Select location of divesite in new map widget

Lubomir I. Ivanov neolit123 at gmail.com
Tue Oct 3 11:02:28 PDT 2017 

On 3 October 2017 at 20:49, Dirk Hohndel <dirk at hohndel.org> wrote:
>
>> On Oct 3, 2017, at 10:32 AM, Lubomir I. Ivanov <neolit123 at gmail.com> wrote:
>>
>> On 3 October 2017 at 20:23, Lubomir I. Ivanov <neolit123 at gmail.com> wrote:
>>> On 3 October 2017 at 20:16, Lubomir I. Ivanov <neolit123 at gmail.com> wrote:
>>>> i don't remember such a crash with no empty dive site name, when i was
>>>> working on the map, so it might be a new thing.
>>>>
>>>> this:
>>>> 00507BD2 44EA0000 00000000 044FC968  subsurface.exe!myInvalidate
>>>> [/home/stefan/Entwicklung/Subsurface/subsurface/qt-models/filtermodels.cpp
>>>> @ 384]
>>>> 0050804F 00000022 48B5DE74 044FC988  subsurface.exe!stopFilterDiveSite
>>>> [/home/stefan/Entwicklung/Subsurface/subsurface/qt-models/filtermodels.cpp
>>>> @ 456]
>>>> suggests that the cause is the code related to dive site filtering.
>>>>
>>>> i will now check the latest master, to see if i can reproduce the crash.
>>>>
>>>
>>> the latest master crashes for me on startup with:
>>>
>>> -----------------------------------------------------------------------------------------------------------
>>> Program received signal SIGSEGV, Segmentation fault.
>>> DiveListView::DiveListView (this=<optimized out>, parent=0x0)
>>>    at C:\dev\subsurface\desktop-widgets\divelistview.cpp:98
>>> 98                              defaultWidth[col] = width;
>>> (gdb) bt
>>> #0  DiveListView::DiveListView (this=<optimized out>, parent=0x0)
>>>    at C:\dev\subsurface\desktop-widgets\divelistview.cpp:98
>>> #1  0x0040804d in MainWindow::MainWindow (this=0x1a9abe80)
>>>    at C:\dev\subsurface\desktop-widgets\mainwindow.cpp:105
>>> #2  0x004016db in init_ui ()
>>>    at C:\dev\subsurface\subsurface-desktop-helper.cpp:36
>>> #3  0x00694378 in main (argc=1, argv=0x4b69928)
>>>    at C:\dev\subsurface\subsurface-desktop-main.cpp:91
>>> -----------------------------------------------------------------------------------------------------------
>>>
>>> interesting...
>>>
>>
>> yey, a compiler bug (stack corruption) in:
>> gcc version 5.3.0 (i686-posix-dwarf-rev0, Built by MinGW-W64 project)
>>
>> in divelistview.cpp, for this:
>> for (int col = DiveTripModel::NR; col < DiveTripModel::COLUMNS; ++col) {
>>
>> instead of incrementing col up to 16, it goes up to 2689.
>
> Sweet. If you look at the preprocessor output, is it the DiveTripModel::COLUMNS
> that is incorrectly expanded, or is it really the code generation?
>
> And given that Gaetan sees this on Arch... different compiler, right?
>
> WEIRD
>

apparently, the stack gets corrupted by out-of-bounds access...how?
i'm not sure, but i won't disassemble this as there is an easy fix and
we are doing something wrong.

divelistview.cpp has this:
static int defaultWidth[] =    {  70, 140, 90,  50,  50,  50,  50,
70,  50,  50,  70,  50,  50,  5, 500};

the loop uses the 'col' iterator which is clamped up to
DiveTripModel::COLUMNS, but DiveTripModel::COLUMNS is larger than the
N of elements in defaultWidth.

so the first out-of-bound access to:
defaultWidth[col]

modifies the loop's limit to something like 2689 and it proceeds with
the out-of-bound access until a SIGSEGV.

fixes:
1) add another element to defaultWidth[] for 'country' and iterate col
up to the size of defaultWIdth[].
2) move defaultWidth as a method in DiveTripModel, for safety

lubomir
--

More information about the subsurface mailing list