On Feb 27, 2014, at 2:44 PM, Johan Engelen wrote:
Hi all, I just discovered a very serious bug in the swatches dialog (/src/ui/dialog/swatches.cpp). Using a vector of DocTrack*, it tracks all current documents, and using a timer callback updates itself. The problem is, no DocTrack* is ever removed from that list. A DocTrack* (that points to an SPDocument) is added whenever you open a new document. Then when closing a 2nd document, the DocTrack* should be removed from the list and ~DocTrack should be called. Because this is _not_ happen, the timerfunction will use an already deleted SPDoc and will eventually crash in SPDocument::getResourceList (priv is set to nullptr for deleted SPDoc).
I added proper ref-counting of the SPDoc object in DocTrack's constructor and destructor, but still the SPDoc is deleted and the crash occurs.
Some code in swatches.cpp looks unfinished, creating data structures that are never used...
Thanks for any help in tracking down and fixing the issue, Johan
I can take a look at this.
There are a few things that are well overdue for refactoring. We also need to tune things up to not keep so much in memory.