Opened 9 years ago

Closed 5 years ago

#19 closed defect (fixed)

Selectbox destroys stack when given more than 11 name,func pairs

Reported by: finticemo Owned by: yrizoud
Priority: critical Milestone: 2.6
Component: GrafX2 Version: 2.4
Keywords: Cc:

Description

I've just encountered a reliably reproducable major crash with DBToolbox scripts (downloadable from http://www.pixeljoint.com/forum/forum_posts.asp?TID=12854&PN=1)

How to reproduce:

  1. Have the DBToolbox scripts accessible somewhere.
  2. Grab a brush with the normal brush grab tool -- the used 20x18 area in the attached image.
  3. Activate the _DBTOOLBOX.lua to bring up DBTOOLBOX's main menu
  4. Select 'ABSOLUTE'
  5. Enter '28' in the X-Size entry, and '32' in the Y-Size entry. Click OK
  6. A message box will come up saying 'SIMPLE'. This is normal.
  7. As soon as you click to close that message box, GraFX2 core-dumps.

It is worth noting that you *must* access the function through _DBTOOLBOX.lua to invoke this crash.
Accessing it directly as bru_db_AdvancedScaling.lua does not cause a crash, it works fine!
So I've concluded it is a side effect of something that _DBTOOLBOX.lua does.

(what _DBTOOLBOX.lua does is really just : Define some functions which call selectbox(), concatenate a bit of text, and in one case, call messagebox(). The only unusual aspect AFAICS is how many options are in the selectbox()es -- up to 12.)

Crash log and sample image to apply the above steps with are attached.

Attachments (3)

grafx2-stacksmashed (22.1 KB ) - added by finticemo 9 years ago.
Crash log
mug.png (978 bytes ) - added by finticemo 9 years ago.
sample image to reproduce crash with
_DEBUGTOOLBOX.lua (1.2 KB ) - added by finticemo 9 years ago.
minimalized version of _DBTOOLBOX.lua that triggers the crash

Download all attachments as: .zip

Change History (15)

by finticemo, 9 years ago

Attachment: grafx2-stacksmashed added

Crash log

by finticemo, 9 years ago

Attachment: mug.png added

sample image to reproduce crash with

comment:1 by finticemo, 9 years ago

Some details I should have mentioned:

  • grafx2 SVN r2116 ("Layer preview: add a 1px border..")
  • DBToolbox 1.3 (the current one available in the linked forum thread)
  • Lua 5.2.3
  • GCC 4.9.2

on

  • Arch Linux, x86_64 platform

I can dig up the version of SDL etc if needed. I haven't bothered yet because as far as I can see, the problem is fairly clearly related to interaction with Lua.

EDIT: Sorry, I just realized I left some steps out of the 'how to reproduce' list as well...
After step 3, You need to click on SPRITE, then on Scale Advanced. Then proceed with step 4.

I have also confirmed this behaviour with 'Smart outline WIP'.

Other information:

If you immediately click 'Quit' instead of selecting any other item after step 3, no crash occurs. However, if you click BRUSH and then click 'Back' followed by 'Quit', the crash occurs. So this is the most simple way to reproduce the crash:

  1. Open the brush factory and run _DBTOOLBOX.lua
  2. click BRUSH
  3. click Back
  4. click Quit

To me, this indicates that the crash condition occurs most likely as a result of step 2.

So I'll post the definition of sf_brush here, but as far as I can see it's perfectly ordinary:

function sf_brush()

selectbox("Brush",

">ADJUST", sf_brush_adjust,
">DISTORTIONS", sf_brush_distort,
"Brush Info (t)", function () dofile("inf_db_BrushInfo.lua"); end,
"Crop margins (b)", function () dofile("bru_db_CropMargins.lua"); end,
"Brush 2 Image (i)", function () dofile("pic_db_Brush2Picture.lua"); end,
--"(UberRotScale) (b)", function () dofile("bru_db_uberRotScale.lua"); end,
"Scale Simple (b)", function () dofile("bru_db_BrushScaleSimple.lua"); end,
"Scale Advanced (b)", function () dofile("bru_db_AdvancedScaling.lua"); end,
--"Scale Matrix (b)", function () dofile("bru_db_ScaleBrush3.lua"); end,
"Extract PenColor (b)", function () dofile("bru_db_ExtractPenColor.lua"); end,
"Apply PenColor (b)", function () dofile("bru_db_ApplyColor.lua");end,
"Smart Outline WIP (b)", function () dofile("bru_db_smartOutline.lua");end,
--"Waves Distortion (b)", function () dofile("bru_db_Waves.lua"); end,
"[Back]", main

);

end

Last edited 9 years ago by finticemo (previous) (diff)

comment:2 by finticemo, 9 years ago

Summary: Coredump on DBToolbox 'Scale Sprite ->ABSOLUTE'Selectbox destroys stack when given more than 11 name,func pairs

comment:3 by finticemo, 9 years ago

Okay, I've narrowed this down by making an edited version of _DBTOOLBOX.lua.
I'll attach it as _DEBUGTOOLBOX.lua . Place it in the same directory as _DBTOOLBOX.lua, and follow the procedure:

  1. Open the brush factory and run _DEBUGTOOLBOX.lua
  2. Click BRUSH
  3. Click Back
  4. Click Quit

This should cause the coredump.

This edited file is very simple, and has one line marked with 'if you comment this line, the crash will not occur'.
However, I've tested with other lines too. The crash condition is simply 'provide >= 11 name, function pairs to selectbox()', so any change that reduces the number of name,function pairs to 10 or less will prevent the crash from occurring.

by finticemo, 9 years ago

Attachment: _DEBUGTOOLBOX.lua added

minimalized version of _DBTOOLBOX.lua that triggers the crash

comment:4 by DawnBringer, 9 years ago

Ok :/ well, since v1.3 of the Toolbox I've already limited all selectbox entries to max 10 (more is just messy anyways)...good to know that is safe at least!

comment:5 by yrizoud, 9 years ago

Owner: changed from Adrien Destugues to yrizoud
Priority: majorcritical
Status: newaccepted

comment:6 by PulkoMandy, 6 years ago

Milestone: 2.52.6

comment:7 by Thomas Bernard, 5 years ago

Does someone reproduce with GrafX2 2.5 or 2.6 ?
I've failed to reproduce the problem, but I've got only dawnbringer toolbox v1.4

comment:8 by Thomas Bernard, 5 years ago

I just found the toolbox v1.3
https://web.archive.org/web/20130619190132/http://goto.glocalnet.net/axe/toolbox13.zip
and I don't reproduce the bug neither.

I'm using lua 5.3.5, FreeBSD

comment:9 by Thomas Bernard, 5 years ago

However I have a crash when displaying the long select box when I'm in a 320x200 resolution.
The Select box is too big to fit the screen...

(gdb) bt
#0  0x0000000801976916 in memcpy () from /lib/libc.so.7
#1  0x00000000004512cf in Read_line_screen_simple (x_pos=<optimized out>, y_pos=<optimized out>, width=196, 
    line=0x803249b40 "") at pxsimple.c:292
#2  0x000000000043be25 in Save_background (buffer=0x711c20 <Window_background>, x_pos=<optimized out>, y_pos=65525, 
    width=width@entry=196, height=height@entry=230) at engine.c:86
#3  0x000000000043cca5 in Open_window (width=width@entry=196, height=<optimized out>, title=title@entry=0x8028f73d8 "Brush")
    at engine.c:1627
#4  0x0000000000472a71 in L_SelectBox (L=0x8029f0008) at factory.c:1324
#5  0x0000000800fb3d7b in ?? () from /usr/local/lib/liblua-5.3.so
#6  0x0000000800fc262c in ?? () from /usr/local/lib/liblua-5.3.so
#7  0x0000000800fb3fe9 in ?? () from /usr/local/lib/liblua-5.3.so
#8  0x0000000800faebca in lua_callk () from /usr/local/lib/liblua-5.3.so
#9  0x0000000000472bcb in L_SelectBox (L=0x8029f0008) at factory.c:1351

comment:11 by Thomas Bernard, 5 years ago

If no-one is able to reproduce, I propose to close this issue

comment:12 by Thomas Bernard, 5 years ago

Resolution: fixed
Status: acceptedclosed

I think we can assume this bug is fixed.
Do not hesitate to re-open if that is not the case

Note: See TracTickets for help on using tickets.