Bug 12279 - yelp crashing in rrn_omf_parse_file() on solaris sparc
Summary: yelp crashing in rrn_omf_parse_file() on solaris sparc
Alias: None
Product: Rarian
Classification: Unclassified
Component: General (show other bugs)
Version: unspecified
Hardware: All All
: high normal
Assignee: Don Scorgie
QA Contact:
Depends on:
Reported: 2007-09-04 08:21 UTC by Matt Keenan
Modified: 2007-11-07 14:03 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Fix crash (599 bytes, patch)
2007-10-16 08:04 UTC, Matt Keenan
Details | Splinter Review
Fix Crash Again (1.52 KB, patch)
2007-10-16 08:55 UTC, Matt Keenan
Details | Splinter Review

Description Matt Keenan 2007-09-04 08:21:16 UTC
On Solaris sparc, yelp is failing to load, crashing on starting, tracing into the
problem yields the crash is occuring when trying to parse the very first omf file.

When exiting the function rrn_omf_parse_file(), the destructor for TiXmlDocument
is being called twice. I'm not a c++ expert (in fact I know quite little), so 
I've no idea why it's being called twice.

However the first call appears to be causing the crash on sparc systems. I added the following line to util/tinyxml.cpp in the method TiXmlNode::~TiXmlNode()

   while ( node )
      temp = node;
      node = node->next;
+     fprintf(stderr, "delete : %s\n", temp->Value());
      delete temp;

On Solaris sparc, you simply get

   $ yelp
   delete :
And crash...

On Solaris x86 and fedora core 7 you get the following :

   $ yelp
   delete :
   delete : omf
   delete :
   delete : omf

So for each omf file being read, two calls are being made to this destructor :

1. Am I doing the correct thing in printf'ing the Value();, 
   should it not contain a value for all valud TiXmlDocument objects
2. Why is being called twice.

let me know what other details you need or that I can provide in helping to
track this problem down, remember my C++ knowledge is limited.
I am testing version 2.19.91 of yelp and rarian 0.5.8.
Comment 1 Matt Keenan 2007-10-16 08:04:34 UTC
Created attachment 12074 [details] [review]
Fix crash

I've found the issue, and to be honest I'm amazed this is not a problem on x86
architecture's aswell :) (something to do with the number of registers).

This is a memory clobbering bug, where a function to allocate a structure is
indeed allocating the structure but not actually returning the pointer, and 
this the current registry pointer ends up be assigned to variable on the local
side. Problem functions are :

   rarian-reg-full.c : rrn_reg_new_full();
   rarian-reg-utils.c : rrn_reg_new();

Both these functions malloc reg structures but fail to actually return the allocated pointer.

There may be other instances but resolving these two, allows yelp to launch on sparc.
Comment 2 Matt Keenan 2007-10-16 08:55:07 UTC
Created attachment 12075 [details] [review]
Fix Crash Again

Found a few other possible issues so updated patch
Comment 3 Don Scorgie 2007-11-07 14:03:54 UTC
Seems to be my day for fixing silly bugs.  Many thanks for finding it.  Patch has been applied and is in trunk now.  arking as Fixed.

2007-11-07  Don Scorgie  <dscorgie@svn.gnome.org>

	* librarian/rarian-info.c: 
	Fix silly error with iteration taking wrong
	(bug #12279 part 2 - Matt Keenan)
	* librarian/rarian-reg-utils.c: 
	* librarian/rarian-reg-full.c: 
	Fix non-return of structs from _new functions
	(bug #12279 part 1 - Matt Keenan)

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.