On Fri, Jan 15, 2016 at 02:43:42PM -0200, Tomaz Canabrava wrote: > This seems... Unlikely? > If the model row is < than the pinfo.nr, things should always point to a > safe memory zone.
Well, three different people have now created more or less identical stack traces from crashes. Unlikely or not, that's what's happening. The memcpy crashes because pInfo.entry[index.row()] is pointing at invalid addresses. I can reproduce this, but not under the debugger (my guess is that the debugger keeps the freed memory around and therefore I don't get the crash). /D > Em 15 de jan de 2016 11:05, "Dirk Hohndel" <[email protected]> escreveu: > > > On Fri, Jan 15, 2016 at 12:22:30PM +0200, Miika Turkia wrote: > > > > > > Well, it seems that the libs on the debug apk are stripped, so I fail > > > to get more exact information out of this (first time trying to dig > > > into tombstone, so that might affect the results as well). Anyway, > > > hopefully the following back trace will give others some more info on > > > the crash. At least the functions in question can be seen. > > > ---8<--- > > > ********** Crash dump: ********** > > > Build fingerprint: > > > 'Wileyfox/Swift/crackling:5.1.1/LMY49F/877353b5ea:userdebug/test-keys' > > > pid: 6293, tid: 6319, name: QtThread >>> org.subsurfacedivelog.mobile > > <<< > > > signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xf035f188 > > > Stack frame #00 pc 0000fadc /system/lib/libc.so (memcpy+96) > > > Stack frame #01 pc 000e730f > > > /data/app/org.subsurfacedivelog.mobile-2/lib/arm/libsubsurface-mobile.so > > > (DivePlotDataModel::data(QModelIndex const&, int) const+54) > > > Stack frame #02 pc 000d6275 > > > /data/app/org.subsurfacedivelog.mobile-2/lib/arm/libsubsurface-mobile.so > > > (DiveProfileItem::paint(QPainter*, QStyleOptionGraphicsItem const*, > > > QWidget*)+336) > > > Stack frame #03 pc 00235d53 > > > > Yes, I was able to reproduce this (with some effort) on a desktop system, > > but only if NOT running under a debugger. Nice. What is happening is that > > in diveplotdatamodel.cpp we do this > > > > QVariant DivePlotDataModel::data(const QModelIndex &index, int role) const > > { > > if ((!index.isValid()) || (index.row() >= pInfo.nr)) > > return QVariant(); > > > > plot_data item = pInfo.entry[index.row()]; > > > > And that copy operation above causes memcpy to crash. > > > > What I haven't quite figured out, yet, is why... > > > > /D > > _______________________________________________ > > subsurface mailing list > > [email protected] > > http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface > > _______________________________________________ subsurface mailing list [email protected] http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
