Crash on Windows 7 with Subsurface-4.6.4-1026 binary

Lubomir I. Ivanov neolit123 at gmail.com
Thu Oct 19 17:18:57 PDT 2017 

On 20 October 2017 at 02:42, Rick Walsh <rickmwalsh at gmail.com> wrote:
>
>
> On 20 October 2017 at 10:36, Rick Walsh <rickmwalsh at gmail.com> wrote:
>>
>> Hi,
>>
>> Testing the latest Windows binary in /downloads/daily,
>> subsurface-4.6.4-1026-g49771d8748a0.exe, I got a crash on changing the dive
>> date (to a month ago) in the planner.
>
> I should add that doing just about anything in the planner results in a
> crash with the 4.6.4-1026 binary, and that I don't see this issue with the
> subsurface-4.6.4-986-gb5a5035c090d.exe binary.
>

based on the 49771d87 subsurface.exe binary, the SIGSEGV is in
explicit_first_cylinder().

https://github.com/Subsurface-divelog/subsurface/blob/master/core/dive.c#L987
Dump of assembler code for function explicit_first_cylinder:
   0x00556460 <+0>:     push   %esi
   0x00556461 <+1>:     push   %ebx
   0x00556462 <+2>:     sub    $0x14,%esp
   0x00556465 <+5>:     mov    0x24(%esp),%esi
   0x00556469 <+9>:     mov    0x20(%esp),%ebx
   0x0055646d <+13>:    test   %esi,%esi
   0x0055646f <+15>:    je     0x5564a1 <explicit_first_cylinder+65>
   0x00556471 <+17>:    movl   $0x7e8a40,0x4(%esp)
=> 0x00556479 <+25>:    mov    0x50(%esi),%eax
   0x0055647c <+28>:    mov    %eax,(%esp)
   0x0055647f <+31>:    call   0x584210 <get_next_event>

it happens right before the get_next_event().
ESI holds the 'dc' pointer.
it's not NULL; it's 0x558, but that's not right.

so the caller seems to pass a corrupt pointer.

actually...it happens with my build too.

#0  0x004ff179 in explicit_first_cylinder (dive=0x835540 <displayed_dive>,
    dc=dc at entry=0x558) at C:\dev\subsurface\core\dive.c:990
#1  0x004bcc05 in get_gasmix (dive=<optimized out>, gasmix=0x0,
    evp=<synthetic pointer>, time=<optimized out>, dc=0x558)
    at C:/dev/subsurface/core/dive.h:941
#2  DivePercentageItem::paint (this=<optimized out>, painter=0x28c634,
    option=0xd1f9df8, widget=0x0)
    at C:\dev\subsurface\profile-widget\diveprofileitem.cpp:431

so it's Robert's patch:
https://github.com/Subsurface-divelog/subsurface/commit/a422957cd6525b9753cafacfafdf1f3eef66870d

i think it might be that:
#define displayed_dc (get_dive_dc(&displayed_dive, dc_number))

should use:
'displayed_dive' instead of '&displayed_dive'

lubomir
--

More information about the subsurface mailing list