FLTK logo

Re: [fltk.coredev] Double free of groups
FLTK matrix user chat room (using Element browser app)   FLTK gitter user chat room   GitHub FLTK Project   FLTK News RSS Feed  
  FLTK Library      Forums      Links      Apps     Login 
 All Forums  |  Back to fltk.coredev  ]
 
Previous Message ]New Message | Reply ]Next Message ]

Re: Double free of groups Albrecht Schlosser Mar 16, 2023  
 
On 3/15/23 16:46 Albrecht Schlosser wrote:

... I found ... a newer version of the Cartesian library here: https://sourceforge.net/p/rfltk/code/HEAD/tree/cartesian/

Meanwhile I also found out that this library adds more than one FLTK widget to its parent group (or window) - which may cause the double free under certain circumstances - and I could indeed make the provided example program crash with double free if I only delete the main window after `Fl::run()`.

See below, this was not the case, i.e. it was not FLTK's fault.

Source code: https://sourceforge.net/p/rfltk/code/HEAD/tree/cartesian/test/example.cpp

Modified like this (see comment):
```
Fl_Double_Window *w = new Fl_Double_Window(580, 380, "Cartesian graphics example");
// ... more code here ...
w->end();
w->show(argc, argv);
Fl::add_timeout(0, next_freq);
Fl::run();
delete w; // ADDED only this statement
return 0;
```

This is an example I can work with, and I'll investigate this issue. ...

I'll let you know when I have more info.

I have good news: I found the culprit in the Cartesian software and it is easy to fix. Fortunately it has nothing to do with the changes in FLTK - at least as far as I could find out. I concentrated on finding the bug and didn't investigate why the older FLTK version did not exhibit the bug whereas the newer version does because this is moot. A bug is a bug. ;-)


The double free bug is (potentially) caused by two identical statements in `Ca_X_Axis::~Ca_X_Axis()` and `Ca_Y_Axis::~Ca_Y_Axis()`. In my tests it was only triggered by `~Ca_Y_Axis()` but since both d'tors are structured identically I fixed both of them in my version.

If you comment out the two statements as shown below in context (marked with '<<<<<<<') the bug should be gone. Hopefully.

Note that this doesn't fix all memory leaks in the demo program, but neither valgrind nor ASAN report any errors after this fix.

Please let me know if this fixes the issue for you.


That said, I changed a lot more code in my version, fixed compiler warnings, removed unused variables, and fixed usage of uninitialized variables (!). I'm thinking about publishing my fixes somewhere, maybe on GitHub, but this is not yet possible - it would need some more work to clean up everything.

Rob, you wrote before that you also had to fix some issues. Can you tell me what you fixed, and/or post a link to your fixed version of the Cartesian library? Is it maybe included in your OpenVSP project? If yes, I don't remember to have seen it (only a link to the sourceforge repo, IIRC). I'd appreciate if we could synchronize our efforts, but this is now probably OT here and we can check this off-list if you agree. Let me know...


Back on topic:

My proposed changes: since I'm not sure that we are using the same version of the Cartesian project, following is the full code of the two mentioned d'tors with fixes.

```
Cartesian.cpp-728-Ca_X_Axis::~Ca_X_Axis(){
Cartesian.cpp-729-  if(canvas_){
Cartesian.cpp-730-    Ca_ObjectChain *ochain=canvas_->first_object_;
Cartesian.cpp-731-    Ca_ObjectChain *next;
Cartesian.cpp-732-    Ca_ObjectChain *previous=0;
Cartesian.cpp-733-    while (ochain){
Cartesian.cpp-734-      next=ochain->next;
Cartesian.cpp-735-      if(ochain->object->x_axis_==this){
Cartesian.cpp-736-        delete ochain->object;
Cartesian.cpp-737-        if(previous)
Cartesian.cpp-738-          previous->next=next;
Cartesian.cpp-739-        else
Cartesian.cpp-740-          canvas_->first_object_=next;
Cartesian.cpp:741:        // delete ochain; // would cause double free        <<<<<<<
Cartesian.cpp-742-      }
Cartesian.cpp-743-      ochain=next;
Cartesian.cpp-744-    }
Cartesian.cpp-745-  }
Cartesian.cpp-746-}
--
Cartesian.cpp-1051-Ca_Y_Axis::~Ca_Y_Axis(){
Cartesian.cpp-1052-  if(canvas_){
Cartesian.cpp-1053-    Ca_ObjectChain *ochain=canvas_->first_object_;
Cartesian.cpp-1054-    Ca_ObjectChain *next;
Cartesian.cpp-1055-    Ca_ObjectChain *previous=0;
Cartesian.cpp-1056-    while (ochain){
Cartesian.cpp-1057-      next=ochain->next;
Cartesian.cpp-1058-      if(ochain->object->y_axis_==this){
Cartesian.cpp-1059-        delete ochain->object;
Cartesian.cpp-1060-        if(previous)
Cartesian.cpp-1061-          previous->next=next;
Cartesian.cpp-1062-        else
Cartesian.cpp-1063-          canvas_->first_object_=next;
Cartesian.cpp:1064:        // delete ochain; // would cause double free        <<<<<<<
Cartesian.cpp-1065-      }
Cartesian.cpp-1066-      ochain=next;
Cartesian.cpp-1067-    }
Cartesian.cpp-1068-  }
Cartesian.cpp-1069-}
```

--
You received this message because you are subscribed to the Google Groups "fltk.coredev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fltkcoredev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/fltkcoredev/fe91027f-78d6-41dc-df7b-106d4751318a%40online.de.
Direct Link to Message ]		  
     
Previous Message ]New Message | Reply ]Next Message ]
 
 

Comments are owned by the poster. All other content is copyright 1998-2025 by Bill Spitzak and others. This project is hosted by The FLTK Team. Please report site problems to 'erco@seriss.com'.