[Bug-gnubg] Bug: crash when importing irregular format text after a match started

Daisuke Takahashi Tue, 15 Jul 2014 05:27:07 -0700

Hi,

After starting a new match, gnubg crashes when I attempt to import an 
irregularly formatted text file (e.g., a score at [1]).
ImportMat() (import.c:1177) frees all the lMatch elements (import.c:1184), then 
replaces it by a newly allocated match data and update plGame. But when it 
failed to import a match from the input file, nothing will be allocated and the 
plGame points to the already freed region. The backtrace is attached on this 
mail.
Thank you very much.


Regards,
Daisuke Takahashi

[1] : 
http://www.backgammon.gr.jp/learning/grplayer/GameData/CanneSuperJP_SemifinX22_simple.txt

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: 13 at address: 0x0000000000000000
0x00000001000ef2ab in SetAnnotation (pmr=0x10e911160) at gtkgame.c:1001
1001            if (pl->p == pmr) {
(gdb) bt
#0  0x00000001000ef2ab in SetAnnotation (pmr=0x10e911160) at gtkgame.c:1001
#1  0x000000010013d668 in GTKSetMoveRecord (pmr=0x10e911160) at 
gtkgamelist.c:412
#2  0x00000001000ef20d in GTKThaw () at gtkgame.c:871
#3  0x0000000100075aeb in ImportMatVariation (fp=0x7fff757c8ee0, 
    szFilename=0x10a43cfcb 
"/Users/dtakahashi/Downloads/CanneSuperJP_SemifinX22_simple.txt", 
bgVariation=VARIATION_STANDARD, warned=0) at import.c:1170
#4  0x000000010006bc0f in ImportMat (fp=0x7fff757c8ee0, 
    szFilename=0x10a43cfcb 
"/Users/dtakahashi/Downloads/CanneSuperJP_SemifinX22_simple.txt") at 
import.c:1189
#5  0x000000010006bb4d in CommandImportMat (
    sz=0x10a43cfcb 
"/Users/dtakahashi/Downloads/CanneSuperJP_SemifinX22_simple.txt") at 
import.c:3424
#6  0x000000010004ea1e in HandleCommand (
    sz=0x10a43cfcb 
"/Users/dtakahashi/Downloads/CanneSuperJP_SemifinX22_simple.txt", 
ac=0x1001c8590) at gnubg.c:1266
#7  0x000000010004ea39 in HandleCommand (sz=0x10a43cfc7 "mat", ac=0x1001cd730)
    at gnubg.c:1270
#8  0x0000000100055378 in ProcessInput (
    sz=0x10a42e7f0 "import mat 
\"/Users/dtakahashi/Downloads/CanneSuperJP_SemifinX22_simple.txt\"") at 
gnubg.c:3669
#9  0x00000001000555c4 in UserCommand (
    szCommand=0x10a4418c0 "import mat 
\"/Users/dtakahashi/Downloads/CanneSuperJP_SemifinX22_simple.txt\"") at 
gnubg.c:3724
#10 0x000000010010bcf2 in do_import_file (import_type=2, 
    fn=0x10a434850 
"/Users/dtakahashi/Downloads/CanneSuperJP_SemifinX22_simple.txt") at 
gtkfile.c:333
#11 0x000000010010b724 in GTKOpen (UNUSED_p=0x103864ad0, UNUSED_n=0, 
    UNUSED_pw=0x0) at gtkfile.c:380
#12 0x0000000100dc1915 in _g_closure_invoke_va ()
#13 0x0000000100dd52c1 in g_signal_emit_valist ()
#14 0x0000000100dd5d96 in g_signal_emit_by_name ()
#15 0x0000000100dc1915 in _g_closure_invoke_va ()
#16 0x0000000100dd52c1 in g_signal_emit_valist ()
---Type <return> to continue, or q <return> to quit---
#17 0x0000000100dd5c7e in g_signal_emit ()
#18 0x00000001004fc2df in gtk_real_button_released ()
#19 0x0000000100dc1915 in _g_closure_invoke_va ()
#20 0x0000000100dd52c1 in g_signal_emit_valist ()
#21 0x0000000100dd5c7e in g_signal_emit ()
#22 0x00000001004fc08e in gtk_button_button_release ()
#23 0x000000010059294a in _gtk_marshal_BOOLEAN__BOXED ()
#24 0x0000000100dc16d3 in g_closure_invoke ()
#25 0x0000000100dd4b5f in signal_emit_unlocked_R ()
#26 0x0000000100dd5910 in g_signal_emit_valist ()
#27 0x0000000100dd5c7e in g_signal_emit ()
#28 0x000000010068a549 in gtk_widget_event_internal ()
#29 0x0000000100590be8 in gtk_propagate_event ()
#30 0x000000010059085c in gtk_main_do_event ()
#31 0x0000000100923313 in gdk_event_dispatch ()
#32 0x0000000100e3376a in g_main_context_dispatch ()
#33 0x0000000100e33a46 in g_main_context_iterate ()
#34 0x0000000100e33c8e in g_main_loop_run ()
#35 0x00000001005901e1 in gtk_main ()
#36 0x00000001000f51af in RunGTK (pwSplash=0x0, commands=0x0, 
python_script=0x0, 
    match=0x0) at gtkgame.c:4038
#37 0x0000000100056c3f in main (argc=1, argv=0x7fff5fbffaf8) at gnubg.c:4825

(gdb) p plGame
$7 = (listOLD *) 0x10e939470
(gdb) p *plGame
$8 = {plPrev = 0x3000000010e90ebe, plNext = 0xb000000010e9003e, p = 0x2}
(gdb) p plLastMove 
$9 = (listOLD *) 0x10a421180
(gdb) p *plLastMove 
$10 = {plPrev = 0x5000000000000001, plNext = 0x1008f5a62, p = 0x10e911160}
(gdb) p lMatch
$11 = {plPrev = 0x10024a458, plNext = 0x10024a458, p = 0x0}
(gdb) p pl
$14 = (listOLD *) 0xb000000010e9003e

_______________________________________________
Bug-gnubg mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-gnubg

[Bug-gnubg] Bug: crash when importing irregular format text after a match started

Reply via email to