https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71867
--- Comment #8 from asmwarrior <asmwarrior at gmail dot com> ---
Hi, I just build wx2.8.12 under TDM-GCC 5.1 with
-fno-delete-null-pointer-checks enabled. But the bad thing is that I still see
the same crash here. The whole command is below:
mingw32-make -f makefile.gcc USE_XRC=1 SHARED=1 MONOLITHIC=1 BUILD=release
UNICODE=1 USE_OPENGL=1 VENDOR=cb CXXFLAGS="-Wno-unused-local-typedefs
-Wno-deprecated-declarations -fno-keep-inline-dllexport
-fno-delete-null-pointer-checks -g" >log-release-no-delete-null.txt 2>&1
For some assembler code of the crash:
[debug]Stack level 0, frame at 0x22e004:
[debug] eip = 0x6d11fb05 in wxClassInfo::IsKindOf
(F:\wx\wxMSW-2.8.12\include\wx\object.h:94); saved eip = 0x6cfa043d
[debug] inlined into frame 1
[debug] source language c++.
[debug] Arglist at unknown address.
[debug] Locals at unknown address, Previous frame's sp in esp
[debug]>>>>>>cb_gdb:
[debug]> disassemble 0x6d11fb05
[debug]Dump of assembler code for function wxCheckDynamicCast(wxObject*,
wxClassInfo*):
[debug] 0x6d11fa70 <+0>: push ebp
[debug] 0x6d11fa71 <+1>: push edi
[debug] 0x6d11fa72 <+2>: push esi
[debug] 0x6d11fa73 <+3>: push ebx
[debug] 0x6d11fa74 <+4>: sub esp,0x1c
[debug] 0x6d11fa77 <+7>: mov ebx,DWORD PTR [esp+0x30]
[debug] 0x6d11fa7b <+11>: mov esi,DWORD PTR [esp+0x34]
[debug] 0x6d11fa7f <+15>: test ebx,ebx
[debug] 0x6d11fa81 <+17>: je 0x6d11fb50
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+224>
[debug] 0x6d11fa87 <+23>: mov eax,DWORD PTR [ebx]
[debug] 0x6d11fa89 <+25>: mov ecx,ebx
[debug] 0x6d11fa8b <+27>: call DWORD PTR [eax]
[debug] 0x6d11fa8d <+29>: test esi,esi
[debug] 0x6d11fa8f <+31>: mov edx,eax
[debug] 0x6d11fa91 <+33>: je 0x6d11fb50
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+224>
[debug] 0x6d11fa97 <+39>: cmp eax,esi
[debug] 0x6d11fa99 <+41>: je 0x6d11fb3e
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+206>
[debug] 0x6d11fa9f <+47>: mov edi,DWORD PTR [eax+0xc]
[debug] 0x6d11faa2 <+50>: test edi,edi
[debug] 0x6d11faa4 <+52>: je 0x6d11fb05
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+149>
[debug] 0x6d11faa6 <+54>: cmp esi,edi
[debug] 0x6d11faa8 <+56>: je 0x6d11fb3e
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+206>
[debug] 0x6d11faae <+62>: mov ebp,DWORD PTR [edi+0xc]
[debug] 0x6d11fab1 <+65>: test ebp,ebp
[debug] 0x6d11fab3 <+67>: je 0x6d11faed
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+125>
[debug] 0x6d11fab5 <+69>: cmp esi,ebp
[debug] 0x6d11fab7 <+71>: je 0x6d11fb3e
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+206>
[debug] 0x6d11fabd <+77>: mov ecx,DWORD PTR [ebp+0xc]
[debug] 0x6d11fac0 <+80>: test ecx,ecx
[debug] 0x6d11fac2 <+82>: je 0x6d11fad5
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+101>
[debug] 0x6d11fac4 <+84>: mov DWORD PTR [esp],esi
[debug] 0x6d11fac7 <+87>: call 0x6d166c80
<wxClassInfo::IsKindOf(wxClassInfo const*) const>
[debug] 0x6d11facc <+92>: sub esp,0x4
[debug] 0x6d11facf <+95>: test al,al
[debug] 0x6d11fad1 <+97>: mov ecx,ebx
[debug] 0x6d11fad3 <+99>: jne 0x6d11fb40
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+208>
[debug] 0x6d11fad5 <+101>: mov ecx,DWORD PTR [ebp+0x10]
[debug] 0x6d11fad8 <+104>: test ecx,ecx
[debug] 0x6d11fada <+106>: je 0x6d11faed
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+125>
[debug] 0x6d11fadc <+108>: mov DWORD PTR [esp],esi
[debug] 0x6d11fadf <+111>: call 0x6d166c80
<wxClassInfo::IsKindOf(wxClassInfo const*) const>
[debug] 0x6d11fae4 <+116>: sub esp,0x4
[debug] 0x6d11fae7 <+119>: test al,al
[debug] 0x6d11fae9 <+121>: mov ecx,ebx
[debug] 0x6d11faeb <+123>: jne 0x6d11fb40
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+208>
[debug] 0x6d11faed <+125>: mov ecx,DWORD PTR [edi+0x10]
[debug] 0x6d11faf0 <+128>: test ecx,ecx
[debug] 0x6d11faf2 <+130>: je 0x6d11fb05
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+149>
[debug] 0x6d11faf4 <+132>: mov DWORD PTR [esp],esi
[debug] 0x6d11faf7 <+135>: call 0x6d166c80
<wxClassInfo::IsKindOf(wxClassInfo const*) const>
[debug] 0x6d11fafc <+140>: sub esp,0x4
[debug] 0x6d11faff <+143>: test al,al
[debug] 0x6d11fb01 <+145>: mov ecx,ebx
[debug] 0x6d11fb03 <+147>: jne 0x6d11fb40
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+208>
[debug]=> 0x6d11fb05 <+149>: mov edx,DWORD PTR [edx+0x10]
[debug] 0x6d11fb08 <+152>: test edx,edx
[debug] 0x6d11fb0a <+154>: je 0x6d11fb50
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+224>
[debug] 0x6d11fb0c <+156>: cmp esi,edx
[debug] 0x6d11fb0e <+158>: je 0x6d11fb3e
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+206>
[debug] 0x6d11fb10 <+160>: mov ecx,DWORD PTR [edx+0xc]
[debug] 0x6d11fb13 <+163>: test ecx,ecx
[debug] 0x6d11fb15 <+165>: je 0x6d11fb28
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+184>
[debug] 0x6d11fb17 <+167>: mov DWORD PTR [esp],esi
[debug] 0x6d11fb1a <+170>: call 0x6d166c80
<wxClassInfo::IsKindOf(wxClassInfo const*) const>
[debug] 0x6d11fb1f <+175>: sub esp,0x4
[debug] 0x6d11fb22 <+178>: test al,al
[debug] 0x6d11fb24 <+180>: mov ecx,ebx
[debug] 0x6d11fb26 <+182>: jne 0x6d11fb40
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+208>
[debug] 0x6d11fb28 <+184>: mov ecx,DWORD PTR [edx+0x10]
[debug] 0x6d11fb2b <+187>: test ecx,ecx
[debug] 0x6d11fb2d <+189>: je 0x6d11fb50
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+224>
[debug] 0x6d11fb2f <+191>: mov DWORD PTR [esp],esi
[debug] 0x6d11fb32 <+194>: call 0x6d166c80
<wxClassInfo::IsKindOf(wxClassInfo const*) const>
[debug] 0x6d11fb37 <+199>: sub esp,0x4
[debug] 0x6d11fb3a <+202>: test al,al
[debug] 0x6d11fb3c <+204>: je 0x6d11fb50
<wxCheckDynamicCast(wxObject*, wxClassInfo*)+224>
[debug] 0x6d11fb3e <+206>: mov ecx,ebx
[debug] 0x6d11fb40 <+208>: add esp,0x1c
[debug] 0x6d11fb43 <+211>: mov eax,ecx
[debug] 0x6d11fb45 <+213>: pop ebx
[debug] 0x6d11fb46 <+214>: pop esi
[debug] 0x6d11fb47 <+215>: pop edi
[debug] 0x6d11fb48 <+216>: pop ebp
[debug] 0x6d11fb49 <+217>: ret
[debug] 0x6d11fb4a <+218>: lea esi,[esi+0x0]
[debug] 0x6d11fb50 <+224>: add esp,0x1c
[debug] 0x6d11fb53 <+227>: xor ecx,ecx
[debug] 0x6d11fb55 <+229>: pop ebx
[debug] 0x6d11fb56 <+230>: mov eax,ecx
[debug] 0x6d11fb58 <+232>: pop esi
[debug] 0x6d11fb59 <+233>: pop edi
[debug] 0x6d11fb5a <+234>: pop ebp
[debug] 0x6d11fb5b <+235>: ret
[debug]End of assembler dump.
[debug]>>>>>>cb_gdb:
Do you see the pointer is not checked?
The code is in object.h (in wxWidgets's 2.8.12 source code)
// ----------------------------------------------------------------------------
// wxClassInfo
// ----------------------------------------------------------------------------
typedef wxObject *(*wxObjectConstructorFn)(void);
class WXDLLIMPEXP_BASE wxClassInfo
{
public:
wxClassInfo( const wxChar *className,
const wxClassInfo *baseInfo1,
const wxClassInfo *baseInfo2,
int size,
wxObjectConstructorFn ctor )
: m_className(className)
, m_objectSize(size)
, m_objectConstructor(ctor)
, m_baseInfo1(baseInfo1)
, m_baseInfo2(baseInfo2)
, m_next(sm_first)
{
sm_first = this;
Register();
}
~wxClassInfo();
wxObject *CreateObject() const
{ return m_objectConstructor ? (*m_objectConstructor)() : 0; }
bool IsDynamic() const { return (NULL != m_objectConstructor); }
const wxChar *GetClassName() const { return m_className; }
const wxChar *GetBaseClassName1() const
{ return m_baseInfo1 ? m_baseInfo1->GetClassName() : NULL; }
const wxChar *GetBaseClassName2() const
{ return m_baseInfo2 ? m_baseInfo2->GetClassName() : NULL; }
const wxClassInfo *GetBaseClass1() const { return m_baseInfo1; }
const wxClassInfo *GetBaseClass2() const { return m_baseInfo2; }
int GetSize() const { return m_objectSize; }
wxObjectConstructorFn GetConstructor() const
{ return m_objectConstructor; }
static const wxClassInfo *GetFirst() { return sm_first; }
const wxClassInfo *GetNext() const { return m_next; }
static wxClassInfo *FindClass(const wxChar *className);
// Climb upwards through inheritance hierarchy.
// Dual inheritance is catered for.
bool IsKindOf(const wxClassInfo *info) const
{
return info != 0 &&
( info == this ||
( m_baseInfo1 && m_baseInfo1->IsKindOf(info) ) ||
( m_baseInfo2 && m_baseInfo2->IsKindOf(info) ) );
}
