#52 mged segfault

crash or data loss
closed-fixed
Sean Morrison
8
2006-02-14
2005-10-13
Karel Kulhavy
No

after copying foot_o1.s to foot_o2.s and selecting
foot_o2.s by prim selection mged segfaults. Maybe
because foot_o2.s wasn't displayed but
was copied from displayed solid so MGED caught acute
infectious schizophreny.

.g is attached. Backtrace follows:
#0 0xb796a00b in strlen () from /lib/libc.so.6
No symbol table info available.
#1 0xb7a51903 in bu_vls_strcat (vp=0xbf80b990, s=0x91
<Address 0x91 out of bounds>) at vls.c:406
len = 135575840
#2 0xb7a527a7 in bu_vls_vprintf (vls=0xbf80b990,
fmt=0x813cda0 "/%s", ap=0xbf80b5fc "EQ\200&#65533;\001") at
vls.c:813
str = 0x91 <Address 0x91 out of bounds>
sp = 0x813cda1 "%s"
ep = 0x813cda2 "s"
len = 2
flags = 0
fieldlen = -1
fbuf =
"%s\000\000\000\000\000\000\002\000\000\0005&#65533;\200&#65533;\004\000\000\000\001\000\000\000\004\000\000\0005&#65533;\200&#65533;\004\000\000\000\000\000\000\000\002\000\000\000:&#65533;\200&#65533;&#65533;&#65533;&#65533;\000\000\e\b\000\000\000\000&#65533;213d&#65533;"
buf = "&#65533;&#65533;&#65533;&#65533;&#65533;\a\027\b", '\0' <repeats 20 times>,
"\t\001\000\000`\0172\b&#65533;Z\b", '\0' <repeats 20 times>,
"\002\000\000\000&#65533;&#65533;\200&#65533;\000\000\000\000&#65533;, '\0'
<repeats 19 times>,
"\t\000\000\000\200&#65533;032\bX&#65533;\b\000\000\000\000{&#65533;213&#65533;",
'\0' <repeats 12 times>,
"\t\000\000\000\004\000\000\000\b&#65533;\200&#65533;\b\000\000\000\024\000\000\000\000\000\000\000.&#65533;\200&#65533;N&#65533;\200&#65533;\000\000\000\000\004\001&#65533;&#65533;C7\f9\000\000\000q\001\000\002\000\000\000\000d\0024\000<\000\f\000\000\000\001\n\a\003&#65533;\b`d\b9\000\000\000&#65533;\a\027\b\003\000\000\000&#65533;\a\027\b&#65533;&#65533;&#65533;&#65533;@&#65533;\200&#65533;\b\000\000\000\000\000\000"...
#3 0xb7a52d15 in bu_vls_printf (vls=0xbf80b990,
fmt=0x813cda0 "/%s") at vls.c:966
ap = 0xbf80b5f8 "\221"
#4 0x08112d79 in dotitles (overlay_vls=0xbf80bc70) at
titles.c:263
path_lhs = {vls_magic = -1993131077, vls_str =
0x85cce98 "/foot_o2.s/", vls_offset = 0, vls_len = 11,
vls_max = 192}
path_rhs = {vls_magic = -1993131077, vls_str =
0x0, vls_offset = 0, vls_len = 0, vls_max = 0}
i = 1
x = -1216141756
y = -1217476637
temp = {0, 0, 0}
yloc = 135575840
xloc = 135575840
scroll_ybot = 0
vls = {vls_magic = -1993131077, vls_str = 0x0,
vls_offset = 0, vls_len = 0, vls_max = 0}
cent_x = "
H\203&#65533;t'\024\b8&#65533;\200&#65533;\221&#65533;\006\b&#65533;232?\b\000\000\000\000\000
\234@&#65533;\227?\b\020&#65533;\200&#65533;\000\000\000\000\000@&#65533;\200\217?\b&#65533;\217?\b\001",
'\0' <repeats 26 times>
cent_y =
"\000\000\000\000\000\000\000\200h&#65533;\200&#65533;1&#65533;n&#65533;\000\000\000\000\000\000\200?\000\000\000\000\000\000\200?\000\000\000\000\000&#65533;&#65533;&#65533;200&#65533;\034u\200&#65533;&#65533;c\203&#65533;\202",
'\0' <repeats 16 times>, "@&#65533;\000\000\000\000\000 \234@"
cent_z =
"\000\000\000\000\000\000\000\200\000\000\000\200u&#65533;230<\000\000\000\000\000@&#65533;&#65533;:&#65533;&#65533;A&#65533;&#65533;\000\000\000\000\000@&#65533;&#65533;",
'\0' <repeats 16 times>,
"X&#65533;\200&#65533;&#65533;r\200&#65533;\000\000\000\000\000@&#65533;?\000\000\000\000\000\000\000\200"
size =
"\000\000\000\200u&#65533;230<8&#65533;\200&#65533;\027\217\n\b\000\000\000\000\000\000\000\200\000\000\000\000\000@&#65533;&#65533;\000\000\000\200u&#65533;230&#65533;\000\000&#65533;&#65533;\232d&#65533;",
'\0' <repeats 11 times>,
"\200u&#65533;230&#65533;\000\000\000\000\000@&#65533;? \000\000\000&#65533;&#65533;&#65533;"
ang_x =
"D&\203&#65533;$\v\000\000\210&#65533;\200&#65533;EQ\200&#65533;\001\000\000\000
&#65533;\024\b&#65533;&#65533;\200&#65533;$\vW\b\000\000\000\000\000\000\200&#65533;\000\000\000\000\000&#65533;&#65533;5\000\000\000\000\000\200?",
'\0' <repeats 21 times>, "@&#65533;?"
ang_y = "\001", '\0' <repeats 11 times>,
"&#65533;&#636;\000\000\000\000D&\203&#65533;H&#65533;\200&#65533;i&#65533;\200&#65533;D&\203&#65533;\000\000\000\000X&#65533;\200&#65533;EQ\200&#65533;\200&#65533;&#65533;200&#65533;&#65533;&#65533;\200&#65533;&#65533;'&#2039;\f\vW\bD&\203&#65533;x&#65533;\200&#65533;&#65533;n&#65533;"
ang_z = '\0' <repeats 14 times>, "&#65533;D&\203&#65533;
&#65533;\024\b&#65533;200&#65533;EQ\200&#65533;\001\000\000\000\001\000\000\000d\002\000\000\004\000\000\000\000\000\000\000\000\000&#65533;000\000\000\000&#65533;n&#65533;D&\203&#65533;
&#65533;\024\b(&#65533;\200&#65533;EQ\200&#65533;"
ss_line_not_drawn = 1
tmp_val = 0
#5 0x080e47d5 in refresh () at ged.c:1795
p = (struct dm_list *) 0x83f6730
save_dm_list = (struct dm_list *) 0x837c6b8
overlay_vls = {vls_magic = -1993131077, vls_str
= 0x0, vls_offset = 0, vls_len = 0, vls_max = 0}
tmp_vls = {vls_magic = -1993131077, vls_str =
0x0, vls_offset = 0, vls_len = 0, vls_max = 0}
do_overlay = 0
elapsed_time = 0.011032999999999999
do_time = 1
#6 0x080e17b0 in main (argc=2, argv=0xbf80be94) at
ged.c:677
rateflag = 0
c = -1
read_only_flag = 0
pid = 0
parent_pipe = {3, 5}
use_pipe = 1

Discussion

  • Karel Kulhavy
    Karel Kulhavy
    2005-10-13

    file for mged sampled inmmediately after the crash

     
    Attachments
  • Sean Morrison
    Sean Morrison
    2005-12-29

    • priority: 5 --> 8
     
  • Sean Morrison
    Sean Morrison
    2006-02-14

    • assigned_to: nobody --> brlcad
    • status: open --> closed-fixed
     
  • Sean Morrison
    Sean Morrison
    2006-02-14

    Logged In: YES
    user_id=785737

    Thank you very much for the detailed report and stack trace. It was very helpful
    in tracking down the problem and applying a fix. The problem was related to
    bad state management in mged where it was attempting to print a title overlay
    for an empty title. The fix should be in the next iteration release, 7.8.0.

     
  • Sean Morrison
    Sean Morrison
    2006-02-14

    Logged In: YES
    user_id=785737

    This issue has been resolved in the latest CVS, thanks!