Textedit: Destroy keyboard when not used

[brianwatling]

nk_console_textedit_button_back_click calls nk_console_free_children on button->parent which by definition frees the button itself. When this is invoked nk_console_button_render then proceeds to do postprocessing for disabled and up/down/tooltip on the deleted button and triggers a use after free crash. Instead the button should queue itself to be deleted in another phase or some other solution should be found.

I first noticed the crash in a debug build of my own project - I use mimalloc which can detect some use-after-free bugs in debug mode. Running the demo with ASAN confirmed the root cause and gave the (trimmed) trace below.

$ ./nuklear_console_demo_sdl 
=================================================================
==78974==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d00010fdac at pc 0x5ddbc8dd3c5d bp 0x7ffc5dafa9b0 sp 0x7ffc5dafa9a0
READ of size 4 at 0x60d00010fdac thread T0
    #0 0x5ddbc8dd3c5c in nk_console_button_render (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x454c5c)
    #1 0x5ddbc8de4950 in nk_console_row_render (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x465950)
    #2 0x5ddbc8dfc203 in nk_console_render (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x47d203)
    #3 0x5ddbc8dfbe9f in nk_console_render (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x47ce9f)
    #4 0x5ddbc8e023e6 in nuklear_console_demo_render (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x4833e6)
    #5 0x5ddbc8e02fb2 in main (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x483fb2)
    #6 0x73b7b7429d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #7 0x73b7b7429e3f in __libc_start_main_impl ../csu/libc-start.c:392
    #8 0x5ddbc8bfbbe4 in _start (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x27cbe4)

0x60d00010fdac is located 28 bytes inside of 144-byte region [0x60d00010fd90,0x60d00010fe20)
freed by thread T0 here:
    #0 0x73b7b80be470 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
    #1 0x5ddbc8c103a6 in nk_mfree (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x2913a6)
    #2 0x5ddbc8dfc8df in nk_console_mfree (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x47d8df)
    #3 0x5ddbc8dfd91a in nk_console_free (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x47e91a)
    #4 0x5ddbc8dfddd5 in nk_console_free_children (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x47edd5)
    #5 0x5ddbc8dfd907 in nk_console_free (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x47e907)
    #6 0x5ddbc8dfddd5 in nk_console_free_children (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x47edd5)
    #7 0x5ddbc8de59ee in nk_console_textedit_button_back_click (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x4669ee)
    #8 0x5ddbc8df7264 in nk_console_trigger_event (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x478264)
    #9 0x5ddbc8dd3bc6 in nk_console_button_render (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x454bc6)
    #10 0x5ddbc8de4950 in nk_console_row_render (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x465950)
    #11 0x5ddbc8dfc203 in nk_console_render (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x47d203)
    #12 0x5ddbc8dfbe9f in nk_console_render (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x47ce9f)
    #13 0x5ddbc8e023e6 in nuklear_console_demo_render (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x4833e6)
    #14 0x5ddbc8e02fb2 in main (nuklear_console/demo/sdl_renderer/nuklear_console_demo_sdl+0x483fb2)
    #15 0x73b7b7429d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

[RobLoach]

Saw some of that with the cvector reallocs. https://github.com/RobLoach/nuklear_console/pull/73 may help some. Definitely need a way to defer the destruction of the keyboard. Or maybe just not destroy the keyboard at all.