) From 9e0219b1c96a35d52bff311f77454e4f223244f0 Mon Sep 17 00:00:00 2001 From: Juha <juha.manninen62@gmail.com> Date: Tue, 19 Jan 2021 17:40:50 +0200 Subject: [PATCH] GTK2CellRenderer: Initialize Str. --- lcl/interfaces/gtk2/gtk2cellrenderer.pas \| 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lcl/interfaces/gtk2/gtk2cellrenderer.pas b/lcl/interfaces/gtk2/gtk2cellrenderer.pas index a39f9b88f..0c66bbc91 100644 --- a/lcl/interfaces/gtk2/gtk2cellrenderer.pas +++ b/lcl/interfaces/gtk2/gtk2cellrenderer.pas @@ -465,10 +465,10 @@ begin if LCLCellRenderer^.ColumnIndex <= 0 then Str := ListItem.Caption + else if ListColumn.Index-1 <= ListItem.SubItems.Count-1 then + Str := ListItem.SubItems.Strings[LCLCellRenderer^.ColumnIndex-1] else - if ListColumn.Index-1 <= ListItem.SubItems.Count-1 then - Str := ListItem.SubItems.Strings[LCLCellRenderer^.ColumnIndex-1]; - + Str := ''; Value.data[0].v_pointer := PChar(Str); g_object_set_property(PGObject(cell), 'text', @Value); end; -- 2.30.0 0001-GTK2CellRenderer-Initialize-Str.patch (1,070 bytes)

Benito van der Zander 2021-01-19 17:52 reporter ~0128429	>Here both conditionals can be false so 'Str' variable is not initialized and it can contain rubbish. But managed types like strings are always initialized

August Klein 2021-01-19 19:21 reporter ~0128430	Yes, although depending on compiler directives. As 'gtk2cellrenderer.pas' contains {$H+}, String is an alias for AnsiString, so you are right. Then problem may be: 'Str' is initialized to 'nil' and it is typecast to a PChar. But if an empty ansistring is typecast to a PChar then result is a pointer to a zero byte (an empty string), not a pointer to 'nil'. It is a string literal so we are trying to free memory that was never allocated.

Juha Manninen 2021-01-19 21:02 developer ~0128432 Last edited: 2021-01-19 21:06 View 2 revisions	> But managed types like strings are always initialized At least Result string variable is not initialized. I have learned a habit to initialize any string variable. Maybe it is not always necessary.

Martin Friebe 2021-01-19 22:58 manager ~0128437	Nothing happens on my ubuntu. But I noted there is no g_value_init(value, G_TYPE_STRING); and according to google, https://developer.gnome.org/gobject/stable/gobject-Standard-Parameter-and-Value-Types.html#g-value-set-string the value should get its own copy of the string. Not sure though what that means in terms of freeing. After all we never unset the value. I do not know if that is the callers (ours) responsibility or if the callee that receives the value takes care..... Looking through other LCL code, I found the following commented in gtk2listviewtreemodel.pas g_value_set_static_string(value,PChar(Item.Caption)); which means that string is not expected to be freed by anyone. But might be wrong too. It leaves the question of how long it needs to be valued, since the data in "Str" ceases to exist after the function ends.

August Klein 2021-01-20 18:21 reporter ~0128453	I agree with Martin. I was able to reproduce this with 2.0.10, but not with SVN because this recent patch: https://svn.freepascal.org/cgi-bin/viewvc.cgi/trunk/lcl/interfaces/gtk2/gtk2cellrenderer.pas?root=lazarus&r1=63902&r2=63901&pathrev=63902 As documentation states a GValue must be initialized before it can be used. The patch equates to G_VALUE_INIT macro: https://developer.gnome.org/gobject/stable/gobject-Generic-values.html#G-VALUE-INIT:CAPS

Date Modified	Username	Field	Change
2021-01-12 21:46	Benito van der Zander	New Issue
2021-01-12 23:23	Juha Manninen	Relationship added	related to 0025920
2021-01-12 23:26	Juha Manninen	Note Added: 0128292
2021-01-19 13:42	Zeljan Rikalo	Note Added: 0128410
2021-01-19 15:59	August Klein	Note Added: 0128422
2021-01-19 16:29	Juha Manninen	Relationship added	related to 0037781
2021-01-19 16:37	Juha Manninen	Relationship deleted	related to 0037781
2021-01-19 16:45	Juha Manninen	Note Added: 0128428
2021-01-19 16:45	Juha Manninen	File Added: 0001-GTK2CellRenderer-Initialize-Str.patch
2021-01-19 17:52	Benito van der Zander	Note Added: 0128429
2021-01-19 19:21	August Klein	Note Added: 0128430
2021-01-19 21:02	Juha Manninen	Note Added: 0128432
2021-01-19 21:06	Juha Manninen	Note Edited: 0128432	View Revisions
2021-01-19 22:58	Martin Friebe	Note Added: 0128437
2021-01-20 18:21	August Klein	Note Added: 0128453