Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[ken]

OK, we knew there was a crashing bug lurking in wxMac's unicode support and I hit it.  Here's a partial backtrace (I've removed parts that are clearly unimportant):

Code: [Select]

Program received signal EXC_BAD_ACCESS, Could not access memory.
0xffff8cc0 in __memcpy ()
(gdb) bt
#0  0xffff8cc0 in __memcpy ()
#1  0x901952d0 in __CFStringCreateImmutableFunnel3 ()
#2  0x901adf48 in CFStringCreateWithCharacters ()
#3  0x002d13b8 in wxMacCFStringHolder::Assign(wxString const&, wxFontEncoding) (this=0xbfffe5b0, st=@0xbd45ab4, encoding=wxFONTENCODING_DEFAULT) at ../wxWidgets/src/mac/corefoundation/cfstring.cpp:645
#4  0x0062e018 in wxMacCFStringHolder::wxMacCFStringHolder(wxString const&, wxFontEncoding) (this=0xbfffe5b0, str=@0xbd45ab4, encoding=wxFONTENCODING_DEFAULT) at ../wxWidgets/include/wx/mac/corefoundation/cfstring.h:45
#5  0x0062d8e4 in wxMacCFStringHolder::wxMacCFStringHolder(wxString const&, wxFontEncoding) (this=0xbfffe5b0, str=@0xbd45ab4, encoding=wxFONTENCODING_DEFAULT) at ../wxWidgets/include/wx/mac/corefoundation/cfstring.h:46
#6  0x002941f0 in wxStaticText::SetLabel(wxString const&) (this=0xbd45940, st=@0xbfffe640) at ../wxWidgets/src/mac/carbon/stattext.cpp:94
#7  0x00158264 in CamuleDlg::AddLogLine(bool, wxString const&) (this=0x903c000, addtostatusbar=true, line=@0xbfffe87c) at amuleDlg.cpp:517
Some poking around at data:

Code: [Select]

(gdb) frame 3
#3  0x002d13b8 in wxMacCFStringHolder::Assign(wxString const&, wxFontEncoding) (this=0xbfffe5b0, st=@0xbd45ab4, encoding=wxFONTENCODING_DEFAULT) at ../wxWidgets/src/mac/corefoundation/cfstring.cpp:645
645         m_cfs = CFStringCreateWithCharacters( kCFAllocatorDefault ,
(gdb) list
640     #else
641         wxMBConvUTF16BE converter ;
642         size_t unicharlen = converter.WC2MB( NULL , str.wc_str() , 0 ) ;
643         UniChar *unibuf = new UniChar[ unicharlen / sizeof(UniChar) + 1 ] ;
644         converter.WC2MB( (char*)unibuf , str.wc_str() , unicharlen ) ;
645         m_cfs = CFStringCreateWithCharacters( kCFAllocatorDefault ,
646             unibuf , unicharlen / sizeof(UniChar) ) ;
647         delete[] unibuf ;
648     #endif
649     #else // not wxUSE_UNICODE
(gdb) print (long)unicharlen
$2 = -1
(gdb) print str
$3 = {
  = {
    static npos = 4294967295,
    m_pchData = 0xb7d66ec
  }, }
(gdb) print str.GetStringData()
$4 = (wxStringData *) 0xb7d66e0
(gdb) print *$4
$5 = {
  nRefs = 0,
  nDataLength = 0,
  nAllocLength = 10
}
(gdb) print (char[10])str.m_pchData
$6 = "\v}f?????\000T"
(gdb) print (wchar_t[10])str.m_pchData
$7 = {192767724, -1, 5512476, 1, 8512400, 4841728, -1073748576, 0, -1, 192551136}
(gdb) print str.wc_str()
$8 = (const wxChar *) 0xb7d66ec
(gdb) print (*$8)@10
$9 = {1, 12, 19, 101, 77, 117, 108, 101, 32, 118}
(gdb) print str.c_str()
$11 = (const wxChar *) 0xb7d66ec
(gdb) print unibuf
$12 = (UniChar *) 0xb7a18e0
(gdb) print unicharlen / sizeof(UniChar) + 1
$13 = 2147483648
It looks like the fix might be as simple as failing out when unicharlen == -1.  Although I'm not sure that wc_str() is returning an array with sensible values.  I suppose we should actually fail out when str.IsEmpty() before ever invoking the converter.  I just tested to make sure I was interpreting the wxStringData correctly:

Code: [Select]

(gdb) print str.IsEmpty()
$16 = trueYup, it's empty.  I'm off to submit a patch to wxMac.

[ken]

Hmm.  Or maybe the bug is that str.wc_str() isn't terminated like it should be.  Surely, str.c_str() has to be NUL-terminated, but I don't know if the same applies to wc_str().

[Kry]

And this discussion continued on irc for hours...

[ken]

Hey, I'm a great conversationalist.  I just can't resist talking to myself.  I find myself fascinating.  :O

Anyway, I've submitted a patch to the wxWidgets folks.  I'll attach it here for lionel77 to use to build a new binary.    Thanks, lionel77!

[lionel77]

Originally posted by ken
Anyway, I've submitted a patch to the wxWidgets folks.  I'll attach it here for lionel77 to use to build a new binary.    Thanks, lionel77!

you bet...
thank you so much for fixing yet another wx bug.

damn, if i could only get you a high id for your client, then you could also take a look at the download connection problem...

[dashaund]

While I'm not a developer, I would also like to say thanks for the hard work you guys are putting in.  You don't get paid and do this stuff in your spare time.  So even if you feel like your work is in vain and the end users only b**** and complain about their small quirks, you've atleast got one user who appreciates the effort.

[ken]

I'm glad to help.  Thanks for the appreciative words.  

Unfortunately, the wxWidgets folks rightfully pointed out that my patch really just masks a more fundamental problem.  Either because of a memory corruption problem or a bug in wxString, the wxString object is malformed.  The real solution lies in finding and eliminating the cause of this.

For that reason, 1) they won't apply my patch, and 2) it's probably best that we not apply the patch.  Instead, we should try to hunt down the source of the problem.

Since we are only seeing this with unicode enabled, and it doesn't cause random crashes but very specific crashes, I don't believe it is a general memory corruption bug.  I'm considering adding a bunch of calls to validate the string data at the beginning and end of every wxString function.

I suppose the other thing that people could try is issuing the command "set env DYLD_IMAGE_SUFFIX _debug" to gdb before the "run" command.  This will cause aMule to use the debug versions of the system framework libraries, which do more argument validation than the non-debug versions.  Since wxString in wxMac is a wrapper around the Core Foundation CFString library, it might be useful to have those extra validations turned on.

[Kry]

But why only on Mac? This HAS to be wxMac-related.

[sssnake]

Can I help you with something? I have OS X 10.3.8 german and have been running amule from CVS regularly in 2005 and never had a crash in this direction. my wxWidgets version is from CVS around beginning of 2005. So does that mean, the bug is a new one (then, it would be interesting to see since when) or simply that I'm not vulnrable to this unicode stuff (which I doubt)...
sssnake

[ken]

Kry, it might not be wxMac related.  Just as my earlier attempt at a patch would have masked the problem, wxWidgets on non-Mac platforms may be masking the issue, too.  In fact, I've found a couple of bugs in wxString that are likely to contribute to this and the bugs are platform-independent.  I'll submit a patch to wxWidgets in a bit.

sssnake, the problem afflicts wxMac configured with --enable-unicode.  To encounter it you would either have to compile with that flag or use the binary that lionel77 has made available.

[ken]

Well, as promised, I've submitted several patches to wxWidgets centering around wxString.  None of them are wxMac-specific.  I don't yet know if any of them fixed this crash.  I'll have to let aMule run for a long while to find out, but that won't be until the weekend.

Adventurous souls can apply the patches themselves and test.  See: here, here, here, and here.  Download the attached patch files and apply each with:

cd /path/to/wxWidgets
patch -p0
Then rebuild wxMac, rebuild aMule, and test.