What does this stack trace possibly mean?

Question

Hi,

I'm having segfault problem in my application written using C++ and compiled using GCC 4.3.2. It is running under Debian 5 x64.

The process crashed on the following line of code:

#0  0x00000000007c720f in Action::LoadInfoFromDB (this=0x7fae10d38d90)
    at ../../../src/server/Action.cpp:1233
1233            m_tmap[tId]->slist[sId] = pItem;

The stack trace that i got from the core dump is as follows:

#0  0x00000000007c720f in Action::LoadInfoFromDB (this=0x7fae10d38d90)
    at ../../../src/server/Action.cpp:1233
    ItemGuid = <value optimized out>
    ItemEntry = <value optimized out>
    pItem = (class Item *) 0x2b52bae0
    fields = <value optimized out>
    tId = 1 '\001'
    sId = 0 '\0'
    result = (QueryResult *) 0x7fadcae3d8e0
#1  0x00000000007c7584 in Action::DisplayInfo (this=0x0, session=0x7fadbdd44a20)
    at ../../../src/server/Action.cpp:1090
    data = {<ByteBuffer> = {static DEFAULT_SIZE = 4096, _rpos = 220043248, _wpos = 5469086, 
    _storage = {<std::_Vector_base<unsigned char, std::allocator<unsigned char> >> = {
        _M_impl = {<std::allocator<unsigned char>> = {<__gnu_cxx::new_allocator<unsigned char>> = {<No data fields>}, <No data fields>}, _M_start = 0x41200000 <Address 0x41200000 out of bounds>, 
          _M_finish = 0x0, 
          _M_end_of_storage = 0x7fad00000000 <Address 0x7fad00000000 out of bounds>}}, <No data fields>}}, m_code = 51152}
#2  0x00000000007d01a3 in Session::HandleAction (this=0x7fadbdd44a20, 
    recv_data=@0x25d83780) at ../../../src/server/ActionHandler.cpp:862
    pAction = (Action *) 0x0
    ActionId = 1079
    GoGuid = <value optimized out>

In frame #1, Action::DisplayInfo was called from Session::HandleAction on pAction. However frame #1 shows this=0x0, and frame #2 shows pAction = (Action *) 0x0.

I can't understand why this caused a crash. What does this possibly mean? DisplayInfo can't be called on a null reference !

Any help is most appreciated.

Thanks

Answer 1

m_tmap[tId]->slist[sId] = pItem;

If that's the crash position, you're most likely indexing into non-existent data. If m_tmap is a std::map it's ok - but did you verify slist[sId] is a valid subscript?

Or - you called a member function on a NULL (or otherwise invalid)-Pointer and crash the first time you're accessing a member of the object directly, even if it's a few frames away. Are you sure pAction can't be NULL?

Stack traces needn't be valid. Firstly, you can corrupt them in your application. Secondly, optimizing compilers optimize that much away that the resulting stack traces are not reliable. Try a build with compiler optimizations disabled and use assert to verify your array subscripting is ok.

Answer 2

It's pretty obvious that pAction is null, and you called pAction->DisplayInfo. Look at how the addresses in Action are all invalid in frame 1. Other than that, it's hard to tell why without seeing some code, but I guess DisplayInfo calls LoadInfoFromDB either directly or indirectly.