KiCad

KiCad crashes after closing PCBNew if a python script was executed before

Bug #1844880 reported by DDuck007 on 2019-09-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	KiCad	Fix Committed	Critical	jean-pierre charras	KiCad 6.0.0-rc1

Bug Description

Running a python-script in PCBNew, e.g. InteractiveHtmlBom (https://github.com/openscopeproject/InteractiveHtmlBom) or teardrops, ... Kicad crashes after closing PCBNew. The script is executed properly and everything looks fine until closing PCBNew. If it is closed all KiCad windows including the main-window are closed.

Version:

Application: KiCad
Version: (5.99.0-149-g130d52dd8), release build
Libraries:
    wxWidgets 3.0.4
    libcurl/7.61.1 OpenSSL/1.1.1 (WinSSL) zlib/1.2.11 brotli/1.0.6 libidn2/2.0.5 libpsl/0.21.0 (+libidn2/2.1.1) nghttp2/1.34.0
Platform: Windows 8 (build 9200), 64-bit edition, 64 bit, Little endian, wxMSW
Build Info:
    wxWidgets: 3.0.4 (wchar_t,wx containers,compatible with 2.8)
    Boost: 1.68.0
    OpenCASCADE Community Edition: 6.9.1
    Curl: 7.61.1
    Compiler: GCC 8.2.0 with C++ ABI 1013

Build settings:
    KICAD_SCRIPTING=ON
    KICAD_SCRIPTING_MODULES=ON
    KICAD_SCRIPTING_PYTHON3=OFF
    KICAD_SCRIPTING_WXPYTHON=ON
    KICAD_SCRIPTING_WXPYTHON_PHOENIX=OFF
    KICAD_SCRIPTING_ACTION_MENU=ON
    BUILD_GITHUB_PLUGIN=ON
    KICAD_USE_OCE=ON
    KICAD_USE_OCC=OFF
    KICAD_SPICE=ON

See original description

Tags:

DDuck007 (dduck007.01) on 2019-09-21

description:

updated

Revision history for this message

Ian McInerney (imcinerney) wrote on 2019-09-21:

dummy_plugin_2.zip Edit (2.5 KiB, application/zip)

Download full text (5.2 KiB)

This happens for simple plugins as well (tested with the attached plugin). The stack trace from address sanitizer is below.

=================================================================
==12840==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900004b580 at pc 0x7fcfa05be4aa bp 0x7fff775ea390 sp 0x7fff775ea388
READ of size 8 at 0x61900004b580 thread T0
    #0 0x7fcfa05be4a9 in BOARD::~BOARD() /master/pcbnew/class_board.cpp:155:9
    #1 0x7fcfa05be9dd in BOARD::~BOARD() /master/pcbnew/class_board.cpp:142:1
    #2 0x7fcfa059c70c in PCB_BASE_FRAME::~PCB_BASE_FRAME() /master/pcbnew/pcb_base_frame.cpp:108:5
    #3 0x7fcf9fce9008 in PCB_BASE_EDIT_FRAME::~PCB_BASE_EDIT_FRAME() /master/pcbnew/pcb_base_edit_frame.cpp:53:1
    #4 0x7fcf9fcfc205 in PCB_EDIT_FRAME::~PCB_EDIT_FRAME() /master/pcbnew/pcb_edit_frame.cpp:339:1
    #5 0x7fcf9fcfc22d in PCB_EDIT_FRAME::~PCB_EDIT_FRAME() /master/pcbnew/pcb_edit_frame.cpp:338:1
    #6 0x7fcfab2429c6 in wxAppConsoleBase::DeletePendingObjects() ../src/common/appbase.cpp:591:16
    #7 0x7fcfab242a48 in wxAppConsoleBase::ProcessIdle() ../src/common/appbase.cpp:397:25
    #8 0x7fcfab8434a7 in wxAppBase::ProcessIdle() ../src/common/appcmn.cpp:366:50
    #9 0x7fcfab76d094 in wxApp::DoIdle() ../src/gtk/app.cpp:159:31
    #10 0x7fcfab76d1b6 ../src/gtk/app.cpp:107:28
    #11 0x7fcfa977f7da (/lib64/libglib-2.0.so.0+0x4c7da)
    #12 0x7fcfa9782edc in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x4fedc)
    #13 0x7fcfa978326f (/lib64/libglib-2.0.so.0+0x5026f)
    #14 0x7fcfa97835a2 in g_main_loop_run (/lib64/libglib-2.0.so.0+0x505a2)
    #15 0x7fcfa9dc1b3c in gtk_main (/lib64/libgtk-3.so.0+0x24db3c)
    #16 0x7fcfab78cbc4 in wxGUIEventLoop::DoRun() ../src/gtk/evtloop.cpp:65:17
    #17 0x7fcfab285170 in wxEventLoopBase::Run() ../src/common/evtloopcmn.cpp:78:17
    #18 0x7fcfab245c69 in wxAppConsoleBase::MainLoop() ../src/common/appbase.cpp:334:40
    #19 0x53c770 in APP_KICAD::OnRun() /master/kicad/kicad.cpp:261:27
    #20 0x7fcfab2d9abb in wxEntry(int&, wchar_t**) ../src/common/init.cpp:506:31
    #21 0x53a4ae in main /master/kicad/kicad.cpp:292:1
    #22 0x7fcfaa2abf32 in __libc_start_main (/lib64/libc.so.6+0x23f32)
    #23 0x40302d in _start (/master/build/debug/kicad/kicad+0x40302d)

0x61900004b580 is located 0 bytes inside of 956-byte region [0x61900004b580,0x61900004b93c)
freed by thread T0 here:
    #0 0x51d65f in operator delete(void*) (/master/build/debug/kicad/kicad+0x51d65f)
    #1 0x7fcfab24b138 /usr/include/c++/9/ext/new_allocator.h:128:19
    #2 0x7fcfab24b138 /usr/include/c++/9/bits/alloc_traits.h:470:9
    #3 0x7fcfab24b138 /usr/include/c++/9/bits/basic_string.h:237:34
    #4 0x7fcfab24b138 /usr/include/c++/9/bits/basic_string.h:232:4
    #5 0x7fcfab24b138 /usr/include/c++/9/bits/basic_string.h:658:9
    #6 0x7fcfab24b138 ../include/wx/string.h:393:24
    #7 0x7fcfab24b138 ../include/wx/scopedarray.h:29:24
    #8 0x7fcfab24b138 in wxArrayString::Add(wxString const&, unsigned long) ../src/common/arrstr.cpp:302:53

previously allocated by thread T0 here:
#0 0x51c83f in operator new(unsigned long) (/master/build/debug/kicad/kicad+0x51c83f)
#1 0x52575e in __gnu_cxx::new_alloc...

This happens for simple plugins as well (tested with the attached plugin). The stack trace from address sanitizer is below.

=================================================================
==12840==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900004b580 at pc 0x7fcfa05be4aa bp 0x7fff775ea390 sp 0x7fff775ea388
READ of size 8 at 0x61900004b580 thread T0
    #0 0x7fcfa05be4a9 in BOARD::~BOARD() /master/pcbnew/class_board.cpp:155:9
    #1 0x7fcfa05be9dd in BOARD::~BOARD() /master/pcbnew/class_board.cpp:142:1
    #2 0x7fcfa059c70c in PCB_BASE_FRAME::~PCB_BASE_FRAME() /master/pcbnew/pcb_base_frame.cpp:108:5
    #3 0x7fcf9fce9008 in PCB_BASE_EDIT_FRAME::~PCB_BASE_EDIT_FRAME() /master/pcbnew/pcb_base_edit_frame.cpp:53:1
    #4 0x7fcf9fcfc205 in PCB_EDIT_FRAME::~PCB_EDIT_FRAME() /master/pcbnew/pcb_edit_frame.cpp:339:1
    #5 0x7fcf9fcfc22d in PCB_EDIT_FRAME::~PCB_EDIT_FRAME() /master/pcbnew/pcb_edit_frame.cpp:338:1
    #6 0x7fcfab2429c6 in wxAppConsoleBase::DeletePendingObjects() ../src/common/appbase.cpp:591:16
    #7 0x7fcfab242a48 in wxAppConsoleBase::ProcessIdle() ../src/common/appbase.cpp:397:25
    #8 0x7fcfab8434a7 in wxAppBase::ProcessIdle() ../src/common/appcmn.cpp:366:50
    #9 0x7fcfab76d094 in wxApp::DoIdle() ../src/gtk/app.cpp:159:31
    #10 0x7fcfab76d1b6  ../src/gtk/app.cpp:107:28
    #11 0x7fcfa977f7da  (/lib64/libglib-2.0.so.0+0x4c7da)
    #12 0x7fcfa9782edc in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x4fedc)
    #13 0x7fcfa978326f  (/lib64/libglib-2.0.so.0+0x5026f)
    #14 0x7fcfa97835a2 in g_main_loop_run (/lib64/libglib-2.0.so.0+0x505a2)
    #15 0x7fcfa9dc1b3c in gtk_main (/lib64/libgtk-3.so.0+0x24db3c)
    #16 0x7fcfab78cbc4 in wxGUIEventLoop::DoRun() ../src/gtk/evtloop.cpp:65:17
    #17 0x7fcfab285170 in wxEventLoopBase::Run() ../src/common/evtloopcmn.cpp:78:17
    #18 0x7fcfab245c69 in wxAppConsoleBase::MainLoop() ../src/common/appbase.cpp:334:40
    #19 0x53c770 in APP_KICAD::OnRun() /master/kicad/kicad.cpp:261:27
    #20 0x7fcfab2d9abb in wxEntry(int&, wchar_t**) ../src/common/init.cpp:506:31
    #21 0x53a4ae in main /master/kicad/kicad.cpp:292:1
    #22 0x7fcfaa2abf32 in __libc_start_main (/lib64/libc.so.6+0x23f32)
    #23 0x40302d in _start (/master/build/debug/kicad/kicad+0x40302d)

0x61900004b580 is located 0 bytes inside of 956-byte region [0x61900004b580,0x61900004b93c)
freed by thread T0 here:
    #0 0x51d65f in operator delete(void*) (/master/build/debug/kicad/kicad+0x51d65f)
    #1 0x7fcfab24b138  /usr/include/c++/9/ext/new_allocator.h:128:19
    #2 0x7fcfab24b138  /usr/include/c++/9/bits/alloc_traits.h:470:9
    #3 0x7fcfab24b138  /usr/include/c++/9/bits/basic_string.h:237:34
    #4 0x7fcfab24b138  /usr/include/c++/9/bits/basic_string.h:232:4
    #5 0x7fcfab24b138  /usr/include/c++/9/bits/basic_string.h:658:9
    #6 0x7fcfab24b138  ../include/wx/string.h:393:24
    #7 0x7fcfab24b138  ../include/wx/scopedarray.h:29:24
    #8 0x7fcfab24b138 in wxArrayString::Add(wxString const&, unsigned long) ../src/common/arrstr.cpp:302:53

previously allocated by thread T0 here:
    #0 0x51c83f in operator new(unsigned long) (/master/build/debug/kicad/kicad+0x51c83f)
    #1 0x52575e in __gnu_cxx::new_allocator<wchar_t>::allocate(unsigned long, void const*) /usr/bin/../lib/gcc/x86_64-redhat-linux/9/../../../../include/c++/9/ext/new_allocator.h:114:27
    #2 0x5256fa in std::allocator_traits<std::allocator<wchar_t> >::allocate(std::allocator<wchar_t>&, unsigned long) /usr/bin/../lib/gcc/x86_64-redhat-linux/9/../../../../include/c++/9/bits/alloc_traits.h:444:20
    #3 0x525465 in std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::_M_create(unsigned long&, unsigned long) /usr/bin/../lib/gcc/x86_64-redhat-linux/9/../../../../include/c++/9/bits/basic_string.tcc:153:14
    #4 0x52737e in std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::_M_assign(std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&) /usr/bin/../lib/gcc/x86_64-redhat-linux/9/../../../../include/c++/9/bits/basic_string.tcc:265:24
    #5 0x7fcfab24a86b  /usr/include/c++/9/bits/basic_string.h:1366:2
    #6 0x7fcfab24a86b  /usr/include/c++/9/bits/basic_string.h:696:27
    #7 0x7fcfab24a86b  ../include/wx/string.h:1883:28
    #8 0x7fcfab24a86b in wxArrayString::Grow(unsigned long) ../src/common/arrstr.cpp:149:31

Application: Pcbnew
Version: (5.99.0-151-g8be9aeac9-dirty), debug build
Libraries:
    wxWidgets 3.0.4
    libcurl/7.65.3 OpenSSL/1.1.1c-fips zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.0.5) libssh/0.9.0/openssl/zlib nghttp2/1.38.0
Platform: Linux 5.1.18-300.fc30.x86_64 x86_64, 64 bit, Little endian, wxGTK
Build Info:
    wxWidgets: 3.0.4 (wchar_t,wx containers,compatible with 2.8) GTK+ 3.24
    Boost: 1.69.0
    OpenCASCADE Community Edition: 6.9.1
    Curl: 7.65.3
    Compiler: Clang 8.0.0 with C++ ABI 1002

Build settings:
    KICAD_SCRIPTING=ON
    KICAD_SCRIPTING_MODULES=ON
    KICAD_SCRIPTING_PYTHON3=ON
    KICAD_SCRIPTING_WXPYTHON=ON
    KICAD_SCRIPTING_WXPYTHON_PHOENIX=ON
    KICAD_SCRIPTING_ACTION_MENU=ON
    BUILD_GITHUB_PLUGIN=ON
    KICAD_USE_OCE=ON
    KICAD_USE_OCC=OFF
    KICAD_SPICE=ON
    KICAD_STDLIB_DEBUG=OFF
    KICAD_STDLIB_LIGHT_DEBUG=OFF
    KICAD_SANITIZE=OFF