POV-Ray: Newsgroups: povray.beta-test: Random crash in beta.4: Re: Unix stack for crash in beta.5

POV-Ray : Newsgroups : povray.beta-test : Random crash in beta.4 : Re: Unix stack for crash in beta.5		Server Time 2 May 2024 02:05:46 EDT (-0400)

From: clipka
Date: 6 Apr 2017 06:08:51
Message: <58e613b3$1@news.povray.org>

Am 06.04.2017 um 10:44 schrieb dick balaska:
> 
> Fixed cut/paste instructions (was a bad cd)
> 
> wget http://www.buckosoft.com/tteoac/video/ttcrash2.bz2
> tar -xvjf ttcrash2.bz2
> cd ttcrash2/ttto
> povray ttto.ini -sf100 -ef100
> 
> 
> My theory from the stack trace was that it gave up on a #declare's
> rvalue, and double freed it.  That seems to be likely.

No, not exactly.

It turns out that the "switch" construct around the incomplete
declaration is irrelevant; it's the "#include" that's working the magic.

The recipe for desaster is as follows:

    <start of "local" scope>
    #local <Identifier> = <Valid RValue>
    #local <Identifier> =
    <end of "local" scope>
    <Valid RValue>

For example, the following also causes a crash:

    #macro Foo()
      #local Bar=1;
      #local Bar=
    #end

    Foo()

    sphere {<0,0,0>,1}

The end of local scope causes the identifier and its content to be
ditched, but the code responsible for parsing `#local` statements tries
to ditch the content again in order to replace it with the new content.

Post a reply to this message