pre beta test subsurface-mobile 655

Dirk Hohndel dirk at hohndel.org
Fri Jan 15 10:29:40 PST 2016 

On Fri, Jan 15, 2016 at 02:43:42PM -0200, Tomaz Canabrava wrote:
> This seems... Unlikely?
> If the model row is < than the pinfo.nr, things should always point to a
> safe memory zone.

Well, three different people have now created more or less identical stack
traces from crashes. Unlikely or not, that's what's happening. The memcpy
crashes because pInfo.entry[index.row()] is pointing at invalid addresses.
I can reproduce this, but not under the debugger (my guess is that the
debugger keeps the freed memory around and therefore I don't get the
crash).

/D

> Em 15 de jan de 2016 11:05, "Dirk Hohndel" <dirk at hohndel.org> escreveu:
> 
> > On Fri, Jan 15, 2016 at 12:22:30PM +0200, Miika Turkia wrote:
> > >
> > > Well, it seems that the libs on the debug apk are stripped, so I fail
> > > to get more exact information out of this (first time trying to dig
> > > into tombstone, so that might affect the results as well). Anyway,
> > > hopefully the following back trace will give others some more info on
> > > the crash. At least the functions in question can be seen.
> > > ---8<---
> > > ********** Crash dump: **********
> > > Build fingerprint:
> > > 'Wileyfox/Swift/crackling:5.1.1/LMY49F/877353b5ea:userdebug/test-keys'
> > > pid: 6293, tid: 6319, name: QtThread  >>> org.subsurfacedivelog.mobile
> > <<<
> > > signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xf035f188
> > > Stack frame #00 pc 0000fadc  /system/lib/libc.so (memcpy+96)
> > > Stack frame #01 pc 000e730f
> > > /data/app/org.subsurfacedivelog.mobile-2/lib/arm/libsubsurface-mobile.so
> > > (DivePlotDataModel::data(QModelIndex const&, int) const+54)
> > > Stack frame #02 pc 000d6275
> > > /data/app/org.subsurfacedivelog.mobile-2/lib/arm/libsubsurface-mobile.so
> > > (DiveProfileItem::paint(QPainter*, QStyleOptionGraphicsItem const*,
> > > QWidget*)+336)
> > > Stack frame #03 pc 00235d53
> >
> > Yes, I was able to reproduce this (with some effort) on a desktop system,
> > but only if NOT running under a debugger. Nice. What is happening is that
> > in diveplotdatamodel.cpp we do this
> >
> > QVariant DivePlotDataModel::data(const QModelIndex &index, int role) const
> > {
> >         if ((!index.isValid()) || (index.row() >= pInfo.nr))
> >                 return QVariant();
> >
> >         plot_data item = pInfo.entry[index.row()];
> >
> > And that copy operation above causes memcpy to crash.
> >
> > What I haven't quite figured out, yet, is why...
> >
> > /D
> > _______________________________________________
> > subsurface mailing list
> > subsurface at subsurface-divelog.org
> > http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
> >

More information about the subsurface mailing list