Opened 6 years ago

Closed 6 years ago

#4783 closed defect (fixed)

ctrl-shift-t crashes empty StyledTextCtrl

Reported by: bro_ken_toy Owned by: robind
Priority: normal Milestone:
Component: wxStyledText Version:
Keywords: crash Cc: bro_ken_toy, robind
Blocked By: Blocking:
Patch: no

Description

Pressing ctrl-shift-t in an empty StyledTextCtrl causes a segfault. This was originally reported in wxRuby but can be reproduced in the stc sample in the distribution.

The crash happens on all platforms; backtrace from OS X as follows (2.8.7). As can be seen, this is from wxRuby, but points to the source in wxWidgets.

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
0x0138f14a in UCS2Length (s=0x0, len=4294967295) at
../../../../contrib/src/stc/scintilla/src/UniConversion.cxx:47
(gdb) whe
#0 0x0138f14a in UCS2Length (s=0x0, len=4294967295) at
../../../../contrib/src/stc/scintilla/src/UniConversion.cxx:47
#1 0x01304908 in stc2wx (str=0x0, len=4294967295)
at ../../../../contrib/src/stc/PlatWX.cpp:1529
#2 0x01307c9b in ScintillaWX::CopyToClipboard (this=0x851a00,
st=@0xbfffd9ac) at ../../../../contrib/src/stc/ScintillaWX.cpp:54
2
#3 0x0132fcfa in Editor::CopyRangeToClipboard (this=0x851a00,
start=0, end=0) at ../../../../contrib/src/stc/scintilla/src/Edit
or.cxx:4894
#4 0x01331e09 in Editor::KeyCommand (this=0x851a00, iMessage=2455)
at ../../../../contrib/src/stc/scintilla/src/Editor.cxx:4529
#5 0x0138c831 in ScintillaBase::KeyCommand (this=0x851a00,
iMessage=2455) at ../../../../contrib/src/stc/scintilla/src/Scint
illaBase.cxx:190
#6 0x01339855 in Editor::WndProc (this=0x851a00, iMessage=2455,
wParam=0, lParam=0) at ../../../../contrib/src/stc/scintilla/src/
Editor.cxx:7056
#7 0x0138d45a in ScintillaBase::WndProc (this=0x851a00,
iMessage=2455, wParam=0, lParam=0) at
../../../../contrib/src/stc/scintilla/src/ScintillaBase.cxx:724
#8 0x01308145 in ScintillaWX::WndProc (this=0x851a00, iMessage=2455,
wParam=0, lParam=0) at ../../../../contrib/src/stc/ScintillaWX.cp
p:731
#9 0x0132fe18 in Editor::KeyDown (this=0x851a00, key=84, shift=true,
ctrl=true, alt=false, consumed=0x858fd8)
at ../../../../contrib/src/stc/scintilla/src/Editor.cxx:4616
#10 0x01309314 in ScintillaWX::DoKeyDown (this=0x851a00,
evt=@0xbfffe348, consumed=0x858fd8)
at ../../../../contrib/src/stc/ScintillaWX.cpp:998
#11 0x01312535 in wxStyledTextCtrl::OnKeyDown (this=0x858e00,
evt=@0xbfffe348) at ../../../../contrib/src/stc/stc.cpp:3152
#12 0x01393f9f in wxAppConsole::HandleEvent (this=0x5b79f0,
handler=0x858e00, func={pfn = 0x131250a
<wxStyledTextCtrl::OnKeyDown(wxKeyEvent&)>,
delta

0}, event=@0xbfffe348) at ../src/common/appbase.cpp:320

#13 0x0142fe4a in wxEvtHandler::ProcessEventIfMatches
(entry=@0x1b472a8, handler=0x858e00, event=@0xbfffe348)
at ../src/common/event.cpp:1225
#14 0x01430236 in wxEventHashTable::HandleEvent (this=0x1b47368,
event=@0xbfffe348, self=0x858e00) at ../src/common/event.cpp:898
#15 0x014310b7 in wxEvtHandler::ProcessEvent (this=0x858e00,
event=@0xbfffe348) at ../src/common/event.cpp:1287
#16 0x010a8eaa in _wrap_wxEvtHandler_ProcessEvent () at
toplevel.h:65
#17 0x000d10b7 in rb_with_disable_interrupt ()
#18 0x000da636 in rb_eval_string_wrap ()
#19 0x000db24a in rb_eval_string_wrap ()
#20 0x000dbccd in rb_respond_to ()
#21 0x000dbdb6 in rb_funcall ()
#22 0x0127bbc7 in SwigDirector_wxStyledTextCtrl::ProcessEvent
() at listbase.h:238
#23 0x014469ab in wxApp::MacSendKeyDownEvent (this=0x5b79f0,
focus=0x858e00, keymessage=4372, modifiers=4608, when=5951941,
wherex=-16385, wherey=-6952, uniChar=20)
at ../src/mac/carbon/app.cpp:1466
#24 0x014a9fb7 in KeyboardEventHandler (handler=0xbfffe890,
event=0x15519eb0, data=0x832600) at
../src/mac/carbon/toplevel.cpp:174
#25 0x014ae63c in wxMacTopLevelEventHandler (handler=0xbfffe890,
event=0x15519eb0, data=0x832600) at
../src/mac/carbon/toplevel.cpp:835
#26 0x92daf863 in DispatchEventToHandlers ()
#27 0x92daec9d in SendEventToEventTargetInternal ()
#28 0x92daeb02 in SendEventToEventTargetWithOptions ()
#29 0x92dddd56 in ToolboxEventDispatcherHandler ()
#30 0x92dafc1c in DispatchEventToHandlers ()
#31 0x92daec9d in SendEventToEventTargetInternal ()
#32 0x92dcb08e in SendEventToEventTarget ()
#33 0x0144568d in wxApp::MacHandleOneEvent (this=0x5b79f0,
evr=0x15519eb0) at ../src/mac/carbon/app.cpp:1225
#34 0x0144575d in wxApp::MacDoOneEvent (this=0x5b79f0) at
../src/mac/carbon/app.cpp:1194
#35 0x0146054e in wxEventLoop::Dispatch (this=0x15517aa0) at
../src/mac/carbon/evtloop.cpp:107
#36 0x014fc965 in wxEventLoopManual::Run (this=0x15517aa0) at
../src/common/evtloopcmn.cpp:115
#37 0x014d2bc3 in wxAppBase::MainLoop (this=0x5b79f0) at
../src/common/appcmn.cpp:312
#38 0x014d2d31 in wxAppBase::OnRun (this=0x5b79f0)
at ../src/common/appcmn.cpp:367
#39 0x013cfcf3 in wxEntry (argc=@0x1b614f8, argv=0x5b7bd0) at
../src/common/init.cpp:456
#40 0x013cfdb2 in wxEntry (argc=@0x1b4581c, argv=0x1b45814) at
../src/common/init.cpp:468
#41 0x01007a44 in wxRubyApp::main_loop () at string.h:699
#42 0x010061ce in _wrap_App_main_loop () at string.h:242
#43 0x000d10b7 in rb_with_disable_interrupt ()
#44 0x000da636 in rb_eval_string_wrap ()
#45 0x000db24a in rb_eval_string_wrap ()
#46 0x000d84c5 in rb_eval_string_wrap ()
#47 0x000e7388 in rb_load_protect ()
#48 0x000e73b9 in ruby_exec ()
#49 0x000e73e5 in ruby_run ()
#50 0x00001fff in main ()

Change History (2)

comment:1 Changed 6 years ago by wxsite

  • Status changed from assigned to confirmed

transitioning old 'assigned' status to new 'confirmed' status

comment:2 Changed 6 years ago by vadz

  • Keywords crash added
  • Resolution set to fixed
  • Status changed from confirmed to closed

Passing -1 as length of NULL string clearly wasn't a great idea, fixed in r54230 (both 2.8 and trunk), thanks for reporting!

Note: See TracTickets for help on using tickets.