Segfault in libedit on footprint Save As...

Bug #1802954 reported by John Beard on 2018-11-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
KiCad
High
Unassigned

Bug Description

I hit a segfault in libmodedit when doing "Save As..." on a footprint to a different library.

I can't reproduce (at least not yet), but I do have a backtrace. I am unclear on exactly what steps are needed to get into this state, but perhaps the backtrace is meaningful to someone(?).

At frame #7, aNickName is the library name, which is the same as s in frame #1, but looks like something gets deleted, as #1's this pointer looks decidedly dodgy.

----

#0 0x00007fdeee6471e1 in wxString::compare(wxString const&) const () at /usr/lib/libwx_baseu-3.0.so.0
#1 0x00007fdee4ac4471 in wxString::Cmp(wxString const&) const (this=0x7fdeec3f26b0 <g_nullify_pointer+32>, s=...)
    at /usr/include/wx-3.0/wx/string.h:2111
#2 0x00007fdee4be9851 in operator<(wxString const&, wxString const&) (s1=..., s2=...)
    at /usr/include/wx-3.0/wx/string.h:3994
#3 0x00007fdee4beedc3 in std::less<wxString>::operator()(wxString const&, wxString const&) const
    (this=0x560c34c90f30, __x=..., __y=...) at /usr/include/c++/8.2.1/bits/stl_function.h:386
#4 0x00007fdee4dd7d84 in std::_Rb_tree<wxString, std::pair<wxString const, int>, std::_Select1st<std::pair<wxString const, int> >, std::less<wxString>, std::allocator<std::pair<wxString const, int> > >::_M_lower_bound(std::_Rb_tree_node<std::pair<wxString const, int> >*, std::_Rb_tree_node_base*, wxString const&)
    (this=0x560c34c90f30, __x=0x7fdeec3f2690 <g_nullify_pointer>, __y=0x560c34c90f38, __k=...)
    at /usr/include/c++/8.2.1/bits/stl_tree.h:1888
#5 0x00007fdee4dd69d6 in std::_Rb_tree<wxString, std::pair<wxString const, int>, std::_Select1st<std::pair<wxString const, int> >, std::less<wxString>, std::allocator<std::pair<wxString const, int> > >::find(wxString const&)
    (this=0x560c34c90f30, __k=...) at /usr/include/c++/8.2.1/bits/stl_tree.h:2539
#6 0x00007fdee4dd5ca3 in std::map<wxString, int, std::less<wxString>, std::allocator<std::pair<wxString const, int> > >::find(wxString const&) (this=0x560c34c90f30, __x=...) at /usr/include/c++/8.2.1/bits/stl_map.h:1170
#7 0x00007fdee54e813c in LIB_TABLE::findRow(wxString const&) const (this=0x560c34c90f10, aNickName=...)
    at /home/john/src/kicad/common/lib_table_base.cpp:299
#8 0x00007fdee54e7fd2 in LIB_TABLE::HasLibrary(wxString const&, bool) const
    (this=0x560c34c90f10, aNickname=..., aCheckEnabled=true) at /home/john/src/kicad/common/lib_table_base.cpp:266
#9 0x00007fdee4d23554 in FP_TREE_SYNCHRONIZING_ADAPTER::Sync() (this=0x560c37b326d0)
    at /home/john/src/kicad/pcbnew/fp_tree_synchronizing_adapter.cpp:64
#10 0x00007fdee4d29f61 in FOOTPRINT_EDIT_FRAME::SyncLibraryTree(bool) (this=0x560c38345350, aProgress=true)
    at /home/john/src/kicad/pcbnew/footprint_edit_frame.cpp:883
#11 0x00007fdee4d1858b in FOOTPRINT_EDIT_FRAME::Process_Special_Functions(wxCommandEvent&)
    (this=0x560c38345350, event=...) at /home/john/src/kicad/pcbnew/footprint_editor_utils.cpp:483
#12 0x00007fdeee6f889e in wxEvtHandler::ProcessEventIfMatchesId(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) () at /usr/lib/libwx_baseu-3.0.so.0
#13 0x00007fdeee6f89a4 in wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) () at /usr/lib/libwx_baseu-3.0.so.0
#14 0x00007fdeee6f8cde in wxEvtHandler::TryHereOnly(wxEvent&) () at /usr/lib/libwx_baseu-3.0.so.0
#15 0x00007fdee54b69f8 in EDA_BASE_FRAME::ProcessEvent(wxEvent&) (this=0x560c38345350, aEvent=...)
    at /home/john/src/kicad/common/eda_base_frame.cpp:173
#16 0x00007fdeee6f8b63 in wxEvtHandler::DoTryChain(wxEvent&) () at /usr/lib/libwx_baseu-3.0.so.0
#17 0x00007fdeee6f8e02 in wxEvtHandler::ProcessEvent(wxEvent&) () at /usr/lib/libwx_baseu-3.0.so.0
#18 0x00007fdeeec4ee6b in wxWindowBase::TryAfter(wxEvent&) () at /usr/lib/libwx_gtk2u_core-3.0.so.0
#19 0x00007fdeeec4ee6b in wxWindowBase::TryAfter(wxEvent&) () at /usr/lib/libwx_gtk2u_core-3.0.so.0
#20 0x00007fdeee6f8ba7 in wxEvtHandler::SafelyProcessEvent(wxEvent&) () at /usr/lib/libwx_baseu-3.0.so.0
#21 0x00007fdeeec05569 in wxMenuBase::SendEvent(int, int) () at /usr/lib/libwx_gtk2u_core-3.0.so.0
#22 0x00007fdeeeafe6dc in () at /usr/lib/libwx_gtk2u_core-3.0.so.0
#23 0x00007fdeec6d83d5 in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#24 0x00007fdeec6c5195 in () at /usr/lib/libgobject-2.0.so.0
#25 0x00007fdeec6c901e in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#26 0x00007fdeec6c9a80 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#27 0x00007fdeecbfff38 in gtk_widget_activate () at /usr/lib/libgtk-x11-2.0.so.0
#28 0x00007fdeecaf8e71 in gtk_menu_shell_activate_item () at /usr/lib/libgtk-x11-2.0.so.0
#29 0x00007fdeecaf9140 in () at /usr/lib/libgtk-x11-2.0.so.0
#30 0x00007fdeecae67cc in () at /usr/lib/libgtk-x11-2.0.so.0
#31 0x00007fdeec6d83d5 in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#32 0x00007fdeec6c499f in () at /usr/lib/libgobject-2.0.so.0
#33 0x00007fdeec6c85ed in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#34 0x00007fdeec6c9a80 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#35 0x00007fdeecc01235 in () at /usr/lib/libgtk-x11-2.0.so.0
#36 0x00007fdeecae4a0e in gtk_propagate_event () at /usr/lib/libgtk-x11-2.0.so.0
#37 0x00007fdeecae4e43 in gtk_main_do_event () at /usr/lib/libgtk-x11-2.0.so.0
#38 0x00007fdeec759d5e in () at /usr/lib/libgdk-x11-2.0.so.0
#39 0x00007fdeec4333cf in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#40 0x00007fdeec434f89 in () at /usr/lib/libglib-2.0.so.0
#41 0x00007fdeec434fce in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#42 0x00007fdeecae4032 in gtk_main_iteration () at /usr/lib/libgtk-x11-2.0.so.0
#43 0x00007fdeeea99c86 in wxWindow::DoPopupMenu(wxMenu*, int, int) () at /usr/lib/libwx_gtk2u_core-3.0.so.0
#44 0x00007fdeeec52774 in wxWindowBase::PopupMenu(wxMenu*, int, int) () at /usr/lib/libwx_gtk2u_core-3.0.so.0
#45 0x00007fdee4ba62fb in wxWindowBase::PopupMenu(wxMenu*, wxPoint const&)
    (this=0x560c38eb8a30, menu=0x560c390bd5b0, pos=...) at /usr/include/wx-3.0/wx/window.h:1216
#46 0x00007fdee54578da in LIB_TREE::onContextMenu(wxDataViewEvent&) (this=0x560c38eb8a30, aEvent=...)
    at /home/john/src/kicad/common/widgets/lib_tree.cpp:397
#47 0x00007fdeee6f889e in wxEvtHandler::ProcessEventIfMatchesId(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) () at /usr/lib/libwx_baseu-3.0.so.0
#48 0x00007fdeee6f8c1b in wxEvtHandler::SearchDynamicEventTable(wxEvent&) () at /usr/lib/libwx_baseu-3.0.so.0
#49 0x00007fdeee6f8cb1 in wxEvtHandler::TryHereOnly(wxEvent&) () at /usr/lib/libwx_baseu-3.0.so.0
#50 0x00007fdeee6f8d64 in wxEvtHandler::ProcessEventLocally(wxEvent&) () at /usr/lib/libwx_baseu-3.0.so.0
#51 0x00007fdeee6f8e02 in wxEvtHandler::ProcessEvent(wxEvent&) () at /usr/lib/libwx_baseu-3.0.so.0
#52 0x00007fdeee6f8ba7 in wxEvtHandler::SafelyProcessEvent(wxEvent&) () at /usr/lib/libwx_baseu-3.0.so.0
#53 0x00007fdeef0867d6 in () at /usr/lib/libwx_gtk2u_adv-3.0.so.0
#54 0x00007fdeecae67cc in () at /usr/lib/libgtk-x11-2.0.so.0
#55 0x00007fdeec6d83d5 in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#56 0x00007fdeec6c5195 in () at /usr/lib/libgobject-2.0.so.0
#57 0x00007fdeec6c85ed in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#58 0x00007fdeec6c9a80 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#59 0x00007fdeecc01235 in () at /usr/lib/libgtk-x11-2.0.so.0
#60 0x00007fdeecae4a0e in gtk_propagate_event () at /usr/lib/libgtk-x11-2.0.so.0
#61 0x00007fdeecae4e43 in gtk_main_do_event () at /usr/lib/libgtk-x11-2.0.so.0
#62 0x00007fdeec759d5e in () at /usr/lib/libgdk-x11-2.0.so.0
#63 0x00007fdeec4333cf in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#64 0x00007fdeec434f89 in () at /usr/lib/libglib-2.0.so.0
#65 0x00007fdeec435f62 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#66 0x00007fdeecae3df3 in gtk_main () at /usr/lib/libgtk-x11-2.0.so.0
#67 0x00007fdeeea7e1b6 in wxGUIEventLoop::DoRun() () at /usr/lib/libwx_gtk2u_core-3.0.so.0
#68 0x00007fdeee5c5bae in wxEventLoopBase::Run() () at /usr/lib/libwx_baseu-3.0.so.0
#69 0x00007fdeee58a517 in wxAppConsoleBase::MainLoop() () at /usr/lib/libwx_baseu-3.0.so.0
#70 0x0000560c315a876f in APP_SINGLE_TOP::OnRun() (this=0x560c31e7d4f0)
    at /home/john/src/kicad/common/single_top.cpp:186
#71 0x00007fdeee6124c8 in wxEntry(int&, wchar_t**) () at /usr/lib/libwx_baseu-3.0.so.0
#72 0x0000560c315a3e20 in main(int, char**) (argc=1, argv=0x7fff4ae2f288)
    at /home/john/src/kicad/common/single_top.cpp:260

----

Application: pcbnew
Version: (6.0.0-rc1-dev-1178-g62e2fe8bb), debug build
Libraries:
    wxWidgets 3.0.4
    libcurl/7.62.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.4) libssh2/1.8.0 nghttp2/1.34.0
Platform: Linux 4.18.16-arch1-1-ARCH x86_64, 64 bit, Little endian, wxGTK
Build Info:
    wxWidgets: 3.0.4 (wchar_t,wx containers,compatible with 2.8) GTK+ 2.24
    Boost: 1.68.0
    OpenCASCADE Community Edition: 6.9.1
    Curl: 7.62.0
    Compiler: GCC 8.2.1 with C++ ABI 1013

Build settings:
    USE_WX_GRAPHICS_CONTEXT=OFF
    USE_WX_OVERLAY=OFF
    KICAD_SCRIPTING=ON
    KICAD_SCRIPTING_MODULES=ON
    KICAD_SCRIPTING_PYTHON3=OFF
    KICAD_SCRIPTING_WXPYTHON=ON
    KICAD_SCRIPTING_WXPYTHON_PHOENIX=OFF
    KICAD_SCRIPTING_ACTION_MENU=ON
    BUILD_GITHUB_PLUGIN=ON
    KICAD_USE_OCE=ON
    KICAD_USE_OCC=OFF
    KICAD_SPICE=ON

Jeff Young (jeyjey) wrote :

Why do we have two copies of LIB_TABLE::findRow() (one const and one not)? Surely the const one is sufficient, or am I missing something?

John Beard (john-j-beard) wrote :

(Speculation alert) I guess this is done according to this pattern:

    T& CLASS::getMemberThing();
    const T& CLASS::getMemberThing() const;

Thus, if you only have a const CLASS, you can't use getMemberThing to get a non-const interface though which you can modify part of the CLASS.

But since it's returning a pointer, it's allowed to return a non-const T*.

I imagine this is a paste-o, and probably should be something like:

   T* CLASS::findRow();
   const T* CLASS::findRow(...) const;

At least, this appears to compile, FWIW!

Jeff Young (jeyjey) wrote :

@Devs, can anyone reproduce this?

Changed in kicad:
importance: Undecided → High
Seth Hillbrand (sethh) wrote :

I'm guessing that this is in modedit, right?

@John, did you right-click on the footprint name and use save as from there? Global lib or local? Any chance you recall the name of the footprint/lib?

John Beard (john-j-beard) wrote :

Yes, this is in modedit, for a global library.

It was in the right click menu, but I cannot recall the name of the library. I tried to reproduce at the time, but I couldn't do it (and I wasn't paying very close attention to KiCad's behaviour as I was doing something at the time).

So it feels perhaps like a timing/threading issue where something's killed something as SyncLibraryTree is working?

Jeff Young (jeyjey) wrote :

I believe JP just fixed this in 1b7ebc7a4e33dc314a79c10ca38bf46dc76b0ae8.

Changed in kicad:
status: New → Fix Committed
milestone: none → 5.1.0
Changed in kicad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers