Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[bug #39072] Gorm segfaults trying to rename ImageWindow of LaternaMagica

2 views
Skip to first unread message

Sebastian Reitenbach

unread,
May 26, 2013, 5:23:23 AM5/26/13
to Sebastian Reitenbach, bug-g...@gnu.org
URL:
<http://savannah.gnu.org/bugs/?39072>

Summary: Gorm segfaults trying to rename ImageWindow of
LaternaMagica
Project: GNUstep
Submitted by: buzzdee
Submitted on: Sun 26 May 2013 09:23:22 AM GMT
Category: Gorm
Severity: 4 - Important
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any

_______________________________________________________

Details:

How to reproduce:
* open LaternaMagica interface from GAP in Gorm.
* in Gorms main window in the Objects view, activate the ImageWindow with the
mouse
* activate Gorms menu -> Edit -> Set Name...
* enter a new name, and click the set name button

Backtrace is as follows:

2013-05-26 10:49:08.130 Gorm[27147] the OLD name ImageWindow and its class
name: LMWindow, and cc: {ImageView = LMFlipView; ImageWindow = LMWindow; }
2013-05-26 10:49:08.130 Gorm[27147] className was not NIL

Program received signal SIGSEGV, Segmentation fault.
0x000000020e5645c0 in objc_msgSend_fpret () from
/usr/local/lib/libobjc2.so.1.0
(gdb) bt
#0 0x000000020e5645c0 in objc_msgSend_fpret () from
/usr/local/lib/libobjc2.so.1.0
#1 0x0000000207386aa8 in GSIMapAddPair (map=0x20c502590, key=..., value=...)
at ../Headers/GNUstepBase/GSIMap.h:1087
#2 0x0000000207387952 in -[GSMutableDictionary setObject:forKey:]
(self=0x20c502588,
_cmd=0x206431d70 <.objc_selector_list+4672>, anObject=0x204c67d28,
aKey=0x205114708) at GSDictionary.m:439
#3 0x000000020618592b in -[GormDocument setName:forObject:]
(self=0x20f75e408,
_cmd=0x6178d0 <.objc_selector_list+1456>, aName=0x205114708,
object=0x20bd9b608) at GormDocument.m:2217
#4 0x000000000040a2b8 in -[Gorm setName:] (self=0x20fc22408,
_cmd=0x20bb0c2e0, sender=0x20f773a08)
at Gorm.m:742
#5 0x000000020cbf2b78 in -[NSApplication sendAction:to:from:]
(self=0x20fc22408,
_cmd=0x20d1c0bc0 <.objc_selector_list+1456>, aSelector=0x20bb0c2e0,
aTarget=0x0, sender=0x20f773a08)
at NSApplication.m:2230
#6 0x000000020cd00da4 in -[NSMenu performActionForItemAtIndex:]
(self=0x20f771108,
_cmd=0x20d1c37d0 <.objc_selector_list+1744>, index=5) at NSMenu.m:1320
#7 0x000000020cd0eac5 in -[NSMenuView _trackWithEvent:startingMenuView:]
(self=0x20f775408,
_cmd=0x20d1c3400 <.objc_selector_list+768>, event=0x20813bf08,
mainWindowMenuView=0x0) at NSMenuView.m:1819
#8 0x000000020cd0ec20 in -[NSMenuView trackWithEvent:] (self=0x20f775408,
_cmd=0x20d1c3120 <.objc_selector_list+32>, event=0x206bc0188) at
NSMenuView.m:1851
#9 0x000000020cd0eee8 in -[NSMenuView mouseDown:] (self=0x20f775408,
_cmd=0x20d23b510 <.objc_selector_list+4192>, theEvent=0x206bc0188) at
NSMenuView.m:1891
#10 0x000000020ce3c1a0 in -[NSWindow sendEvent:] (self=0x20e379808,
_cmd=0x20d15d8b0 <.objc_selector_list+1360>, theEvent=0x206bc0188) at
NSWindow.m:3790
#11 0x000000020cbf2527 in -[NSApplication sendEvent:] (self=0x20fc22408,
---Type <return> to continue, or q <return> to quit---
_cmd=0x20d15d8b0 <.objc_selector_list+1360>, theEvent=0x206bc0188) at
NSApplication.m:2105
#12 0x000000020cbf0a3d in -[NSApplication run] (self=0x20fc22408,
_cmd=0x20d151c50 <.objc_selector_list+592>)
at NSApplication.m:1562
#13 0x000000020cbc384a in NSApplicationMain (argc=1, argv=0x7f7ffffd54c0) at
Functions.m:91
#14 0x000000000040d5cb in gnustep_base_user_main (argc=1, argv=0x7f7ffffd54c0)
at main.m:30
#15 0x000000020752077a in main (argc=1, argv=0x7f7ffffd54c0,
env=0x7f7ffffd54d0) at NSProcessInfo.m:984
#16 0x00000000004065a1 in ___start ()
#17 0x0000000000000001 in ?? ()
#18 0x00007f7ffffd55d8 in ?? ()
#19 0x0000000000000000 in ?? ()

The two lines of output are from frame #3:
(gdb) frame 3
#3 0x000000020618592b in -[GormDocument setName:forObject:]
(self=0x20f75e408,
_cmd=0x6178d0 <.objc_selector_list+1456>, aName=0x205114708,
object=0x20bd9b608) at GormDocument.m:2217
2217 [cc setObject: className forKey: aName];
(gdb) list
2212 NSLog(@"the OLD name %@ and its class name: %@, and cc: %@", oldName,
className, cc);
2213 if(className != nil)
2214 {
2215 NSLog(@"className was not NIL");
2216 [cc removeObjectForKey: oldName];
2217 [cc setObject: className forKey: aName];
2218 }
2219 }
2220
2221 // release oldName, if we get to this point.


This is always reproducible.
Running latest releases of gnustep libobjc2, -base, -gui, Gorm on OpenBSD 5.3
-current amd64.






_______________________________________________________

Reply to this item at:

<http://savannah.gnu.org/bugs/?39072>

_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/


Fred Kiefer

unread,
May 26, 2013, 6:57:22 PM5/26/13
to Fred Kiefer, Sebastian Reitenbach, bug-g...@gnu.org
Update of bug #39072 (project gnustep):

Item Group: None => Bug

_______________________________________________________

Follow-up Comment #1:

>From the code snippet I would guess that this is caused by className being
freed up right in the middle. Try to add RETAIN() just before line 2216 and
RELEASE() after line 2217 to that variable.

_______________________________________________________

Reply to this item at:

<http://savannah.gnu.org/bugs/?39072>

_______________________________________________
Nachricht gesendet von/durch Savannah
http://savannah.gnu.org/


Sebastian Reitenbach

unread,
May 27, 2013, 4:33:12 AM5/27/13
to Fred Kiefer, Sebastian Reitenbach, bug-g...@gnu.org
Follow-up Comment #2, bug #39072 (project gnustep):

Thanks Fred,

I tried this:

--- GormCore/GormDocument.m.orig Mon May 27 09:47:59 2013
+++ GormCore/GormDocument.m Mon May 27 09:48:58 2013
@@ -2211,7 +2211,9 @@ static void _real_close(GormDocument *self,
className = [cc objectForKey: oldName];
if(className != nil)
{
+ RETAIN(oldName);
[cc removeObjectForKey: oldName];
+ RELEASE(oldName);
[cc setObject: className forKey: aName];
}
}

But it still crashes the same way.

But something else I recognized:
With the NSLog I had there before:
NSLog(@"the OLD name %@ and its class name: %@, and cc: %@", oldName,
className, cc);

it printed:
2013-05-26 10:49:08.130 Gorm[27147] the OLD name ImageWindow and its class
name: LMWindow, and cc: {ImageView = LMFlipView; ImageWindow = LMWindow; }

The class name is an LMWindow, a custom class. But when you click in the Gorm
main window on the ImageWindow icon, and have the Gorm Inspector open, showing
the "Custom Class" panel, then the class listed there is just an NSWindow. I
don't know if this should have printed LMWindow there? LMWindow is a subclass
of NSWindow.
But it may also have nothing to do with it.
The other windows/panels in LaternaMagica don't seem to be custom classes, and
can be renamed fine.


_______________________________________________________

Reply to this item at:

<http://savannah.gnu.org/bugs/?39072>

_______________________________________________

Riccardo Mottola

unread,
May 25, 2014, 2:30:26 PM5/25/14
to Riccardo Mottola, Fred Kiefer, Sebastian Reitenbach, bug-g...@gnu.org
Follow-up Comment #3, bug #39072 (project gnustep):

Sebastian, does still reproduce for you?
I just tried on NetBSD with Gorm and the LaternaMagica file and it did not
crash.

Gregory John Casamento

unread,
May 26, 2014, 6:10:15 PM5/26/14
to Gregory John Casamento, Riccardo Mottola, Fred Kiefer, Sebastian Reitenbach, bug-g...@gnu.org
Update of bug #39072 (project gnustep):

Status: None => Confirmed
Assigned to: None => gcasa

Gregory John Casamento

unread,
May 27, 2014, 3:19:18 AM5/27/14
to Gregory John Casamento, Riccardo Mottola, Fred Kiefer, Sebastian Reitenbach, bug-g...@gnu.org
Update of bug #39072 (project gnustep):

Status: Confirmed => Ready For Test
Open/Closed: Open => In Test
0 new messages