<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 3 October 2015 at 05:10, Dirk Hohndel <span dir="ltr"><<a href="mailto:dirk@hohndel.org" target="_blank">dirk@hohndel.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="">On Fri, Oct 02, 2015 at 07:48:03AM -0400, Dirk Hohndel wrote:<br>
> On Fri, Oct 02, 2015 at 08:35:24PM +1000, Rick Walsh wrote:<br>
> > Hi,<br>
> ><br>
> > Subsurface is crashing if I:<br>
> > - delete dive<br>
> > - undo (ctrl z) delete dive<br>
> > - delete a dive (same or other)<br>
><br>
> There must be a little more to it than that. The stack trace indicates<br>
> that a trip might have been deleted in the process as well? I just tried<br>
> with some random deletes and undos and redos and nothing happened.<br>
><br>
> But then when I deleted the last dive in a trip, things went KABOOM<br>
> indeed. I'm about to go on my last two dives for this trip and should have<br>
> plenty of time later today to look into that.<br>
><br>
> Thanks for the report!<br>
<br>
</span>OK, that wasn't nearly loud enough.<br>
<br>
TTTTTTT hh kk YY YY !!! !!!<br>
TTT hh aa aa nn nnn kk kk YY YY oooo uu uu !!! !!!<br>
TTT hhhhhh aa aaa nnn nn kkkkk YYYYY oo oo uu uu !!! !!!<br>
TTT hh hh aa aaa nn nn kk kk YYY oo oo uu uu<br>
TTT hh hh aaa aa nn nn kk kk YYY oooo uuuu u !!! !!!<br>
<br>
(I bet this looks horrible in modern email readers... you get the idea)<br>
<br>
Seriously.<br>
<br>
Undo/redo has been in the sources for something like 5 months. And<br>
apparently no one ever tried deleting all dives in a trip and then undoing<br>
that delete. The undo/redo code completely ignored trips and ended up<br>
accessing the freed trip structures to great effect...<br>
<br>
I just pushed a fix for this. Can you verify that this fixes the problem?<br>
New daily binaries have been triggered...<br></blockquote><div><br></div><div>It appears to fix the problem, but in testing, I came across another. Not sure if it's new or not. Deleting all dives in a trip causes a segfault. I reproduce it by deleting one dive at a time (segfault on last delete), or all together.<br><br>Program received signal SIGSEGV, Segmentation fault.<br>strlen () at ../sysdeps/x86_64/strlen.S:106<br>106 movdqu (%rax), %xmm12<br>(gdb) bt<br>#0 strlen () at ../sysdeps/x86_64/strlen.S:106<br>#1 0x00007fffefa7ddee in __GI___strdup (s=0x0) at strdup.c:41<br>#2 0x00000000005a9be3 in UndoDeleteDive::redo (this=0x200f2d0) at /home/rick/src/subsurface/qt-ui/undocommands.cpp:50<br>#3 0x00007ffff18f0268 in QUndoStack::push(QUndoCommand*) () from /lib64/libQt5Widgets.so.5<br>#4 0x00000000005e2d50 in DiveListView::deleteDive (this=0xffec40)<br> at /home/rick/src/subsurface/qt-ui/divelistview.cpp:790<br>#5 0x00000000005e0787 in DiveListView::eventFilter (this=0xffec40, event=0x7fffffffd9b0)<br> at /home/rick/src/subsurface/qt-ui/divelistview.cpp:370<br>#6 0x00007ffff05cf40c in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) ()<br> from /lib64/libQt5Core.so.5<br>#7 0x00007ffff156448c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5<br>#8 0x00007ffff156b563 in QApplication::notify(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5<br>#9 0x00007ffff05cf61b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /lib64/libQt5Core.so.5<br>#10 0x00007ffff15c4323 in QWidgetWindow::event(QEvent*) () from /lib64/libQt5Widgets.so.5<br>#11 0x00007ffff15644ac in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5<br>#12 0x00007ffff1569976 in QApplication::notify(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5<br>#13 0x00007ffff05cf61b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /lib64/libQt5Core.so.5<br>#14 0x00007ffff0db4757 in QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*) ()<br> from /lib64/libQt5Gui.so.5<br>#15 0x00007ffff0db97a5 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) () from /lib64/libQt5Gui.so.5<br>#16 0x00007ffff0d9d5d8 in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()<br> from /lib64/libQt5Gui.so.5<br>#17 0x00007fffda663b10 in userEventSourceDispatch(_GSource*, int (*)(void*), void*) () from /lib64/libQt5XcbQpa.so.5<br>#18 0x00007fffea6b2a8a in g_main_context_dispatch () from /lib64/libglib-2.0.so.0<br>#19 0x00007fffea6b2e20 in g_main_context_iterate.isra () from /lib64/libglib-2.0.so.0<br>#20 0x00007fffea6b2ecc in g_main_context_iteration () from /lib64/libglib-2.0.so.0<br>---Type <return> to continue, or q <return> to quit---<br>#21 0x00007ffff0625d8f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()<br> from /lib64/libQt5Core.so.5<br>#22 0x00007ffff05ccdaa in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt5Core.so.5<br>#23 0x00007ffff05d4e6c in QCoreApplication::exec() () from /lib64/libQt5Core.so.5<br>#24 0x00000000004ec8c0 in run_ui () at /home/rick/src/subsurface/qt-gui.cpp:72<br>#25 0x00000000004eb84a in main (argc=3, argv=0x7fffffffdef8) at /home/rick/src/subsurface/main.cpp:78<br><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Maybe we need a bug bounty? I'll pay ¤10,000 for each bug that you find<br>
and report here with instructions how to reproduce them.<br></blockquote><div><br></div><div>Sweet. That's gone up to more than AU 50c with the latest exchange rates<br> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Go ahead, make yourself rich...<br>
<span class=""><font color="#888888"><br>
/D<br>
</font></span><br>
PS: ¤ stands for Vietnamese Dong in case you are wondering...<br>
<br>
</blockquote></div><br></div></div>