notcurses-demo: crash in 'view' when resizing the window

[dnkl]

To reproduce, keep resizing the terminal window while running the demo.

notcurses 3.0.1 on foot 1.10.3-68-gaeeaf9c0 (Linux 5.11.16-artix1-1)
68 rows (15px) 106 cols (7px) 1020x742 rgb+256 colors
gcc-11.1.0 (LE)
terminfo 6.3.20211021 libdeflate 1.8 GPM n/a
avformat 58.76.100 avutil 56.70.100 swscale 5.9.100 avcodec 58.134.100

#0  0x00007ffff7c1cef5 in raise () at /usr/lib/libc.so.6
#1  0x00007ffff7c06862 in abort () at /usr/lib/libc.so.6
#2  0x00007ffff7c06747 in _nl_load_domain.cold () at /usr/lib/libc.so.6
#3  0x00007ffff7c15646 in  () at /usr/lib/libc.so.6
#4  0x00007ffff7e13e38 in sprixel_state (x=8, y=2, s=0x5555556d4680) at /home/daniel/src/notcurses/src/lib/internal.h:885
        stdn = <optimized out>
        localy = <optimized out>
        localx = <optimized out>
        __PRETTY_FUNCTION__ = "sprixel_state"
        state = <optimized out>
        width = <optimized out>
        targc = 0x7fffe4a30478
        prevcell = 0x5555556941f0
        __PRETTY_FUNCTION__ = "postpaint_cell"
        crender = 0x7fffe4a30470
        x = 8
        y = 2
#5  postpaint_cell
    (x=<synthetic pointer>, y=2, pool=0x55555561f488, crender=0x7fffe4a30470, dimx=93, lastframe=0x5555556935d0, ti=0x55555561f720, nc=0x55555561f420) at /home/daniel/src/notcurses/src/lib/render.c:455
        state = <optimized out>
        width = <optimized out>
        targc = 0x7fffe4a30478
        prevcell = 0x5555556941f0
        __PRETTY_FUNCTION__ = "postpaint_cell"
        crender = 0x7fffe4a30470
        x = 8
        y = 2
#6  postpaint
    (nc=nc@entry=0x55555561f420, ti=0x55555561f720, lastframe=0x5555556935d0, dimy=dimy@entry=68, dimx=dimx@entry=93, rvec=0x7fffe4a2e010, pool=0x55555561f488) at /home/daniel/src/notcurses/src/lib/render.c:505
        crender = 0x7fffe4a30470
        x = 8
        y = 2
#7  0x00007ffff7e1aefd in ncpile_rasterize (n=n@entry=0x555555629840) at /home/daniel/src/notcurses/src/lib/render.c:1525
        start = {tv_sec = 8100, tv_nsec = 148657974}
        rasterdone = {tv_sec = 93824993063968, tv_nsec = 140737352143726}
        writedone = {tv_sec = 8100, tv_nsec = 138361007}
        pile = 0x555555629930
        nc = 0x55555561f420
        miny = 68
        minx = 93
        ti = <optimized out>
        bytes = <optimized out>
#8  0x00005555555660b9 in notcurses_render (nc=0x55555561f420) at /home/daniel/src/notcurses/include/notcurses/notcurses.h:1073
        stdn = 0x555555629840
        ts = {tv_sec = 8100, tv_nsec = 138297934}
        ni = 
          {id = 15, y = 7, x = 0, utf8 = "\000\000\000", <incomplete sequence \340>, alt = true, shift = false, ctrl = false, evtype = 640, ypx = 1005, xpx = 742}
        id = 0
        ret = <optimized out>
#9  demo_render (nc=0x55555561f420) at /home/daniel/src/notcurses/src/demo/hud.c:640
        ts = {tv_sec = 8100, tv_nsec = 138297934}
        ni = 
          {id = 15, y = 7, x = 0, utf8 = "\000\000\000", <incomplete sequence \340>, alt = true, shift = false, ctrl = false, evtype = 640, ypx = 1005, xpx = 742}
        id = 0
        ret = <optimized out>
#10 0x0000555555573ad7 in demo_simple_streamer (curry=0x0, tspec=0x7fffffffdc80, vopts=0x7fffffffdc90, ncv=0x7fffffffdc80)
    at /home/daniel/src/notcurses/src/demo/demo.h:167
        demo_render_err = <optimized out>
#11 streamer (ncv=ncv@entry=0x5555556cc910, vopts=vopts@entry=0x7fffffffdc90, tspec=tspec@entry=0x7fffffffdc80, vpip=vpip@entry=0x55555561f420)
    at /home/daniel/src/notcurses/src/demo/view.c:33
#12 0x00007ffff7fc0790 in ffmpeg_stream
    (nc=0x55555561f420, ncv=0x5555556cc910, timescale=0.5, streamer=0x555555573a65 <streamer>, vopts=0x7fffffffdd70, curry=0x55555561f420)
    at /home/daniel/src/notcurses/src/media/ffmpeg.c:531
        tbase = 3.3333333333333335e-05
        geom = 
          {pixy = 480, pixx = 640, cdimy = 15, cdimx = 7, rpixy = 203, rpixx = 212, rcelly = 68, rcellx = 106, scaley = 3, scalex = 2, begy = 0, begx = 0, leny = 480, lenx = 640, maxpixely = 4294967176, maxpixelx = 4294967295, blitter = NCBLIT_3x2}
        duration = <optimized out>
        abstime = {tv_sec = 8083, tv_nsec = 450766751}
        schedns = <optimized out>
        r = <optimized out>
        frame = <optimized out>
        begin = {tv_sec = 8071, tv_nsec = 171862943}
        nsbegin = 8071171862943
        sum_duration = 12278903808
        newn = <optimized out>
        activevopts = 
          {n = 0x555555629840, scaling = NCSCALE_STRETCH, y = 1, x = 0, begy = 0, begx = 0, leny = 0, lenx = 0, blitter = NCBLIT_3x2, flags = 0, transcolor = 0, pxoffy = 0, pxoffx = 0}
        ncerr = <optimized out>
#13 0x00007ffff7e2b755 in ncvisual_stream
    (nc=nc@entry=0x55555561f420, ncv=ncv@entry=0x5555556cc910, timescale=<optimized out>, streamer=streamer@entry=0x555555573a65 <streamer>, vopts=vopts@entry=0x7fffffffdd70, curry=<optimized out>) at /home/daniel/src/notcurses/src/lib/visual.c:69
        ret = <optimized out>
        __func__ = "ncvisual_stream"
#14 0x0000555555573a19 in view_video_demo (nc=nc@entry=0x55555561f420) at /home/daniel/src/notcurses/src/demo/view.c:56
        ncp = 0x555555629840
        ncv = 0x5555556cc910
        fm6 = 0x5555556cfa20 "\317VUU\005"
        vopts = 
          {n = 0x555555629840, scaling = NCSCALE_STRETCH, y = 1, x = 0, begy = 0, begx = 0, leny = 0, lenx = 0, blitter = NCBLIT_DEFAULT, flags = 0, transcolor = 0, pxoffy = 0, pxoffx = 0}
        pip = <optimized out>
        ret = <optimized out>
#15 0x00005555555740fe in view_demo (nc=0x55555561f420, startns=<optimized out>) at /home/daniel/src/notcurses/src/demo/view.c:189
        dimy = 68
        dimx = 106
        nstd = <optimized out>
        ret = 0
        ncpl = 0x5555557e7100
#16 0x000055555555fb3e in ext_demos (nc=nc@entry=0x55555561f420, spec=spec@entry=0x7fffffffe41d "v")
    at /home/daniel/src/notcurses/src/demo/demo.c:218
        idx = 21
        stdc = 4611686019501129728
        nowns = <optimized out>
        i = 0
        ret = <optimized out>
        prevns = 8067923322231
        n = 0x555555629840
#17 0x00005555555607c0 in main (argc=<optimized out>, argv=<optimized out>) at /home/daniel/src/notcurses/src/demo/demo.c:572
        sigmask = 
            {__val = {134217728, 1040, 64, 80, 1088, 16, 274877907010, 0, 0, 2, 511101108317, 532575944814, 511101108315, 77840, 140737351653888, 0}}
        spec = 0x7fffffffe41d "v"
        json = 0x0
        nopts = {termtype = 0x0, loglevel = NCLOGLEVEL_PANIC, margin_t = 0, margin_r = 0, margin_b = 0, margin_l = 0, flags = 0}
        starttime = {tv_sec = 8067, tv_nsec = 917467831}
        nc = 0x55555561f420
        canimage = true
        canvideo = true
        dimx = 106
        dimy = 68
        menu = 0x5555555d4d10
        r = <optimized out>

[dankamongmen]

woohoo!

[dankamongmen]

i have been unable to reproduce this yet, though i have crashed foot once =] =]

[dankamongmen]

info: fcft.c:757: /usr/share/fonts/truetype/hack/Hack-Bold.ttf: size=10.50pt/26p
x, dpi=181.63
info: terminal.c:694: cell width=16, height=32
warn: csi.c:1517: unimplemented: modifyFunctionKeys = 1
info: fcft.c:757: /usr/share/fonts/truetype/hack/Hack-Regular.ttf: size=10.00pt/
25px, dpi=181.63
info: fcft.c:757: /usr/share/fonts/truetype/hack/Hack-BoldItalic.ttf: size=10.00
pt/25px, dpi=181.63
info: fcft.c:757: /usr/share/fonts/truetype/hack/Hack-Italic.ttf: size=10.00pt/2
5px, dpi=181.63
info: fcft.c:757: /usr/share/fonts/truetype/hack/Hack-Bold.ttf: size=10.00pt/25p
x, dpi=181.63
info: terminal.c:694: cell width=15, height=30
warn: csi.c:1517: unimplemented: modifyFunctionKeys = 1
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: csi.c:1517: unimplemented: modifyFunctionKeys = 1
warn: csi.c:1517: unimplemented: modifyFunctionKeys = 1
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
warn: sixel.c:887: destroyed sixel that now crossed history
 err: shm.c:197: BUG in buffer_release(): assertion failed: 'buffer->busy'
Aborted (core dumped)

[dankamongmen]

having trouble reproducing this, but i just did an ASAN build, and it went all to hell on the first resize. let's see if i can collect anything useful from the debris...

[dankamongmen]

oh nope nevermind that was gdb stopping things because foot crashed lol

[dankamongmen]

man, even at your ridiculously small cell size, i can't reproduce this =\

[dankamongmen]

ahhh, got it, yay

=================================================================
==1126271==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f35eaa8a800 at pc 0x7f35f85389f9 bp 0x7ffd71dbd860 sp 0x7ffd71dbd858
READ of size 8 at 0x7f35eaa8a800 thread T0
    #0 0x7f35f85389f8 in nccell_fg_alpha /home/dank/src/dankamongmen/notcurses/include/notcurses/notcurses.h:2615
    #1 0x7f35f85389f8 in lock_in_highcontrast /home/dank/src/dankamongmen/notcurses/src/lib/render.c:420
    #2 0x7f35f85389f8 in postpaint_cell /home/dank/src/dankamongmen/notcurses/src/lib/render.c:450
    #3 0x7f35f85389f8 in postpaint /home/dank/src/dankamongmen/notcurses/src/lib/render.c:505
    #4 0x7f35f8547e27 in ncpile_rasterize /home/dank/src/dankamongmen/notcurses/src/lib/render.c:1525
    #5 0x5606f2b9692c in notcurses_render /home/dank/src/dankamongmen/notcurses/include/notcurses/notcurses.h:1073
    #6 0x5606f2b9692c in demo_render /home/dank/src/dankamongmen/notcurses/src/demo/hud.c:640
    #7 0x5606f2bb8274 in demo_simple_streamer /home/dank/src/dankamongmen/notcurses/src/demo/demo.h:167
    #8 0x5606f2bb8274 in streamer /home/dank/src/dankamongmen/notcurses/src/demo/view.c:33
    #9 0x7f35f8728ce1 in ffmpeg_stream /home/dank/src/dankamongmen/notcurses/src/media/ffmpeg.c:531
    #10 0x7f35f8572e1b in ncvisual_stream /home/dank/src/dankamongmen/notcurses/src/lib/visual.c:69
    #11 0x5606f2bb961e in view_video_demo /home/dank/src/dankamongmen/notcurses/src/demo/view.c:56
    #12 0x5606f2bb961e in view_demo /home/dank/src/dankamongmen/notcurses/src/demo/view.c:189
    #13 0x5606f2b7f20d in ext_demos /home/dank/src/dankamongmen/notcurses/src/demo/demo.c:218
    #14 0x5606f2b7f20d in main /home/dank/src/dankamongmen/notcurses/src/demo/demo.c:572
    #15 0x7f35f82a47ec in __libc_start_main ../csu/libc-start.c:332
    #16 0x5606f2b80d29 in _start (/home/dank/src/dankamongmen/notcurses/build/notcurses-demo+0x1fd29)

0x7f35eaa8a800 is located 16 bytes to the right of 397296-byte region [0x7f35eaa29800,0x7f35eaa8a7f0)
allocated by thread T0 here:
    #0 0x7f35f87dcb48 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164
    #1 0x7f35f8543a9c in engorge_crender_vector /home/dank/src/dankamongmen/notcurses/src/lib/render.c:1552
    #2 0x7f35f8543a9c in ncpile_render /home/dank/src/dankamongmen/notcurses/src/lib/render.c:1577

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/dank/src/dankamongmen/notcurses/include/notcurses/notcurses.h:2615 in nccell_fg_alpha
Shadow bytes around the buggy address:
  0x0fe73d5494b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe73d5494c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe73d5494d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe73d5494e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe73d5494f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa
=>0x0fe73d549500:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe73d549510: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe73d549520: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe73d549530: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe73d549540: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe73d549550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==1126271==ABORTING

[dankamongmen]

this reeks of a bad crender reference

[dankamongmen]

yeah we're passing in

  const int miny = pile->dimy < nc->lfdimy ? pile->dimy : nc->lfdimy;                                                               
  const int minx = pile->dimx < nc->lfdimx ? pile->dimx : nc->lfdimx;   

and that can't be right, was i smoking crack or what

[dankamongmen]

alright, we're underflowing in sprixel_state():

LOCAL: 11 17
PDIM: 85 100  LDIM: 85 100
want sprixel state: 4 65
LOCAL: 3 4294967196

definitely

[dankamongmen]

there's that one, but there's another type of crash too:

    #0 0x7f4e61dc2903 in nccell_fg_alpha /home/dank/src/dankamongmen/notcurses/include/notcurses/notcurses.h:2615
    #1 0x7f4e61dc2903 in lock_in_highcontrast /home/dank/src/dankamongmen/notcurses/src/lib/render.c:420
    #2 0x7f4e61dc2903 in postpaint_cell /home/dank/src/dankamongmen/notcurses/src/lib/render.c:450
    #3 0x7f4e61dc2903 in postpaint /home/dank/src/dankamongmen/notcurses/src/lib/render.c:507
    #4 0x7f4e61dd1f05 in ncpile_rasterize /home/dank/src/dankamongmen/notcurses/src/lib/render.c:1528
    #5 0x55988198be40 in notcurses_render /home/dank/src/dankamongmen/notcurses/include/notcurses/notcurses.h:1073


0x7f4e4aef3db0 is located 16 bytes to the right of 677280-byte region [0x7f4e4ae4e800,0x7f4e4aef3da0)
allocated by thread T0 here:
    #0 0x7f4e62071652 in __interceptor_realloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:164
    #1 0x7f4e61dcd90c in engorge_crender_vector /home/dank/src/dankamongmen/notcurses/src/lib/render.c:1556
    #2 0x7f4e61dcd90c in ncpile_render /home/dank/src/dankamongmen/notcurses/src/lib/render.c:1581

[dankamongmen]

so what's going on seems pretty well understood: we're asking sprixel_state() for a cell that doesn't actually intersect with the sprixel, and thus we have an invalid reference to the TAM. we have assert()s on this, but they're getting compiled out.

so we can obviously check for this, and avoid the bad reference. but that leaves two questions:

• what do we return in such a case?
• why are we asking for these invalid locations?

i don't like the idea of returning something, because really this is a programming error at a higher level. we call sprixel_state() only when the crender object has a sprixel associated. that gets assigned in paint(). remember, resizing happens at the start of rendering. we get shorter and the sprixel goes off-display, sure, that's expected (well, it's not really -- we ought have a proper resizecb that repositions the sprixel in [view]). but why is crender->sprixel being set here at all? they ought all be getting reset in init_rvec(), called from engorge_crender_vector() right before ncpile_render_internal() is called from ncpile_render(). crender is set in paint_sprixel(), and so far as i can tell, for this case, paint_sprixel() ought not be getting hit for one off-display.

i think resolving that mystery is necessary. let's do that. let's also add a resizecb to the sprixel in [view] so it's always placed at the corner after a resize, but only after figuring out what's up with crender->sprixel.

[dankamongmen]

the other one i'm pretty sure is a miss on lastframe.

[dankamongmen]

i'm wondering if we're possibly hitting the wrong crender entries in sprixel_paint(). look at this:

set for 12/60 11/12                                                                                                                 
TAM %d at 11/13 (12/61, 12/18)                                                                                                      
set for 12/61 11/13                                                                                                                 
TAM %d at 11/14 (12/62, 12/18)                                                                                                      
set for 12/62 11/14                                                                                                                 
TAM %d at 11/15 (12/63, 12/18)                                                                                                      
set for 12/63 11/15                                                                                                                 
TAM %d at 11/16 (12/64, 12/18)                                                                                                      
set for 12/64 11/16                                                                                                                 
TAM %d at 11/17 (12/65, 12/18)                                                                                                      
set for 12/65 11/17                                                                                                                 
TAM %d at 3/-48 (4/0, 12/18)                                                                                                        
notcurses-demo: /home/dank/src/dankamongmen/notcurses/src/lib/internal.h:885: sprixel_state: Assertion `lo

so we come in on y=4, x=0. where the hell are we getting that from? our offsets are (1,48). hrmm is this sprixel_state() actually coming from postpaint_cell()?....

yes, it is. it's the first one in postpaint():

TAM %d at 11/10 (12/128, 12/18)
set for 12/128 11/10
TAM %d at 11/11 (12/129, 12/18)
set for 12/129 11/11
TAM %d at 11/12 (12/130, 12/18)
set for 12/130 11/12
TAM %d at 11/13 (12/131, 12/18)
set for 12/131 11/13
TAM %d at 11/14 (12/132, 12/18)
set for 12/132 11/14
TAM %d at 11/15 (12/133, 12/18)
set for 12/133 11/15
TAM %d at 11/16 (12/134, 12/18)
set for 12/134 11/16
TAM %d at 11/17 (12/135, 12/18)
set for 12/135 11/17
POSTPAINT BEGINS!
TAM %d at 7/-92 (8/26, 12/18)
notcurses-demo: /home/dank/src/dankamongmen/notcurses/src/lib/internal.h:885: sprixel_state: Assertion `localx >= 0' failed.

very sus!

[dankamongmen]

so yeah, if postpaint_cell() is ever calling with 8/26, it's fubar

[dankamongmen]

yeah, we've got a sprixel at offsets 1/290, and we're calling it on 2/131. that's ludicrous. either postpaint_cell() is picking the wrong crender, or paint_sprixel() is writing to the wrong one. neither one is great.

START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/290 DSTLEN 98/391 
POSTPAINT BEGINS!                                                                                                                   
checking sprixel 0x60c000001000 at 0x7f5b17aa07b0 2/131     

[dankamongmen]

alright, let's get the pointer we're writing through to in paint_sprixel(), and the rvec base, and see what's what.

[dankamongmen]

checking 0x7f33ceee9020 at absolute coordinates 1/6. ok, we check this all over the place, but normally it's at 1/98:

[schwarzgerat](0) $ grep 0x7f33ceee9020 d
set for 1/98 0/0 0x7f33ceee9020
checking sprixel 0x60c0000004c0 at 0x7f33ceee9020 1/98
set for 1/98 0/0 0x7f33ceee9020
checking sprixel 0x60c000000400 at 0x7f33ceee9020 1/98
set for 1/98 0/0 0x7f33ceee9020
set for 1/98 0/0 0x7f33ceee9020
checking sprixel 0x60c000002ec0 at 0x7f33ceee9020 1/98
set for 1/98 0/0 0x7f33ceee9020
checking sprixel 0x60c000001fc0 at 0x7f33ceee9020 1/98
set for 1/98 0/0 0x7f33ceee9020
set for 1/98 0/0 0x7f33ceee9020
checking sprixel 0x60c000000e80 at 0x7f33ceee9020 1/98
set for 1/98 0/0 0x7f33ceee9020
set for 1/98 0/0 0x7f33ceee9020
set for 1/98 0/0 0x7f33ceee9020
checking sprixel 0x60c0000010c0 at 0x7f33ceee9020 1/98
set for 1/98 0/0 0x7f33ceee9020
checking sprixel 0x60c000002c80 at 0x7f33ceee9020 1/98
set for 1/98 0/0 0x7f33ceee9020
checking sprixel 0x60c000002140 at 0x7f33ceee9020 1/6
[schwarzgerat](0) $ 

so we have the same address, but its position seems to have changed. the rvec base didn't change (recently):

START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/340 DSTLEN 98/16 0x631000104800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/340 DSTLEN 98/16 0x631000104800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/340 DSTLEN 98/16 0x631000104800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/340 DSTLEN 98/16 0x631000104800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/340 DSTLEN 98/16 0x631000104800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/340 DSTLEN 98/16 0x631000104800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/98 DSTLEN 98/116 0x7f33ceee6800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/98 DSTLEN 98/116 0x7f33ceee6800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/98 DSTLEN 98/116 0x7f33ceee6800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/98 DSTLEN 98/116 0x7f33ceee6800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/98 DSTLEN 98/116 0x7f33ceee6800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/98 DSTLEN 98/116 0x7f33ceee6800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/98 DSTLEN 98/116 0x7f33ceee6800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/98 DSTLEN 98/116 0x7f33ceee6800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/98 DSTLEN 98/116 0x7f33ceee6800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/98 DSTLEN 98/116 0x7f33ceee6800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/98 DSTLEN 98/116 0x7f33ceee6800
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/98 DSTLEN 98/116 0x7f33ceee6800

so the distance (and true offset) is the same:

0x7f33ceee9020 - 0x7f33ceee6800 = 10272 (0x2820)

we think we're at 1/6.

116 + 98 (dimx + offx) == 214
0x2820 / 48 = 214
sizeof(crender) == 48

(side question: why 48B? crender ought only be 40 by my calculations)

[dankamongmen]

ok well it's definitely postpaint_cell() that's fucking up here. in no universe is that address at 1/6. it's impossible for any number of reasons.

[dankamongmen]

POSTPAINT BEGINS! 40 0x7f9c42815800 98/400
START: 0/0 DIM: 12/18 dim(p): 12/18 off: 1/132 DSTLEN 98/400 0x7f9c42815800
POSTPAINT BEGINS! 40 0x7f9c42815800 98/183

ok, so there's our problem -- the dimension is unexpectedly changing between paint() and postpaint(), and thus postpaint() is indexing into rvec incorrectly. good deal. how is this happening?

[dankamongmen]

ahhh, it is happening because ncpile_rasterize() calls notcurses_refresh() if it has seen a SIGWINCH/SIGCONT, and this calls update_term_dimensions(), which can update the pile dimensions. there we go.

this is almost certainly all the cause of the other failure we were seeing.

so what to do about this?

[dankamongmen]

i think we could run postpaint() prior to notcurses_refresh() without any problems, since the latter isn't changing the lframe. but then we just run into the same problem in notcurses_rasterize(), which....hrmmm, could we also run notcurses_rasterize() before notcurses_refresh()? i think maybe we could! that might even be better than what we're doing!

[dankamongmen]

i can no longer reproduce the failure. looks like that got it =].

[joseluis]

this is great, I was having unpredictable crashes when resizing while using visuals, but I wanted to create a minimal example before submitting (which I never did). I'll test again soon, hopefully they'll be gone