[PD-dev] [ pure-data-Bugs-1518030 ] subpatch clearing itself crashes Pd
SourceForge.net
noreply at sourceforge.net
Sat Feb 10 19:45:42 CET 2007
Bugs item #1518030, was opened at 2006-07-06 11:54
Message generated for change (Comment added) made by sistisette
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=478070&aid=1518030&group_id=55736
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: puredata
Group: v0.40.1
Status: Open
Resolution: None
Priority: 7
Private: No
Submitted By: ClaudiusMaximus (claudiusmaximus)
Assigned to: Miller Puckette (millerpuckette)
Summary: subpatch clearing itself crashes Pd
Initial Comment:
Tested on Linux with pd-0.39-2 from Miller's site.
Steps to reproduce:
start pd
load the patch attached to this post
click the bng
close the patch
load the patch again
click the bng
=> crash
OR
start pd
load the patch
open the subpatch
(optionally: close the subpatch)
click the bng
=> crash
Here's a gdb backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 27794)]
pd_bang (x=0x11) at m_pd.c:269
269 m_pd.c: No such file or directory.
in m_pd.c
(gdb) where
#0 pd_bang (x=0x11) at m_pd.c:269
#1 0x0808a61b in outlet_bang (x=0x3) at m_obj.c:328
#2 0x080765ad in bng_bout2 (x=0x81f2790) at g_bang.c:294
#3 0x080767f6 in bng_newclick (z=0x11,
glist=0x81f2338, xpix=74, ypix=70,
shift=0, alt=0, dbl=0, doit=1) at g_bang.c:343
#4 0x0806e907 in gobj_click (x=0x0, glist=0x11,
xpix=17, ypix=17, shift=17,
alt=17, dbl=17, doit=17) at g_editor.c:92
#5 0x0805b557 in graph_click (z=0x81f2338, glist=0x11,
xpix=74, ypix=70,
shift=0, alt=0, dbl=17, doit=1) at g_graph.c:1059
#6 0x0806e907 in gobj_click (x=0x0, glist=0x11,
xpix=17, ypix=17, shift=17,
alt=17, dbl=17, doit=17) at g_editor.c:92
#7 0x08070a97 in canvas_doclick (x=0x81ecd08, xpos=74,
ypos=70, which=1,
mod=0, doit=1) at g_editor.c:1094
#8 0x0807119d in canvas_mousedown (x=0x11, xpos=0,
ypos=0, which=0, mod=0)
at g_editor.c:1252
#9 0x08089789 in pd_typedmess (x=0x81ecd08, s=0x0,
argc=0, argv=0x80cf488)
at m_class.c:728
#10 0x08089665 in pd_typedmess (x=0x81f25f8, s=0x0,
argc=4, argv=0x80cf468)
at m_class.c:749
#11 0x0808c32f in binbuf_eval (x=0x11,
target=0x81f25f8, argc=0, argv=0x0)
at m_binbuf.c:574
#12 0x08091fdf in socketreceiver_read (x=0x81ec2f0,
fd=7) at s_inter.c:540
#13 0x0809180f in sys_domicrosleep (microsec=17,
pollem=1) at s_inter.c:180
#14 0x08092660 in sys_pollgui () at s_inter.c:823
#15 0x0808fe5b in m_scheduler () at m_sched.c:466
#16 0x08095b1b in main (argc=17, argv=0x11) at s_entry.c:27
----------------------------------------------------------------------
Comment By: Matteo Sisti Sette (sistisette)
Date: 2007-02-10 19:45
Message:
Logged In: YES
user_id=1709568
Originator: NO
Just another example that triggers the same bug (dunnow why I can't attach
a file so I "transcribe" it here):
[bng]
|
[f 0]
|
[find f, cut(
|
[s pd-thisFile'sName.pd]
I don't agree with zmoelnig in that it is not a bug.
Calling functions and stacks are implementation details the patch author
shouldn't need to be aware of.
What the patch is doing is deleting an object. The message causing the
deletion was triggered by (a message that was triggered by[...]) that
object, so what?
There's nothing semantically incorrect in doing that.
----------------------------------------------------------------------
Comment By: ClaudiusMaximus (claudiusmaximus)
Date: 2006-10-18 18:30
Message:
Logged In: YES
user_id=769033
Some comments about pd-0.40-1 from Miller's site:
1. Start pd, load gop-subpatch-self-clear-crash.pd, click
bang => no crash, subpatch is cleared correctly
2. Start pd, load gop-subpatch-self-clear-crash.pd, open
subpatch, click bang => crash:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1211095376 (LWP 13534)]
pd_bang (x=0x11) at m_pd.c:269
269 (*(*x)->c_bangmethod)(x);
(gdb) bt
#0 pd_bang (x=0x11) at m_pd.c:269
#1 0x080aa8eb in outlet_bang (x=0x82371f8) at m_obj.c:328
#2 0x0808f101 in bng_newclick (z=0x82415c8,
glist=0x8241200, xpix=136,
ypix=139, shift=0, alt=0, dbl=0, doit=1) at g_bang.c:294
#3 0x0808a36a in canvas_doclick (x=0x8241200, xpos=136,
ypos=139, which=1,
mod=0, doit=1) at g_editor.c:92
#4 0x0808b14b in canvas_mousedown (x=0x8241200, xpos=136,
ypos=139, which=1,
mod=0) at g_editor.c:1242
#5 0x080a79c5 in pd_typedmess (x=0x8241200, s=0x822ac40,
argc=4,
argv=0x811a928) at m_class.c:728
#6 0x080a7632 in pd_typedmess (x=0x8241418, s=0x822ac40,
argc=<value optimized out>, argv=0x811a928) at m_class.c:749
#7 0x080abba4 in binbuf_eval (x=0x82366e0, target=<value
optimized out>,
argc=0, argv=0x0) at m_binbuf.c:673
#8 0x080b94be in socketreceiver_read (x=0x8236700, fd=8) at
s_inter.c:540
#9 0x080b693e in sys_domicrosleep (microsec=<value
optimized out>,
pollem=<value optimized out>) at s_inter.c:180
#10 0x080b7967 in sys_pollgui () at s_inter.c:825
#11 0x080b2f53 in m_scheduler () at m_sched.c:466
#12 0x080b651a in sys_main (argc=1, argv=0xbfcbb4a4) at
s_main.c:316
#13 0x080bf7cf in main (argc=136563232, argv=0x8242b00) at
s_entry.c:27
3. Start pd, load gop-subpatch-self-clear-crash.pd, open
subpatch, close subpatch, click bang => crash
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210849616 (LWP 13563)]
pd_bang (x=0x11) at m_pd.c:269
269 (*(*x)->c_bangmethod)(x);
(gdb) bt
#0 pd_bang (x=0x11) at m_pd.c:269
#1 0x080aa8eb in outlet_bang (x=0x82373c0) at m_obj.c:328
#2 0x0808f101 in bng_newclick (z=0x823cbc0,
glist=0x8237230, xpix=72,
ypix=70, shift=0, alt=0, dbl=0, doit=1) at g_bang.c:294
#3 0x0805be1a in graph_click (z=0x8237230, glist=0x8237090,
xpix=72, ypix=70,
shift=0, alt=0, dbl=0, doit=1) at g_graph.c:1052
#4 0x0808a36a in canvas_doclick (x=0x8237090, xpos=72,
ypos=70, which=1,
mod=0, doit=1) at g_editor.c:92
#5 0x0808b14b in canvas_mousedown (x=0x8237090, xpos=72,
ypos=70, which=1,
mod=0) at g_editor.c:1242
#6 0x080a79c5 in pd_typedmess (x=0x8237090, s=0x822ac40,
argc=4,
argv=0x811a928) at m_class.c:728
#7 0x080a7632 in pd_typedmess (x=0x823ca28, s=0x822ac40,
argc=<value optimized out>, argv=0x811a928) at m_class.c:749
#8 0x080abba4 in binbuf_eval (x=0x82366e0, target=<value
optimized out>,
argc=0, argv=0x0) at m_binbuf.c:673
#9 0x080b94be in socketreceiver_read (x=0x8236700, fd=8) at
s_inter.c:540
#10 0x080b693e in sys_domicrosleep (microsec=<value
optimized out>,
pollem=<value optimized out>) at s_inter.c:180
#11 0x080b7967 in sys_pollgui () at s_inter.c:825
#12 0x080b2f53 in m_scheduler () at m_sched.c:466
#13 0x080b651a in sys_main (argc=1, argv=0xbfeee6d4) at
s_main.c:316
#14 0x080bf7cf in main (argc=136541136, argv=0x823e958) at
s_entry.c:27
4. Start pd, load crash-1518030.pd, click "bang" => crash:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210677584 (LWP 13575)]
pd_bang (x=0x11) at m_pd.c:269
269 (*(*x)->c_bangmethod)(x);
(gdb) bt
#0 pd_bang (x=0x11) at m_pd.c:269
#1 0x080aa8eb in outlet_bang (x=0x8237408) at m_obj.c:328
#2 0x080aa8eb in outlet_bang (x=0x82373d0) at m_obj.c:328
#3 0x080aa8eb in outlet_bang (x=0x823cce0) at m_obj.c:328
#4 0x080a77a1 in pd_typedmess (x=0x823cccc, s=0x8119364,
argc=0,
argv=0x811a950) at m_class.c:641
#5 0x080abba4 in binbuf_eval (x=0x823cc68, target=<value
optimized out>,
argc=1, argv=0xbfa50e8c) at m_binbuf.c:673
#6 0x0805f46d in message_click (x=0x823ccb0, xpos=91,
ypos=65, shift=0,
ctrl=0, alt=0) at g_text.c:300
#7 0x08063721 in text_click (z=0x823ccb0, glist=0x8237080,
xpix=91, ypix=65,
shift=0, alt=0, dbl=0, doit=1) at g_text.c:1065
#8 0x0808a36a in canvas_doclick (x=0x8237080, xpos=91,
ypos=65, which=1,
mod=0, doit=1) at g_editor.c:92
#9 0x0808b14b in canvas_mousedown (x=0x8237080, xpos=91,
ypos=65, which=1,
mod=0) at g_editor.c:1242
#10 0x080a79c5 in pd_typedmess (x=0x8237080, s=0x822ac40,
argc=4,
argv=0x811a928) at m_class.c:728
#11 0x080a7632 in pd_typedmess (x=0x823ca28, s=0x822ac40,
argc=<value optimized out>, argv=0x811a928) at m_class.c:749
#12 0x080abba4 in binbuf_eval (x=0x82366e0, target=<value
optimized out>,
argc=0, argv=0x0) at m_binbuf.c:673
#13 0x080b94be in socketreceiver_read (x=0x8236700, fd=8) at
s_inter.c:540
#14 0x080b693e in sys_domicrosleep (microsec=<value
optimized out>,
pollem=<value optimized out>) at s_inter.c:180
#15 0x080b7967 in sys_pollgui () at s_inter.c:825
#16 0x080b2f53 in m_scheduler () at m_sched.c:466
#17 0x080b651a in sys_main (argc=1, argv=0xbfa52a44) at
s_main.c:316
#18 0x080bf7cf in main (argc=0, argv=0x0) at s_entry.c:27
----------------------------------------------------------------------
Comment By: IOhannes m zmölnig (zmoelnig)
Date: 2006-10-10 17:13
Message:
Logged In: YES
user_id=564396
the really interesting thing here, is that your patch will
not crash when you only click on the [bng] once. you have to
follow the steps as described.
i add another patch that triggers the crash reliable and
without the complicated procedure (just click it and crash it)
raised priority, since crashers should be fixed.
----------------------------------------------------------------------
Comment By: IOhannes m zmölnig (zmoelnig)
Date: 2006-07-06 20:48
Message:
Logged In: YES
user_id=564396
this has nothing to do with GOP, therefore i renamed the
bug-report.
what happens: an object emits a message; the calling
function is pushed to the stack; the message triggers the
deletion of the object; after the message is done, the
calling function (of the now deleted object) is popped back
from the stack: but alas! the entire environment has changed
and nothing is as it should be....stack corruption -> crash.
personally i think, that this is NOT a bug in pd but rather
a bug in the patch (but i am repeating myself...)
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=478070&aid=1518030&group_id=55736
More information about the Pd-dev
mailing list