crash when I try to open a wxsmith file under C::B against wx 3.3.1

[ollydbg]

Hi, when I try to open a wxsmith file in my built C::B against wx 3.3.1, I see a crash, here is the crash call stack:

Code

[debug]> bt 30
[debug]#0  0x00007fff078171b1 in wxDefaultAssertHandler(wxString const&, int, wxString const&, wxString const&, wxString const&) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#1  0x00007fff078149ec in wxOnAssert(char const*, int, char const*, char const*, wxString const&) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#2  0x00007fff07ebb68e in wxPGProperty::ValueToStringWithCheck(wxVariant&, wxPGPropValFormatFlags) const () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#3  0x00007fff07ebf73e in wxPGProperty::GetValueAsString(wxPGPropValFormatFlags) const () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#4  0x00007ffe8ac9d0b0 in wxPGProperty::GetValueAsString (this=0x10cb5690, flags=0) at F:\code\wxWidgets-3.3.1\include\wx\propgrid\property.h:1427
[debug]#5  0x00007fff07ebc06e in wxPGProperty::GetValueAsStringWithCheck(wxPGPropValFormatFlags) const () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#6  0x00007fff07ec4c0f in wxPGDefaultRenderer::Render(wxDC&, wxRect const&, wxPropertyGrid const*, wxPGProperty*, int, int, int) const () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#7  0x00007fff07ecde13 in wxPropertyGrid::DoDrawItems(wxDC&, wxRect const*) const () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#8  0x00007fff07ecefae in wxPropertyGrid::DrawItems(wxDC&, unsigned int, unsigned int, wxRect const*) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#9  0x00007fff07edbf78 in wxPropertyGrid::OnPaint(wxPaintEvent&) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#10 0x00007fff07813467 in wxAppConsoleBase::CallEventHandler(wxEvtHandler*, wxEventFunctor&, wxEvent&) const () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#11 0x00007fff0795ff55 in wxEvtHandler::ProcessEventIfMatchesId(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#12 0x00007fff079628b3 in wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#13 0x00007fff07962916 in wxEvtHandler::TryHereOnly(wxEvent&) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#14 0x00007fff07962983 in wxEvtHandler::ProcessEventLocally(wxEvent&) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#15 0x00007fff07962a61 in wxEvtHandler::ProcessEvent(wxEvent&) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#16 0x00007fff07c9453f in wxScrollHelperEvtHandler::ProcessEvent(wxEvent&) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#17 0x00007fff07960262 in wxEvtHandler::SafelyProcessEvent(wxEvent&) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#18 0x00007fff07a47dbb in wxWindow::HandlePaint() () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#19 0x00007fff07a4a158 in wxWindow::MSWHandleMessage(long long*, unsigned int, unsigned long long, long long) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#20 0x00007fff07a3573c in wxWindow::MSWWindowProc(unsigned int, unsigned long long, long long) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#21 0x00007fff084603ac in wxScrolled<wxControl>::MSWWindowProc(unsigned int, unsigned long long, long long) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]#22 0x00007fff4d47ef5c in USER32!CallWindowProcW () from C:\WINDOWS\System32\user32.dll
[debug]#23 0x00007fff4d47e8cc in USER32!DispatchMessageW () from C:\WINDOWS\System32\user32.dll
[debug]#24 0x00007fff4d4910c3 in USER32!SendMessageTimeoutW () from C:\WINDOWS\System32\user32.dll
[debug]#25 0x00007fff4f491374 in ntdll!KiUserCallbackDispatcher () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]#26 0x00007fff4d362be4 in win32u!NtUserRealInternalGetMessage () from C:\WINDOWS\System32\win32u.dll
[debug]#27 0x00007fff2a0ad559 in GetMessageExA () from C:\WINDOWS\SYSTEM32\duser.dll
[debug]#28 0x00007fff2a0ad348 in GetMessageExA () from C:\WINDOWS\SYSTEM32\duser.dll
[debug]#29 0x00007fff4d4940d4 in USER32!GetFocus () from C:\WINDOWS\System32\user32.dll
[debug](More stack frames follow...)
[debug]>>>>>>cb_gdb:
[debug]> info threads
[debug]  Id   Target Id           Frame 
[debug]* 1    Thread 15368.0x3d30 0x00007fff078171b1 in wxDefaultAssertHandler(wxString const&, int, wxString const&, wxString const&, wxString const&) () from F:\code\wxWidgets-3.3.1\lib\gcc_dll\wxmsw331u_gcc_custom.dll
[debug]  2    Thread 15368.0x4e54 0x00007fff4f490f84 in ntdll!ZwWaitForWorkViaWorkerFactory () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  3    Thread 15368.0x4f94 0x00007fff4f490f84 in ntdll!ZwWaitForWorkViaWorkerFactory () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  4    Thread 15368.0x3274 0x00007fff4f490f84 in ntdll!ZwWaitForWorkViaWorkerFactory () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  5    Thread 15368.0x2fa0 0x00007fff4f48e044 in ntdll!ZwWaitForMultipleObjects () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  6    Thread 15368.0x57ec 0x00007fff4f490f84 in ntdll!ZwWaitForWorkViaWorkerFactory () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  7    Thread 15368.0x4be0 0x00007fff4f490f84 in ntdll!ZwWaitForWorkViaWorkerFactory () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  8    Thread 15368.0x16cc 0x00007fff4f48d574 in ntdll!ZwWaitForSingleObject () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  9    Thread 15368.0x3228 0x00007fff4f48d574 in ntdll!ZwWaitForSingleObject () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  10   Thread 15368.0x26b4 0x00007fff4f48d574 in ntdll!ZwWaitForSingleObject () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  11   Thread 15368.0xda4  0x00007fff4f48d574 in ntdll!ZwWaitForSingleObject () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  12   Thread 15368.0x27b8 0x00007fff4f48d574 in ntdll!ZwWaitForSingleObject () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  130  Thread 15368.0x4a20 0x00007fff4f48d614 in ntdll!ZwRemoveIoCompletion () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  133  Thread 15368.0x274c 0x00007fff4f490f84 in ntdll!ZwWaitForWorkViaWorkerFactory () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  135  Thread 15368.0x3c5c 0x00007fff4f490f84 in ntdll!ZwWaitForWorkViaWorkerFactory () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  136  Thread 15368.0x35fc 0x00007fff4f490f84 in ntdll!ZwWaitForWorkViaWorkerFactory () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  137  Thread 15368.0x37e8 0x00007fff4f490f84 in ntdll!ZwWaitForWorkViaWorkerFactory () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  138  Thread 15368.0x4f1c 0x00007fff4f490f84 in ntdll!ZwWaitForWorkViaWorkerFactory () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  143  Thread 15368.0x360c 0x00007fff4f490f84 in ntdll!ZwWaitForWorkViaWorkerFactory () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  144  Thread 15368.0x4288 0x00007fff4d36a124 in win32u!NtUserMsgWaitForMultipleObjectsEx () from C:\WINDOWS\System32\win32u.dll
[debug]  151  Thread 15368.0x5588 0x00007fff4f48db74 in ntdll!ZwDelayExecution () from C:\WINDOWS\SYSTEM32\ntdll.dll
[debug]  158  Thread 15368.0x4668 0x00007fff4d36a124 in win32u!NtUserMsgWaitForMultipleObjectsEx () from C:\WINDOWS\System32\win32u.dll
[debug]>>>>>>cb_gdb:
[debug]> frame 4
[debug]#4  0x00007ffe8ac9d0b0 in wxPGProperty::GetValueAsString (this=0x10cb5690, flags=0) at F:\code\wxWidgets-3.3.1\include\wx\propgrid\property.h:1427
[debug]F:\code\wxWidgets-3.3.1\include\wx\propgrid\property.h:1427:53089:beg:0x7ffe8ac9d0b0
[debug]>>>>>>cb_gdb:

#4  0x00007ffe8ac9d0b0 in wxPGProperty::GetValueAsString (this=0x10cb5690, flags=0) at F:\code\wxWidgets-3.3.1\include\wx\propgrid\property.h:1427
F:\code\wxWidgets-3.3.1\include\wx\propgrid\property.h:1427:53089:beg:0x7ffe8ac9d0b0

Any ideas?

Thanks.

[ollydbg]

It crashed in the return statement:

Code

#if WXWIN_COMPATIBILITY_3_2
    mutable bool m_oldGetValueAsString = false;
    wxString GetValueAsStringWithCheck(wxPGPropValFormatFlags flags = wxPGPropValFormatFlags::Null) const;
    wxDEPRECATED_BUT_USED_INTERNALLY_MSG("use GetValueAsString with 'flags' argument as wxPGPropValFormatFlags")
    virtual wxString GetValueAsString(int flags) const
    {
        m_oldGetValueAsString = true;
        return GetValueAsString(static_cast<wxPGPropValFormatFlags>(flags));
    }

In the F:\code\wxWidgets-3.3.1\include\wx\propgrid\property.h file.

I try to use an old C::B which is built against wx 3.2.x, and I don't see the crash.

[Miguel Gimenez]

It is not a crash, but an assertion.

This looks to me like a wxWidgets issue. At first glance, this line

Code

       return GetValueAsString(static_cast<wxPGPropValFormatFlags>(flags));

should be

Code

       return GetValueAsStringWithCheck(static_cast<wxPGPropValFormatFlags>(flags));

[ollydbg]

So, this should be handled inside the wxWidgets' code? Not in our C::B's code base?

[Miguel Gimenez]

In wxSmith there is only one call to wxPGProperty::GetValueAsString(), and it has no parameters. Also, wxSmith does not appear in the stack trace, the relation with wxSmith may be that it is the only one that uses wxPropertyGrid at all.

Looks like the call is made from wxPGDefaultRenderer::Render() inside wxPropertyGrid::OnPaint() event handler.