SIGSEGV on master regarding math completion

Scott Kostyshak skostysh at lyx.org
Thu Jan 27 22:39:20 UTC 2022


On Thu, Jan 27, 2022 at 05:26:33PM +0100, Jean-Marc Lasgouttes wrote:
> Le 10/01/2022 à 03:49, Scott Kostyshak a écrit :
> > To reproduce:
> > 
> > 1. Start a new document.
> > 2. Ctrl + m to start math inset.
> > 3. Type \phantomx<Space>. Note that \phantomx is not a command so don't
> >     expect it to be recognized.
> > 4. Press <Left>, <Backspace>, <Backspace> to delete the "x" and the "m".
> > 5. Type "m" to finish "phantom".
> > 6. Wait for the completion pop-down to appear (this takes a second).
> > 7. Press <Tab>.
> > 
> > I tried to find a more simple recipe to reproduce but could not.
> 
> So, on Ubuntu 20.04, valgrind is more useful. I attache the log below, but
> here is the gist of it:
> 
> 1/ the error
> 
>   ==2557222== Invalid read of size 8
>   ==2557222==    at 0xB3B5C1: lyx::Inset::isBufferValid() const
> (Inset.cpp:230)
>   [...]
>   ==2557222==    by 0xA1382F: lyx::RowPainter::paintInset(lyx::Row::Element
> const&) const (RowPainter.cpp:116)
> 
> Here one can see that the code in devel-mode that paints in red insets that
> do not have a buffer looks at buffer methods. This does not work because...
> 
> 2/ the culprit
> 
> ==2557222==  Address 0xf9e0708 is 8 bytes inside a block of size 32 free'd
> ==2557222==    at 0x483CFBF: operator delete(void*) (in
> /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==2557222==    by 0xA23A6E: lyx::InsetMathChar::~InsetMathChar()
> (InsetMathChar.h:22)
> [...]
> lyx::InsetMathMacro::insertCompletion(lyx::Cursor&,
> std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>,
> std::allocator<wchar_t> > const&, bool) (InsetMathMacro.cpp:1376)
> 
> We are pointing to an inset that has been deleted at completion time.
> 
> 
> 3/ the context
> 
> ==2557222==  Block was alloc'd at
> ==2557222==    at 0x483BE63: operator new(unsigned long) (in
> /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==2557222==    by 0xA22447: lyx::InsetMathChar::clone() const
> (InsetMathChar.cpp:104)
> [...]
> lyx::InsetMathMacro::setDisplayMode(lyx::InsetMathMacro::DisplayMode, int)
> (InsetMathMacro.cpp:825)
> 
> 
> 
> So finally, the MathRow object points to an inset that has been deleted at
> the time of the completion. There should be code somewhere that should
> regenerate the math row. I'll have a look.

Thanks for walking this through! The only part you skipped over is what
did you do during the 20 minutes of wait-time while running with
Valgrind? :)

I do hope to go back to trying Valgrind when I find bugs and I made a
note to study this case when I do.

Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.lyx.org/pipermail/lyx-devel/attachments/20220127/6504eb5e/attachment-0001.asc>


More information about the lyx-devel mailing list