Bug 6369 - Disassembler crashes MD
Summary: Disassembler crashes MD
Status: RESOLVED FIXED
Alias: None
Product: Xamarin Studio
Classification: Desktop
Component: Debugger ()
Version: 3.0.x
Hardware: PC Mac OS
: Normal major
Target Milestone: ---
Assignee: Jeffrey Stedfast
URL:
Depends on:
Blocks:
 
Reported: 2012-08-02 16:42 UTC by Marek Safar
Modified: 2012-09-18 18:17 UTC (History)
4 users (show)

Tags: GTK
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Marek Safar 2012-08-02 16:42:29 UTC
using System;

namespace TestCrash
{
	class MainClass
	{
		public static void Main (string[] args)
		{
			Console.WriteLine ("\uFFFF");  // Set a breakpoint here and View -> Show Disassembly
		}
	}
}
Comment 1 Jeffrey Stedfast 2012-08-02 17:15:49 UTC
this appears to be a bug in pango while rendering \uFFFF

Thread 1 (process 83422):
#0  0x95c61fda in __wait4 ()
#1  0x95cf74ec in waitpid$UNIX2003 ()
#2  0x000e17fb in mono_handle_native_sigsegv (signal=11, ctx=0xbfffc530) at mini-exceptions.c:2192
#3  0x0001168f in mono_sigsegv_signal_handler (_dummy=10, info=0xbfffc4f0, context=0xbfffc530) at mini.c:5917
#4  <signal handler called>
#5  0x9c04dc42 in CFStringCreateCopy ()
#6  0x9c0d9538 in CFAttributedStringCreate ()
#7  0x096f641b in run_iterator_create (iter=0xbfffc658, text=0x9703a70 "00000000   ldstr ???", length=20, ctfont=0x994cee0) at basic-coretext.c:216
#8  0x096f66da in create_core_text_glyph_list (text=0x9703a70 "00000000   ldstr ???", length=20, ctfont=0x994cee0) at basic-coretext.c:316
#9  0x096f67f3 in basic_engine_shape (engine=0x15e9010, font=0xd4f200, text=0x9703a70 "00000000   ldstr ???", length=20, analysis=0x172b6fc, glyphs=0xc34c2d0) at basic-coretext.c:389
#10 0x04c1d6af in _pango_engine_shape_shape (engine=0x15e9010, font=0xd4f200, text=0x9703a70 "00000000   ldstr ???", length=20, analysis=0x172b6fc, glyphs=0xc34c2d0) at pango-engine.c:94
#11 0x04c3a643 in pango_shape (text=0x9703a70 "00000000   ldstr ???", length=20, analysis=0x172b6fc, glyphs=0xc34c2d0) at shape.c:55
#12 0x04c2896a in shape_run (line=0x10ab64c0, state=0xbfffc9b0, item=0x172b6f0) at pango-layout.c:3183
#13 0x04c28c22 in process_item (layout=0x92e208, line=0x10ab64c0, state=0xbfffc9b0, force_fit=1, no_break_at_end=0) at pango-layout.c:3294
#14 0x04c29637 in process_line (layout=0x92e208, state=0xbfffc9b0) at pango-layout.c:3592
#15 0x04c2a1a5 in pango_layout_check_lines (layout=0x92e208) at pango-layout.c:3913
#16 0x04c27a7c in pango_layout_get_extents_internal (layout=0x92e208, ink_rect=0x0, logical_rect=0xbfffcb38, line_extents=0x0) at pango-layout.c:2490
#17 0x04c27f12 in pango_layout_get_extents (layout=0x92e208, ink_rect=0x0, logical_rect=0xbfffcb38) at pango-layout.c:2672
#18 0x04c28052 in pango_layout_get_size (layout=0x92e208, width=0xbfffcca4, height=0xbfffcca0) at pango-layout.c:2720
#19 0x0ffc05b0 in ?? ()
#20 0x0ffc056c in ?? ()
#21 0x0ffb9984 in ?? ()
#22 0x10095924 in ?? ()
#23 0x10093fb8 in ?? ()
#24 0x10090cc4 in ?? ()
#25 0x10090118 in ?? ()
#26 0x098d7012 in ?? ()
#27 0x08617a74 in ?? ()
#28 0x045861de in _gtk_marshal_BOOLEAN__BOXED (closure=0x1e82460, return_value=0xbfffdc20, n_param_values=2, param_values=0xc52f050, invocation_hint=0xbfffdc50, marshal_data=0x8617a40) at gtkmarshalers.c:86
#29 0x043d99ce in g_type_class_meta_marshal (closure=0x1e82460, return_value=0xbfffdc20, n_param_values=2, param_values=0xc52f050, invocation_hint=0xbfffdc50, marshal_data=0xc8) at gclosure.c:885
#30 0x043d95bf in g_closure_invoke (closure=0x1e82460, return_value=0xbfffdc20, n_param_values=2, param_values=0xc52f050, invocation_hint=0xbfffdc50) at gclosure.c:774
#31 0x043f9e94 in signal_emit_unlocked_R (node=0x1e82310, detail=0, instance=0xc35b8d8, emission_return=0xbfffde38, instance_and_params=0xc52f050) at gsignal.c:3310
#32 0x043f898c in g_signal_emit_valist (instance=0xc35b8d8, signal_id=41, detail=0, var_args=0xbfffdfb0 "????\003") at gsignal.c:3013
#33 0x043f8db1 in g_signal_emit (instance=0xc35b8d8, signal_id=41, detail=0) at gsignal.c:3060
#34 0x04732e9d in gtk_widget_event_internal (widget=0xc35b8d8, event=0xbfffe0b8) at gtkwidget.c:5060
#35 0x04732aa1 in gtk_widget_send_expose (widget=0xc35b8d8, event=0xbfffe0b8) at gtkwidget.c:4880
#36 0x04582358 in gtk_main_do_event (event=0xbfffe0b8) at gtkmain.c:1610
#37 0x04ade3b2 in _gdk_window_process_updates_recurse (window=0x109b60c8, expose_region=0x16886a0) at gdkwindow.c:5443
#38 0x04ade2aa in _gdk_window_process_updates_recurse (window=0x1693e68, expose_region=0x15eefc0) at gdkwindow.c:5416
#39 0x04ade2aa in _gdk_window_process_updates_recurse (window=0x146c838, expose_region=0x1796bc0) at gdkwindow.c:5416
#40 0x04ade2aa in _gdk_window_process_updates_recurse (window=0x1235700, expose_region=0xf21d40) at gdkwindow.c:5416
#41 0x04aeb0d2 in -[GdkQuartzView drawRect:] (self=0x9783240, _cmd=0x9a8d775c, rect={origin = {x = 0, y = 34}, size = {width = 1440, height = 747}}) at GdkQuartzView.c:110
#42 0x99f71989 in -[NSView _drawRect:clip:] ()
#43 0x99f6f9a8 in -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] ()
#44 0x99f69e9e in -[NSView _displayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] ()
#45 0x99f62d5c in -[NSView displayIfNeeded] ()
#46 0x04b04231 in _gdk_windowing_after_process_all_updates () at gdkwindow-quartz.c:450
#47 0x04ade8df in gdk_window_process_all_updates () at gdkwindow.c:5721
#48 0x044c5e12 in gtk_container_idle_sizer (data=0x0) at gtkcontainer.c:1360
#49 0x04aa6dee in gdk_threads_dispatch (data=0x3a810a0) at gdk.c:512
#50 0x04258800 in g_idle_dispatch (source=0x101973f0, callback=0x4aa6d90 <gdk_threads_dispatch>, user_data=0x3a810a0) at
Comment 2 Mike Krüger 2012-08-08 06:02:20 UTC
when I open the assembly with the assembly browser I get this trace:

The 0xFFFF char is part of the string - but utf-8 can handle that char (as "ef bf bf' byte sequence).

If pango has an invalid char can we just display a empty rectangle or something ? Does it have to native crash ?

Setting it to 'low' because it's unlikely that someone runs into that - but generally it's one of the bigger issues with pango.

btw. @mitch: I don't know if you're the right one to assign to that. If not sorry for that and reassign that one.

--------
WARNING [2012-08-08 11:51:30Z]: Pango-Warning: Invalid UTF-8 string passed to pango_layout_set_text()
Stack trace: 
   at Pango.Layout.SetText(System.String text)
   at Mono.TextEditor.TextViewMargin.CreateLinePartLayout(ISyntaxMode mode, Mono.TextEditor.DocumentLine line, Int32 logicalRulerColumn, Int32 offset, Int32 length, Int32 selectionStart, Int32 selectionEnd) in /Users/mkrueger/work/monodevelop/main/src/core/Mono.Texteditor/Mono.TextEditor/Gui/TextViewMargin.cs:line 946
   at Mono.TextEditor.TextViewMargin.DrawLinePart(Cairo.Context cr, Mono.TextEditor.DocumentLine line, Int32 lineNumber, Int32 logicalRulerColumn, Int32 offset, Int32 length, Double ByRef pangoPosition, Boolean ByRef isSelectionDrawn, Double y, Double maxX) in /Users/mkrueger/work/monodevelop/main/src/core/Mono.Texteditor/Mono.TextEditor/Gui/TextViewMargin.cs:line 1353
   at Mono.TextEditor.TextViewMargin.Draw(Cairo.Context cr, Rectangle area, Mono.TextEditor.DocumentLine line, Int32 lineNr, Double x, Double y, Double _lineHeight) in /Users/mkrueger/work/monodevelop/main/src/core/Mono.Texteditor/Mono.TextEditor/Gui/TextViewMargin.cs:line 2263
   at Mono.TextEditor.TextEditor.RenderMargins(Cairo.Context cr, Cairo.Context textViewCr, Rectangle cairoRectangle) in /Users/mkrueger/work/monodevelop/main/src/core/Mono.Texteditor/Mono.TextEditor/Gui/TextEditor.cs:line 1644
   at Mono.TextEditor.TextEditor.OnExposeEvent(Gdk.EventExpose e) in /Users/mkrueger/work/monodevelop/main/src/core/Mono.Texteditor/Mono.TextEditor/Gui/TextEditor.cs:line 1716
   at Gtk.Widget.exposeevent_cb(IntPtr widget, IntPtr evnt)
   at Gtk.Application.gtk_main()
   at Gtk.Application.Run()
   at MonoDevelop.Ide.IdeApp.Run() in /Users/mkrueger/work/monodevelop/main/src/core/MonoDevelop.Ide/MonoDevelop.Ide/Ide.cs:line 391
   at MonoDevelop.Ide.IdeStartup.Run(MonoDevelop.Ide.MonoDevelopOptions options) in /Users/mkrueger/work/monodevelop/main/src/core/MonoDevelop.Ide/MonoDevelop.Ide/IdeStartup.cs:line 272
   at MonoDevelop.Ide.IdeStartup.Main(System.String[] args) in /Users/mkrueger/work/monodevelop/main/src/core/MonoDevelop.Ide/MonoDevelop.Ide/IdeStartup.cs:line 503
   at MonoDevelop.Startup.MonoDevelopMain.Main(System.String[] args) in /Users/mkrueger/work/monodevelop/main/src/core/MonoDevelop.Startup/MonoDevelop.Startup/MonoDevelopMain.cs:line 16
Stacktrace:

  at (wrapper managed-to-native) Pango.Layout.pango_layout_get_size (intptr,int&,int&) <IL 0x00025, 0xffffffff>
  at Pango.Layout.GetSize (int&,int&) <IL 0x00008, 0x0001b>
  at Mono.TextEditor.TextViewMargin.CreateLinePartLayout (Mono.TextEditor.Highlighting.ISyntaxMode,Mono.TextEditor.DocumentLine,int,int,int,int,int) [0x00514] in /Users/mkrueger/work/monodevelop/main/src/core/Mono.Texteditor/Mono.TextEditor/Gui/TextViewMargin.cs:952
  at Mono.TextEditor.TextViewMargin.DrawLinePart (Cairo.Context,Mono.TextEditor.DocumentLine,int,int,int,int,double&,bool&,double,double) [0x00087] in /Users/mkrueger/work/monodevelop/main/src/core/Mono.Texteditor/Mono.TextEditor/Gui/TextViewMargin.cs:1353
  at Mono.TextEditor.TextViewMargin.Draw (Cairo.Context,Cairo.Rectangle,Mono.TextEditor.DocumentLine,int,double,double,double) [0x00456] in /Users/mkrueger/work/monodevelop/main/src/core/Mono.Texteditor/Mono.TextEditor/Gui/TextViewMargin.cs:2263
  at Mono.TextEditor.TextEditor.RenderMargins (Cairo.Context,Cairo.Context,Cairo.Rectangle) [0x000d7] in /Users/mkrueger/work/monodevelop/main/src/core/Mono.Texteditor/Mono.TextEditor/Gui/TextEditor.cs:1644
  at Mono.TextEditor.TextEditor.OnExposeEvent (Gdk.EventExpose) [0x000f0] in /Users/mkrueger/work/monodevelop/main/src/core/Mono.Texteditor/Mono.TextEditor/Gui/TextEditor.cs:1716
  at Gtk.Widget.exposeevent_cb (intptr,intptr) <IL 0x00014, 0x00061>
  at (wrapper native-to-managed) Gtk.Widget.exposeevent_cb (intptr,intptr) <IL 0x00020, 0xffffffff>
  at (wrapper managed-to-native) Gtk.Application.gtk_main () <IL 0x00022, 0xffffffff>
  at Gtk.Application.Run () <IL 0x00000, 0x0000b>
  at MonoDevelop.Ide.IdeApp.Run () [0x00000] in /Users/mkrueger/work/monodevelop/main/src/core/MonoDevelop.Ide/MonoDevelop.Ide/Ide.cs:391
  at MonoDevelop.Ide.IdeStartup.Run (MonoDevelop.Ide.MonoDevelopOptions) [0x00683] in /Users/mkrueger/work/monodevelop/main/src/core/MonoDevelop.Ide/MonoDevelop.Ide/IdeStartup.cs:272
  at MonoDevelop.Ide.IdeStartup.Main (string[]) [0x0004f] in /Users/mkrueger/work/monodevelop/main/src/core/MonoDevelop.Ide/MonoDevelop.Ide/IdeStartup.cs:503
  at MonoDevelop.Startup.MonoDevelopMain.Main (string[]) [0x00000] in /Users/mkrueger/work/monodevelop/main/src/core/MonoDevelop.Startup/MonoDevelop.Startup/MonoDevelopMain.cs:16
  at (wrapper runtime-invoke) <Module>.runtime_invoke_int_object (object,intptr,intptr,intptr) <IL 0x0005c, 0xffffffff>

Native stacktrace:

	0   mono                                0x0009fdbf mono_handle_native_sigsegv + 287
	1   mono                                0x00004f6e mono_sigsegv_signal_handler + 334
	2   libsystem_c.dylib                   0x9878159b _sigtramp + 43
	3   ???                                 0xffffffff 0x0 + 4294967295
	4   CoreFoundation                      0x9bd16538 CFAttributedStringCreate + 104
	5   pango-basic-coretext.so             0x087fb44a run_iterator_create + 257
	6   pango-basic-coretext.so             0x087fb670 create_core_text_glyph_list + 52
	7   pango-basic-coretext.so             0x087fb74e basic_engine_shape + 57
	8   libpango-1.0.0.dylib                0x052f1520 _pango_engine_shape_shape + 66
	9   libpango-1.0.0.dylib                0x05309b11 pango_shape + 102
	10  libpango-1.0.0.dylib                0x052fa762 shape_run + 186
	11  libpango-1.0.0.dylib                0x052fa9ca process_item + 94
	12  libpango-1.0.0.dylib                0x052fb2d7 process_line + 420
	13  libpango-1.0.0.dylib                0x052fbcff pango_layout_check_lines + 1159
	14  libpango-1.0.0.dylib                0x052f9ab5 pango_layout_get_extents_internal + 218
	15  libpango-1.0.0.dylib                0x052f9ec8 pango_layout_get_extents + 88
	16  libpango-1.0.0.dylib                0x052f9fbb pango_layout_get_size + 32
	17  ???                                 0x0f78d0b8 0x0 + 259575992
	18  ???                                 0x0f78d074 0x0 + 259575924
	19  ???                                 0x0f725d2c 0x0 + 259153196
	20  ???                                 0x106e75f4 0x0 + 275674612
	21  ???                                 0x106e5b88 0x0 + 275667848
	22  ???                                 0x106e2144 0x0 + 275652932
	23  ???                                 0x106e15bc 0x0 + 275649980
	24  ???                                 0x0aecfa4a 0x0 + 183302730
	25  ???                                 0x09bffd04 0x0 + 163577092
	26  libgtk-quartz-2.0.0.dylib           0x04df260a _gtk_marshal_BOOLEAN__BOXED + 225
	27  libgobject-2.0.0.dylib              0x04c798ba g_type_class_meta_marshal + 97
	28  libgobject-2.0.0.dylib              0x04c795aa g_closure_invoke + 373
	29  libgobject-2.0.0.dylib              0x04c93e70 signal_emit_unlocked_R + 3014
	30  libgobject-2.0.0.dylib              0x04c92e1e g_signal_emit_valist + 2289
	31  libgobject-2.0.0.dylib              0x04c930ca g_signal_emit + 44
	32  libgtk-quartz-2.0.0.dylib           0x04f66f69 gtk_widget_event_internal + 846
	33  libgtk-quartz-2.0.0.dylib           0x04f66b38 gtk_widget_send_expose + 324
	34  libgtk-quartz-2.0.0.dylib           0x04def417 gtk_main_do_event + 731
	35  libgdk-quartz-2.0.0.dylib           0x051fa112 _gdk_window_process_updates_recurse + 763
	36  libgdk-quartz-2.0.0.dylib           0x051fa01b _gdk_window_process_updates_recurse + 516
	37  libgdk-quartz-2.0.0.dylib           0x051fa01b _gdk_window_process_updates_recurse + 516
	38  libgdk-quartz-2.0.0.dylib           0x051fa01b _gdk_window_process_updates_recurse + 516
	39  libgdk-quartz-2.0.0.dylib           0x051fa01b _gdk_window_process_updates_recurse + 516
	40  libgdk-quartz-2.0.0.dylib           0x05204db3 -[GdkQuartzView drawRect:] + 403
	41  AppKit                              0x96e3e989 -[NSView _drawRect:clip:] + 3929
	42  AppKit                              0x96e3c9a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 2650
	43  AppKit                              0x96e36e9e -[NSView _displayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] + 4817
	44  AppKit                              0x96e2fd5c -[NSView displayIfNeeded] + 1256
	45  libgdk-quartz-2.0.0.dylib           0x0521829f _gdk_windowing_after_process_all_updates + 105
	46  libgdk-quartz-2.0.0.dylib           0x051fa624 gdk_window_process_all_updates + 315
	47  libgdk-quartz-2.0.0.dylib           0x051f9d7c gdk_window_update_idle + 11
	48  libgdk-quartz-2.0.0.dylib           0x051cd840 gdk_threads_dispatch + 85
	49  libglib-2.0.0.dylib                 0x04b435a6 g_idle_dispatch + 71
	50  libglib-2.0.0.dylib                 0x04b3e910 g_main_dispatch + 489
	51  libglib-2.0.0.dylib                 0x04b3fec9 g_main_context_dispatch + 138
	52  libglib-2.0.0.dylib                 0x04b403dd g_main_context_iterate + 1193
	53  libglib-2.0.0.dylib                 0x04b40bb6 g_main_loop_run + 932
	54  libgtk-quartz-2.0.0.dylib           0x04deeaa7 gtk_main + 239
	55  ???                                 0x0c66f104 0x0 + 208072964
	56  ???                                 0x0c66f0cc 0x0 + 208072908
	57  ???                                 0x0c66f0ac 0x0 + 208072876
	58  ???                                 0x0317553c 0x0 + 51860796
	59  ???                                 0x00554f90 0x0 + 5590928
	60  ???                                 0x00554d9c 0x0 + 5590428
	61  ???                                 0x00554e56 0x0 + 5590614
	62  mono                                0x0000ecf4 mono_jit_runtime_invoke + 164
	63  mono                                0x00184354 mono_runtime_invoke + 68
	64  mono                                0x0018a4a1 mono_runtime_exec_main + 369
	65  mono                                0x0007464d mono_main + 6797
	66  mono                                0x00001fd6 start + 54
Comment 3 Marek Safar 2012-08-08 06:05:17 UTC
Setting to normal, it's used in mscorlib at few places (found it during debugging)
Comment 4 Mikayla Hutchinson [MSFT] 2012-08-08 11:37:20 UTC
Surely the disassembler should be escaping strings so they can be displayed in a meaningful way?
Comment 5 Kristian Rietveld (inactive) 2012-08-08 11:53:30 UTC
This is one for me to handle. (I can't seem to change the assigned to field though).
Comment 6 Kristian Rietveld (inactive) 2012-08-27 03:48:15 UTC
From comment 2:
> The 0xFFFF char is part of the string - but utf-8 can handle that char (as "ef
> bf bf' byte sequence).

Yes, from what I can see 0xffff is a valid UTF8 character, but 0xffff is an *invalid* UTF8 byte stream and hence the Pango error.

> If pango has an invalid char can we just display a empty rectangle or something
> ? Does it have to native crash ?

It should definitely not crash :)  The crash happens because the CFString construction function returns NULL because the passed in string contains invalid UTF8.  I have modified the code to check the return value and silently fail (this will cause Pango to push out a "shaping engine failure") avoiding the crash.

The commit for this has just been upstreamed and can be found here:

http://git.gnome.org/browse/pango/patch/?id=fa4cd1a232529898a616e86ab89965d5ffc52347

Because the string contains invalid UTF8, we cannot really do an attempt to shape the parts of the string that are valid, figuring that out is not up to the shaping engine. With the above patch in place, the program will no longer crash, but simply emit an error to the console and draw the well known boxes with hex codes instead of glyphs.
Comment 7 Mikayla Hutchinson [MSFT] 2012-08-27 13:00:11 UTC
Patch applied to bockbuild, thanks.

Now we need to fix the debugger to actually escape the strings, so user can see the characters.
Comment 8 Jeffrey Stedfast 2012-09-18 18:17:06 UTC
fixed in git