KiCad crashes after closing PCBNew if a python script was executed before

Bug #1844880 reported by DDuck007 on 2019-09-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
KiCad
Critical
jean-pierre charras

Bug Description

Running a python-script in PCBNew, e.g. InteractiveHtmlBom (https://github.com/openscopeproject/InteractiveHtmlBom) or teardrops, ... Kicad crashes after closing PCBNew. The script is executed properly and everything looks fine until closing PCBNew. If it is closed all KiCad windows including the main-window are closed.

Version:

Application: KiCad
Version: (5.99.0-149-g130d52dd8), release build
Libraries:
    wxWidgets 3.0.4
    libcurl/7.61.1 OpenSSL/1.1.1 (WinSSL) zlib/1.2.11 brotli/1.0.6 libidn2/2.0.5 libpsl/0.21.0 (+libidn2/2.1.1) nghttp2/1.34.0
Platform: Windows 8 (build 9200), 64-bit edition, 64 bit, Little endian, wxMSW
Build Info:
    wxWidgets: 3.0.4 (wchar_t,wx containers,compatible with 2.8)
    Boost: 1.68.0
    OpenCASCADE Community Edition: 6.9.1
    Curl: 7.61.1
    Compiler: GCC 8.2.0 with C++ ABI 1013

Build settings:
    KICAD_SCRIPTING=ON
    KICAD_SCRIPTING_MODULES=ON
    KICAD_SCRIPTING_PYTHON3=OFF
    KICAD_SCRIPTING_WXPYTHON=ON
    KICAD_SCRIPTING_WXPYTHON_PHOENIX=OFF
    KICAD_SCRIPTING_ACTION_MENU=ON
    BUILD_GITHUB_PLUGIN=ON
    KICAD_USE_OCE=ON
    KICAD_USE_OCC=OFF
    KICAD_SPICE=ON

DDuck007 (dduck007.01) on 2019-09-21
description: updated
Ian McInerney (imcinerney) wrote :
Download full text (5.2 KiB)

This happens for simple plugins as well (tested with the attached plugin). The stack trace from address sanitizer is below.

=================================================================
==12840==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900004b580 at pc 0x7fcfa05be4aa bp 0x7fff775ea390 sp 0x7fff775ea388
READ of size 8 at 0x61900004b580 thread T0
    #0 0x7fcfa05be4a9 in BOARD::~BOARD() /master/pcbnew/class_board.cpp:155:9
    #1 0x7fcfa05be9dd in BOARD::~BOARD() /master/pcbnew/class_board.cpp:142:1
    #2 0x7fcfa059c70c in PCB_BASE_FRAME::~PCB_BASE_FRAME() /master/pcbnew/pcb_base_frame.cpp:108:5
    #3 0x7fcf9fce9008 in PCB_BASE_EDIT_FRAME::~PCB_BASE_EDIT_FRAME() /master/pcbnew/pcb_base_edit_frame.cpp:53:1
    #4 0x7fcf9fcfc205 in PCB_EDIT_FRAME::~PCB_EDIT_FRAME() /master/pcbnew/pcb_edit_frame.cpp:339:1
    #5 0x7fcf9fcfc22d in PCB_EDIT_FRAME::~PCB_EDIT_FRAME() /master/pcbnew/pcb_edit_frame.cpp:338:1
    #6 0x7fcfab2429c6 in wxAppConsoleBase::DeletePendingObjects() ../src/common/appbase.cpp:591:16
    #7 0x7fcfab242a48 in wxAppConsoleBase::ProcessIdle() ../src/common/appbase.cpp:397:25
    #8 0x7fcfab8434a7 in wxAppBase::ProcessIdle() ../src/common/appcmn.cpp:366:50
    #9 0x7fcfab76d094 in wxApp::DoIdle() ../src/gtk/app.cpp:159:31
    #10 0x7fcfab76d1b6 ../src/gtk/app.cpp:107:28
    #11 0x7fcfa977f7da (/lib64/libglib-2.0.so.0+0x4c7da)
    #12 0x7fcfa9782edc in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x4fedc)
    #13 0x7fcfa978326f (/lib64/libglib-2.0.so.0+0x5026f)
    #14 0x7fcfa97835a2 in g_main_loop_run (/lib64/libglib-2.0.so.0+0x505a2)
    #15 0x7fcfa9dc1b3c in gtk_main (/lib64/libgtk-3.so.0+0x24db3c)
    #16 0x7fcfab78cbc4 in wxGUIEventLoop::DoRun() ../src/gtk/evtloop.cpp:65:17
    #17 0x7fcfab285170 in wxEventLoopBase::Run() ../src/common/evtloopcmn.cpp:78:17
    #18 0x7fcfab245c69 in wxAppConsoleBase::MainLoop() ../src/common/appbase.cpp:334:40
    #19 0x53c770 in APP_KICAD::OnRun() /master/kicad/kicad.cpp:261:27
    #20 0x7fcfab2d9abb in wxEntry(int&, wchar_t**) ../src/common/init.cpp:506:31
    #21 0x53a4ae in main /master/kicad/kicad.cpp:292:1
    #22 0x7fcfaa2abf32 in __libc_start_main (/lib64/libc.so.6+0x23f32)
    #23 0x40302d in _start (/master/build/debug/kicad/kicad+0x40302d)

0x61900004b580 is located 0 bytes inside of 956-byte region [0x61900004b580,0x61900004b93c)
freed by thread T0 here:
    #0 0x51d65f in operator delete(void*) (/master/build/debug/kicad/kicad+0x51d65f)
    #1 0x7fcfab24b138 /usr/include/c++/9/ext/new_allocator.h:128:19
    #2 0x7fcfab24b138 /usr/include/c++/9/bits/alloc_traits.h:470:9
    #3 0x7fcfab24b138 /usr/include/c++/9/bits/basic_string.h:237:34
    #4 0x7fcfab24b138 /usr/include/c++/9/bits/basic_string.h:232:4
    #5 0x7fcfab24b138 /usr/include/c++/9/bits/basic_string.h:658:9
    #6 0x7fcfab24b138 ../include/wx/string.h:393:24
    #7 0x7fcfab24b138 ../include/wx/scopedarray.h:29:24
    #8 0x7fcfab24b138 in wxArrayString::Add(wxString const&, unsigned long) ../src/common/arrstr.cpp:302:53

previously allocated by thread T0 here:
    #0 0x51c83f in operator new(unsigned long) (/master/build/debug/kicad/kicad+0x51c83f)
    #1 0x52575e in __gnu_cxx::new_alloc...

Read more...

Changed in kicad:
status: New → Triaged
importance: Undecided → Critical
milestone: none → 6.0.0-rc1
tags: added: pcbnew python
KiCad Janitor (kicad-janitor) wrote :

Fixed in revision 840c77fa9c7500dd5ad0b326eed8f108cde0fc47
https://git.launchpad.net/kicad/patch/?id=840c77fa9c7500dd5ad0b326eed8f108cde0fc47

Changed in kicad:
status: Triaged → Fix Committed
assignee: nobody → jean-pierre charras (jp-charras)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers