Menu

#528 CHECK assertion in TCoolEdit::Undo

6.44
closed
Ognyan Chernokozhev
CoolPrj (34) Internal (121) Crash (71)
1
2022-02-23
2022-02-19
Ognyan Chernokozhev
No

Undoing a Cut command causes a CHECK assertion in Debug builds of TCoolEdit.

Also, repeated Undo commands fail to restore the text properly.

Related

Bugs: #524
Discussion: Preparing OWLNext 7.0.7, 6.44.17 and 6.36.6 updates
Discussion: Preparing OWLNext 7.0.7, 6.44.17 and 6.36.6 updates
Wiki: OWLNext_Stable_Releases

Discussion

  • Ognyan Chernokozhev

    Ognyan Chernokozhev - 2022-02-19

    The problem was caused by the code 

        _TCHAR* pMemory = (_TCHAR*)Os.str().c_str();

    depending on the compiler and STL implementation, the string object may be destroyed, and the pMemory will not point to a valid data.

     
    👍
    1

  • Ognyan Chernokozhev

    Ognyan Chernokozhev - 2022-02-19
    • Description has changed:

    Diff:

    --- old
+++ new
@@ -1 +1,3 @@
 Undoing a Cut command causes a CHECK assertion in Debug builds of TCoolEdit.
+
+Also, repeated Undo commands fail to restore the text properly.
    • status: open --> pending
    • Group: 7.1 --> 6.44
     

  • Ognyan Chernokozhev

    Ognyan Chernokozhev - 2022-02-19

    A search through the code found two more instances of using this construct.

     
    👍
    1

  • Vidar Hasfjord

    Vidar Hasfjord - 2022-02-19

    Good catch!

        _TCHAR* pMemory = (_TCHAR*)Os.str().c_str();

    depending on the compiler and STL implementation, the string object may be destroyed, and the pMemory will not point to a valid data.

    Actually, I think the C++ standard is clear here. The life-time of the temporary string returned by str only extends to the end of the statement. Pointing to its contents after that is undefined behaviour.

    Interestingly, PVS-Studio didn't spot this issue [bugs:#504].

    Edit: This issue was fixed on the trunk in [r5812], and the fix has been merged into 7.0 [r5813] and 6.44 [r5814].

    Note: Do not use "Fix for..." or "Fixed..." in log messages with the BUG tag, as "BUG" is short for "bugfix". Use the title of the bug ticket with the the ticket reference appended. See our Coding Standards. Also, when performing a merge, it is helpful to include in the log message which branch you are merging into. This makes it easier to review the log. I will update the log messages.

    A search through the code found two more instances of using this construct.

    I can confirm I found "str().c_str()" in TCoolTextWnd::SetDragData and TUndoDragDropMoveExt::Undo in the same file "cooledit.cpp". I see that you have fixed them now.

    Edit: These additional occurrences of the same issue in the same file were fixed on the trunk in [r5815][r5818], and the fix has been merged into 7.0 [r5816][r5819] and 6.44 [r5817][r5820].

    Tip: Use the "RGR" tag for regression fixes (e.g. r5818) and refer to the revision that caused the regression.

    I also searched the whole code base on the trunk, and I found that construct in TDialogFunction::Trace in "checks.cpp" and in the TRACE_STACK macro in "dumpstack.cpp". But in these cases, the pointers were immediately used within the statement, i.e. while the temporary object is alive, so should be fine.

    PS. By the way, you've got a tab indentation in TCoolTextWnd::SetDragData.

     

    Related

    Bugs: #504
    Commit: [r5812]
    Commit: [r5813]
    Commit: [r5814]
    Commit: [r5815]
    Commit: [r5816]
    Commit: [r5817]
    Commit: [r5818]
    Commit: [r5819]
    Commit: [r5820]
    Wiki: Coding_Standards


    Last edit: Vidar Hasfjord 2022-02-19

  • Vidar Hasfjord

    Vidar Hasfjord - 2022-02-19
    • labels: CoolPrj --> CoolPrj, Internal, Crash
     

  • Vidar Hasfjord

    Vidar Hasfjord - 2022-02-23
    • Status: pending --> closed
     

Log in to post a comment.