Bug#1032834: freecad: Segmentation fault while redoing

Patrik Kluba kpajko79 at gmail.com
Sun Mar 12 13:18:24 GMT 2023 

Package: freecad
Version: 0.20.2+dfsg1-4
Severity: important
Tags: upstream
X-Debbugs-Cc: kpajko79 at gmail.com

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.19.0-2-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages freecad depends on:
ii  freecad-python3  0.20.2+dfsg1-4

Versions of packages freecad recommends:
ii  calculix-ccx  2.20-1
ii  graphviz      2.42.2-7+b3

Versions of packages freecad suggests:
pn  povray  <none>

-- no debconf information

Hi,

I've started tinkering with FreeCad this morning and hit an irritating bug at least 3 times,
leading to loosing my model once. The bug seems quite repeatable, so I've tried to prevent
it by using undo-redo less, but it's easy to accidentally doing it without paying attention,
like happened to me last time.

Reproduction steps:
- draw a few lines
- undo
- redo
- undo
- redo
- draw a few more lines
- undo
- redo
- ...
- join lines
- undo
- redo
- delete line
- undo
- redo
- ...

Basically it hits when adding a new line, when deleting a line, or joining lines. But it
happens as well for undoing-redoing more complex operations.

The same issue is reported here:
https://forum-freecad-org.translate.goog/viewtopic.php?p=585510&_x_tr_sl=de&_x_tr_tl=en&_x_tr_hl=hu&_x_tr_pto=wapp

Here's a stack trace:

#0  0x00007ffff71ff210 in Gui::Document::handleChildren3D(Gui::ViewProvider*, bool) () from /usr/lib/freecad-python3/lib/libFreeCADGui.so
#1  0x00007ffff71fb536 in Gui::Document::redo(int) () from /usr/lib/freecad-python3/lib/libFreeCADGui.so
#2  0x00007ffff74bb1e3 in Gui::View3DInventor::onMsg(char const*, char const**) () from /usr/lib/freecad-python3/lib/libFreeCADGui.so
#3  0x00007ffff71b6b49 in Gui::Application::sendMsgToActiveView(char const*, char const**) () from /usr/lib/freecad-python3/lib/libFreeCADGui.so
#4  0x00007ffff725043f in Gui::Command::_invoke(int, bool) () from /usr/lib/freecad-python3/lib/libFreeCADGui.so
#5  0x00007ffff72507a3 in Gui::Command::invoke(int, Gui::Command::TriggerSource) () from /usr/lib/freecad-python3/lib/libFreeCADGui.so
#6  0x00007ffff4ce8f7c in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007ffff595c782 in QAction::triggered(bool) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#8  0x00007ffff595f3ab in QAction::activate(QAction::ActionEvent) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#9  0x00007ffff595ff7d in QAction::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#10 0x00007ffff5962fae in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#11 0x00007ffff72270e8 in Gui::GUIApplication::notify(QObject*, QEvent*) () from /usr/lib/freecad-python3/lib/libFreeCADGui.so
#12 0x00007ffff4cb16f8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007ffff516c76b in QShortcutMap::dispatchEvent(QKeyEvent*) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#14 0x00007ffff516d0bb in QShortcutMap::tryShortcut(QKeyEvent*) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#15 0x00007ffff5115376 in QWindowSystemInterface::handleShortcutEvent(QWindow*, unsigned long, int, QFlags<Qt::KeyboardModifier>, unsigned int, unsigned int, unsigned int, QString const&, bool, unsigned short) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#16 0x00007ffff51390cd in QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#17 0x00007ffff5111cac in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#18 0x00007fffeea20eba in ?? () from /lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#19 0x00007ffff2dd77a9 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007ffff2dd7a38 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007ffff2dd7acc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x00007ffff4d09836 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#23 0x00007ffff4cb017b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#24 0x00007ffff4cb82d6 in QCoreApplication::exec() () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#25 0x00007ffff71c3a42 in Gui::Application::runApplication() () from /usr/lib/freecad-python3/lib/libFreeCADGui.so
#26 0x0000555555558c01 in ?? ()
#27 0x00007fffffffdc98 in ?? ()
#28 0x00007ffff4816de0 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#29 0x00007ffff4816d20 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#30 0x0000000000000000 in ?? ()

(gdb) info reg
rax            0x0                 0
rbx            0x55555838f340      93825040708416
rcx            0x5555556e07a0      93824993855392
rdx            0x0                 0
rsi            0x55555838f340      93825040708416
rdi            0x55555838f340      93825040708416
rbp            0x55555716a940      0x55555716a940
rsp            0x7fffffffc400      0x7fffffffc400
r8             0x1                 1
r9             0x0                 0
r10            0xdf8e58aef990835   1006806901605337141
r11            0x7fffffffb8c0      140737488337088
r12            0x5555578c9d80      93825029414272
r13            0x5555578c9d80      93825029414272
r14            0x55555716a940      93825021684032
r15            0x0                 0
rip            0x7ffff71ff210      0x7ffff71ff210 <Gui::Document::handleChildren3D(Gui::ViewProvider*, bool)+64>
eflags         0x10202             [ IF RF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0

(gdb) disas $pc
Dump of assembler code for function _ZN3Gui8Document16handleChildren3DEPNS_12ViewProviderEb:
   0x00007ffff71ff1d0 <+0>:	push   %r15
   0x00007ffff71ff1d2 <+2>:	push   %r14
   0x00007ffff71ff1d4 <+4>:	push   %r13
   0x00007ffff71ff1d6 <+6>:	push   %r12
   0x00007ffff71ff1d8 <+8>:	push   %rbp
   0x00007ffff71ff1d9 <+9>:	push   %rbx
   0x00007ffff71ff1da <+10>:	sub    $0x98,%rsp
   0x00007ffff71ff1e1 <+17>:	mov    %edx,0x24(%rsp)
   0x00007ffff71ff1e5 <+21>:	mov    %fs:0x28,%rax
   0x00007ffff71ff1ee <+30>:	mov    %rax,0x88(%rsp)
   0x00007ffff71ff1f6 <+38>:	xor    %eax,%eax
   0x00007ffff71ff1f8 <+40>:	test   %rsi,%rsi
   0x00007ffff71ff1fb <+43>:	je     0x7ffff71ff4ea <_ZN3Gui8Document16handleChildren3DEPNS_12ViewProviderEb+794>
   0x00007ffff71ff201 <+49>:	mov    (%rsi),%rax
   0x00007ffff71ff204 <+52>:	mov    %rdi,%r13
   0x00007ffff71ff207 <+55>:	mov    %rsi,%rbx
   0x00007ffff71ff20a <+58>:	mov    %edx,%r15d
   0x00007ffff71ff20d <+61>:	mov    %rsi,%rdi
=> 0x00007ffff71ff210 <+64>:	call   *0x130(%rax)
   0x00007ffff71ff216 <+70>:	test   %rax,%rax
   0x00007ffff71ff219 <+73>:	je     0x7ffff71ff4ea <_ZN3Gui8Document16handleChildren3DEPNS_12ViewProviderEb+794>
   0x00007ffff71ff21f <+79>:	mov    (%rbx),%rax
   0x00007ffff71ff222 <+82>:	lea    0x30(%rsp),%rdi
   0x00007ffff71ff227 <+87>:	mov    %rbx,%rsi

So that's a NULL pointer dereference. Not sure what should be there in rax instead.
Maybe some unimplemented virtual method?

(gdb) x/256x $sp
0x7fffffffc400:	0x0000000a	0x00000000	0xffffc360	0x00007fff
0x7fffffffc410:	0x00000000	0x00000000	0x556d5e20	0x00005555
0x7fffffffc420:	0x00000000	0x00000000	0xcd4b8a00	0x8d96dc16
0x7fffffffc430:	0xffffc5f0	0x00007fff	0x5787c9d0	0x00005555
0x7fffffffc440:	0x5839e578	0x00005555	0x5839e578	0x00005555
0x7fffffffc450:	0xf699f500	0x00007fff	0x0000000a	0x00000000
0x7fffffffc460:	0xffffc368	0x00007fff	0x00000000	0x00000000
0x7fffffffc470:	0x0000001b	0x00000000	0x00000000	0x00007fff
0x7fffffffc480:	0x00000000	0x00000000	0xcd4b8a00	0x8d96dc16
0x7fffffffc490:	0x59d2f7f0	0x00005555	0x58593b80	0x00005555
0x7fffffffc4a0:	0x5716a940	0x00005555	0x578c9d80	0x00005555
0x7fffffffc4b0:	0x5716ab50	0x00005555	0x5716a940	0x00005555
0x7fffffffc4c0:	0xffffc5f0	0x00007fff	0xf71fb536	0x00007fff
0x7fffffffc4d0:	0x5716a96a	0x00005555	0x55b8bb01	0x00005555
0x7fffffffc4e0:	0x00000000	0x00000000	0xcd4b8a00	0x8d96dc16
0x7fffffffc4f0:	0xf7c35a7e	0x00007fff	0x57795620	0x00005555
0x7fffffffc500:	0x00000000	0x00000000	0x00000000	0x00000000
0x7fffffffc510:	0xf7e665d4	0x00007fff	0xf74bb1e3	0x00007fff
0x7fffffffc520:	0xf7c34801	0x00007fff	0xfffffe60	0xffffffff
0x7fffffffc530:	0x0000000b	0x00000000	0xcd4b8a00	0x8d96dc16
0x7fffffffc540:	0x00000000	0x00000000	0xffffd3b0	0x00007fff
0x7fffffffc550:	0xf7c35a7e	0x00007fff	0xf71b6b49	0x00007fff
0x7fffffffc560:	0x00000000	0x00000000	0x55b83600	0x00005555
0x7fffffffc570:	0x00000000	0x00000000	0xffffc5c8	0x00007fff
0x7fffffffc580:	0x582183c0	0x00005555	0xf725043f	0x00007fff
0x7fffffffc590:	0x55b8bbb0	0x00005555	0xffffc5d0	0x00007fff
0x7fffffffc5a0:	0xffffc5f8	0x00007fff	0x00000151	0x00000000
0x7fffffffc5b0:	0xffffc5e0	0x00007fff	0x00000000	0x00000000
0x7fffffffc5c0:	0xffffce00	0x00007fff	0x00000000	0x00007fff
0x7fffffffc5d0:	0xffffc5e0	0x00007fff	0x00000000	0x00000000
0x7fffffffc5e0:	0x00000000	0x00000000	0xcd4b8a00	0x8d96dc16
0x7fffffffc5f0:	0xf48116b0	0x00007fff	0xf48114f8	0x00007fff
0x7fffffffc600:	0x594a5c60	0x00005555	0x594a5c60	0x00005555
0x7fffffffc610:	0x594a5c60	0x00005555	0x594a5c60	0x00005555
0x7fffffffc620:	0x594a5c60	0x00005555	0x594a5e60	0x00005555
0x7fffffffc630:	0xf4818d60	0x00007fff	0x00000010	0x8d96dc16
0x7fffffffc640:	0x594a5c60	0x00005555	0x00000000	0x00000000
0x7fffffffc650:	0x00000200	0x00000000	0x6f63206e	0x00616d6d
0x7fffffffc660:	0xf48116d8	0x00007fff	0x00000006	0x00000000
0x7fffffffc670:	0x00000000	0x00000000	0x00001002	0x00000000
0x7fffffffc680:	0x00000000	0x00007fff	0x00000000	0x00000000
0x7fffffffc690:	0x00000000	0x00000000	0x00000000	0x00000000
0x7fffffffc6a0:	0x00000000	0x00000000	0x00000000	0x00000000
0x7fffffffc6b0:	0x00000000	0x00000000	0x00000000	0x00000000
0x7fffffffc6c0:	0x00000000	0x00000000	0x00000000	0x00000000
0x7fffffffc6d0:	0x00000000	0x00000000	0x00000000	0x00000000
0x7fffffffc6e0:	0x00000000	0x00000000	0x00000000	0x00000000
0x7fffffffc6f0:	0x00000000	0x00000000	0x00000000	0x00000000
0x7fffffffc700:	0x00000000	0x00000000	0x00000000	0x00000000
0x7fffffffc710:	0x00000000	0x00000000	0x00000000	0x00000000
0x7fffffffc720:	0x00000008	0x00000000	0xffffc6a0	0x00007fff
0x7fffffffc730:	0xf4818d60	0x00007fff	0x00000000	0x00000000
0x7fffffffc740:	0xffff0000	0x00007fff	0xffffc5f8	0x00007fff
0x7fffffffc750:	0xf4818780	0x00007fff	0xf4818710	0x00007fff
0x7fffffffc760:	0xf4818720	0x00007fff	0xcd4b8a00	0x8d96dc16
0x7fffffffc770:	0x00000000	0x00000000	0x55b83600	0x00005555
0x7fffffffc780:	0xffffc810	0x00007fff	0x00000000	0x00000000
0x7fffffffc790:	0x55e90690	0x00005555	0x00000004	0x00000000
0x7fffffffc7a0:	0xffffc8f0	0x00007fff	0xf72507a3	0x00007fff
0x7fffffffc7b0:	0xffffc7f0	0x00007fff	0x00000000	0x00000000
0x7fffffffc7c0:	0xffffcca0	0x00007fff	0xcd4b8a00	0x8d96dc16
0x7fffffffc7d0:	0xffffc8d0	0x00007fff	0x55ec28a0	0x00005555
0x7fffffffc7e0:	0x00000000	0x00000000	0x55e907e0	0x00005555
0x7fffffffc7f0:	0x55ec28a0	0x00005555	0x55e90690	0x00005555

Why isn't there a symbol package, just for some ports?

Regards,
Patrik

More information about the debian-science-maintainers mailing list