Bug #3763: 1.9.2-p0 SEGV in String:+
http://redmine.ruby-lang.org/issues/show/3763

Author: Graham Menhennitt
Status: Open, Priority: Normal
ruby -v: ruby 1.9.2p0 (2010-08-18 revision 29036) [i386-mswin32]

I'm getting an occasional crash when calling the += operator for a String. It happens fairly rarely (maybe once per 10,000 calls), but it always looks the same.

The dump looks like:

K:/1062_GEN3/target_hmi/src/agent/devicecontrol/Raven Test Harness/Simulator.rb:14: [BUG] Segmentation fault
ruby 1.9.2p0 (2010-08-18 revision 29036) [i386-mswin32]

-- control frame ----------
c:0010 p:---- s:0029 b:0029 l:000028 d:000028 CFUNC  :+
c:0009 p:0011 s:0025 b:0025 l:000024 d:000024 METHOD K:/1062_GEN3/target_hmi/src/agent/devicecontrol/Raven Test Harness/Simulator.rb:14
c:0008 p:0020 s:0019 b:0019 l:000c64 d:000018 BLOCK  K:/1062_GEN3/target_hmi/src/agent/devicecontrol/Raven Test Harness/SimulatorApp.rb:57
c:0007 p:---- s:0016 b:0016 l:000015 d:000015 FINISH
c:0006 p:---- s:0014 b:0014 l:000013 d:000013 CFUNC  :call
c:0005 p:---- s:0012 b:0012 l:000011 d:000011 CFUNC  :on_run
c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC  :main_loop
c:0003 p:0173 s:0007 b:0007 l:001f5c d:0014d0 EVAL   RadioMain.rb:11
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:001f5c d:001f5c TOP
---------------------------
-- Ruby level backtrace information ----------------------------------------
RadioMain.rb:11:in `<main>'
RadioMain.rb:11:in `main_loop'
RadioMain.rb:11:in `on_run'
RadioMain.rb:11:in `call'
K:/1062_GEN3/target_hmi/src/agent/devicecontrol/Raven Test Harness/SimulatorApp.rb:57:in `block in on_init'
K:/1062_GEN3/target_hmi/src/agent/devicecontrol/Raven Test Harness/Simulator.rb:14:in `receivedData'
K:/1062_GEN3/target_hmi/src/agent/devicecontrol/Raven Test Harness/Simulator.rb:14:in `+'

and the offending line is the first line (+=) in the method:

    def receivedData(data)
        @inputBuffer += data
        while true
            remainder, packet = getPacket(@inputBuffer)
            break if packet.nil?
            print "< #{packet.dump}\n" if @verbosity >= 4
            @inputBuffer = remainder
            processPacket(packet)
            update()
        end
    end

The only thing that's unusual about this method is that it's called on a wxRuby event.

The event looks like:

    class ReceivedDataEvent < Wx::CommandEvent
        EVT_RECV_DATA = Wx::EvtHandler.register_class(self, nil, 'evt_receivedData', 0)

        def initialize(receivedData)
            super(EVT_RECV_DATA)
            self.client_data = receivedData
        end
    end

and the caller is:

        evt_receivedData() { |event| @simulator.receivedData(event.client_data) }

The event is generated from a separate thread created with Thread.new().


----------------------------------------
http://redmine.ruby-lang.org