Le 12/09/2016 à 19:35, Enrico Forestieri a écrit :
On Mon, Sep 12, 2016 at 05:01:33AM +0200, Enrico Forestieri wrote:
You can spare your time as I think I found the problem. The patch simply
uncovered a latent bug. The crash only occurs when there is a user
defined math macro. In this case, d->macro_->symbol() may return bogus
values. For a user defined macro it should always return a null pointer,
but for unknown reasons it sometimes returns strange values, which are
clearly bogus and cause a crash when dereferenced.
I did not succeed in understanding why this occurs.
I have found that this occurs because of some missing metric updates.
The attached alternative patch covers all cases except one. This is the
case in which user defined math macros are present _and_ instant preview
is active. I did not find a solution for this case, so the previous patch
is better. However, there are other cases in the sources in which the
sym_ member of MacroData (the one returned by d->macro_->symbol()) is
used. In these cases it is accessed only after checking that it is not
null, but, as this case shows, this does not gaurantee that it is usable
and a crash would occur. However, these cases are mainly related to the
xhtml output, so they are not as frequent, possibly.
Hi Enrico, thanks for looking into it. These macros truly look like a
mine field. Unfortunately it still segfaults (though with a different
backtrace). I did not have the time to build a test case today.
#0 lyx::operator== (
l=<error reading variable: Cannot access memory at address
0x7fff00000069>,
r=r@entry=0xd96a52 "textmode") at
../../../src/support/docstring.cpp:175
#1 0x000000000085ae8b in lyx::MathMacro::write (this=0x319e6d0, os=...)
at ../../src/mathed/MathMacro.cpp:933
#2 0x0000000000846850 in lyx::write (dat=..., wi=...)
at ../../src/mathed/MathExtern.cpp:1407
#3 0x00000000008857a5 in lyx::operator<< (ws=..., ar=...)
at ../../src/mathed/MathStream.cpp:206
#4 0x000000000082dbcf in lyx::InsetMathScript::write (this=0x319e540,
os=...)
at ../../src/mathed/InsetMathScript.cpp:508
#5 0x0000000000846850 in lyx::write (dat=..., wi=...)
at ../../src/mathed/MathExtern.cpp:1407
#6 0x00000000008857a5 in lyx::operator<< (ws=..., ar=...)
at ../../src/mathed/MathStream.cpp:206
#7 0x00000000008aa82a in lyx::InsetMathGrid::write
(this=this@entry=0x31a3590,
os=..., beg_row=beg_row@entry=0, beg_col=beg_col@entry=0,
end_row=<optimized out>, end_col=end_col@entry=4)
at ../../src/mathed/InsetMathGrid.cpp:1310
#8 0x00000000008aace1 in lyx::InsetMathGrid::write
(this=this@entry=0x31a3590,
os=...) at ../../src/mathed/InsetMathGrid.cpp:1263
#9 0x00000000008d023b in lyx::InsetMathXYMatrix::write (this=0x31a3590,
os=...)
at ../../src/mathed/InsetMathXYMatrix.cpp:88
#10 0x0000000000846850 in lyx::write (dat=..., wi=...)
at ../../src/mathed/MathExtern.cpp:1407
#11 0x00000000008857a5 in lyx::operator<< (ws=..., ar=...)
at ../../src/mathed/MathStream.cpp:206
#12 0x0000000000807042 in lyx::InsetMathHull::plaintext (this=0x3197d80,
os=..., op=..., max_length=<optimized out>)
at ../../src/mathed/InsetMathHull.cpp:2236
#13 0x00000000008056a0 in lyx::InsetMathHull::forOutliner (this=0x3197d80,
os=L"") at ../../src/mathed/InsetMathHull.cpp:2570
#14 0x00000000006a890e in lyx::Paragraph::forOutliner (this=0x319d500,
os=L"",
maxlen=maxlen@entry=121, shorten=shorten@entry=false)
at ../../src/Paragraph.cpp:3295
#15 0x00000000006f0faa in lyx::Text::forOutliner
(this=this@entry=0x319e108,
os=L"", maxlen=maxlen@entry=120, shorten=shorten@entry=true)
at ../../src/Text.cpp:2054
#16 0x00000000009a9788 in lyx::InsetNote::addToToc (this=0x319e0f0,
cpit=...,
output_active=<optimized out>, utype=lyx::InternalUpdate)
