search

h1aji / chmsee

CHM viewer
GNU General Public License v2.0
1 stars 1 forks source link

Random crashes creating chmsee_bookinfo #86

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Platform: Ubuntu 10.04 Lucid
Software version: git 4a3b7fe80cb625c5467635e82b1f0de576424a17 (2010-06-12)

chmsee randomly crashes creating the chmsee_bookinfo in the cache, with a 
variety of error messages.

I think in src/models/chmfile.c in save_bookinfo(), this line may be returning 
something bad:
  CsChmfilePrivate *priv = CS_CHMFILE_GET_PRIVATE (self);

Right after that line, doing a
  printf("priv->hhc: %s", priv->hhc);
can display garbage, such as
  priv->hhc: @¦
or
  priv->hhc: 8¾0

The 'keyfile' variable later in save_bookinfo can seem to contain garbage as 
well. When it does
  g_key_file_set_string(keyfile, "Bookinfo", "hhc", priv->hhc);
it crashes.

The problem can be reproduced, with the above chmsee version from git, by doing 
the following:

$ wget http://www.innovasys.com/products/ce/examples/realworld.zip
$ unzip realworld.zip

# Then run this command repeatedly to delete your chmsee cache and load the chm 
file:
$ rm ~/.chmsee -rf ; chmsee RealWorld.chm

It may take 10-15 runs to produce the various kinds of error output. The 
crashes and incorrect behavior seem to occur randomly.

Two kinds of things happen:

(1) Crashes, such as these three kinds:

*** glibc detected *** chmsee: corrupted double-linked list: 0x0a325d70 ***

*** glibc detected *** chmsee: double free or corruption (fasttop): 0x08c12a38 
***

*** glibc detected *** chmsee: malloc(): smallbin double linked list corrupted: 
0x0894d630 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b591)[0xcb3591]
/lib/tls/i686/cmov/libc.so.6(+0x6e710)[0xcb6710]
/lib/tls/i686/cmov/libc.so.6(__libc_malloc+0x5c)[0xcb7f9c]
/lib/libglib-2.0.so.0(g_malloc+0x34)[0x914244]
/lib/libglib-2.0.so.0(+0x33d62)[0x903d62]
/lib/libglib-2.0.so.0(g_key_file_set_string+0x3f)[0x9048bf]
chmsee[0x8063049]
chmsee(cs_chmfile_new+0x724)[0x8063924]
chmsee(chmsee_open_file+0xb2)[0x8052b92]
chmsee(main+0x27f)[0x805257f]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xc5ebd6]
chmsee[0x8051d11]

(2) Incorrect behavior building the cache file 
.chmsee/bookshelf/545b30e6806afab2a8c1e34f61a8ca72/chmsee_bookinfo.

Only some of the help file is shown, and the Index tab and sometimes Topics tab 
is missing.

Output appears such as one of these five examples:

I/O warning : failed to load external entity 
".../.chmsee/bookshelf/545b30e6806afab2a8c1e34f61a8ca72/@"

I/O warning : failed to load external entity 
".../.chmsee/bookshelf/545b30e6806afab2a8c1e34f61a8ca72/usr/lib/gconv"
I/O error : Is a directory
I/O error : Is a directory

I/O warning : failed to load external entity 
".../.chmsee/bookshelf/545b30e6806afab2a8c1e34f61a8ca72/usr/lib/gconv"

I/O warning : failed to load external entity 
".../.chmsee/bookshelf/545b30e6806afab2a8c1e34f61a8ca72/�ū   ���   xu�   pv
� ���   "
I/O error : Is a directory
I/O error : Is a directory

I/O warning : failed to load external entity 
".../.chmsee/bookshelf/545b30e6806afab2a8c1e34f61a8ca72/usr/lib/gconv/ISO8859-1.
so"
I/O warning : failed to load external entity 
".../.chmsee/bookshelf/545b30e6806afab2a8c1e34f61a8ca72/usr/lib/gconv"

And it is accompanied by either:

(chmsee:3107): Gtk-CRITICAL **: gtk_recent_manager_add_full: assertion `uri != 
NULL' failed
Index tab missing
or
(chmsee:3423): Gtk-CRITICAL **: gtk_recent_manager_add_full: assertion `uri != 
NULL' failed
Topics tab empty, Index tab missing

A result of both (1) and (2) is that the next time chmsee is run with the same 
.chm file, it displays "(null)" in the title bar, and blank side and main panes.
Choosing Edit > Preferences, and clicking Clear gives the user another chance 
to open the same .chm file and try building the cache again, with or without 
the random problem occurring.

Original issue reported on code.google.com by strobert@gmail.com on 16 Jun 2010 at 11:45

GoogleCodeExporter commented 8 years ago 
I looked into this some and here's some more information.

In chmfile.c check_file_ncase(), path and priv->hhc point to the same thing, 
and a line does
  g_free(path);
So now various effects can happen depending on who allocates the unallocated 
memory that priv->hhc is still pointing to.

When check_file_ncase does
  path = g_path_get_basename(found);
I suspect it just happens to work by allocating memory in the right place most 
of the time.

Later the function gets entered again, probably for priv->hhk.

Both of priv->hhc and priv->hhk can get corrupted.

Original comment by strobert@gmail.com on 17 Jun 2010 at 8:40

GoogleCodeExporter commented 8 years ago 
It seems the g_path_get_basename() function's behavior is not like what it said 
in the glib document.
So I add a g_strdup() to copy it's value before return to check_file_ncase(). 

The bugfix has been committed to github, please test it again. Thank you!

Original comment by jungl...@gmail.com on 21 Jun 2010 at 7:50

GoogleCodeExporter commented 8 years ago 
Great; thanks! I confirm that this bug is fixed in git 
a5be08a2b5f117ad156f5eac09ff593da6d1489b 2010-06-21, in both Ubuntu 10.04 Lucid 
and 9.10 Karmic.

Original comment by strobert@gmail.com on 24 Jun 2010 at 7:45

GoogleCodeExporter commented 8 years ago

Original comment by jungl...@gmail.com on 28 Jun 2010 at 8:23