Problem 2358 - geant4.10.7.p01 segfault regression in G4UIQt::ReceiveG4cout when aString.length() == 0
Summary: geant4.10.7.p01 segfault regression in G4UIQt::ReceiveG4cout when aString.len...
Status: RESOLVED DUPLICATE of problem 2347
Alias: None
Product: Geant4
Classification: Unclassified
Component: global/management (show other problems)
Version: 10.7
Hardware: All Linux
: P3 normal
Assignee: Gabriele Cosmo
URL:
Depends on:
Blocks:
 
Reported: 2021-04-13 22:25 CEST by Wouter Deconinck
Modified: 2021-04-14 15:22 CEST (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this problem.
Description Wouter Deconinck 2021-04-13 22:25:53 CEST 
In our application code we experienced a crash when transitioning to 10.7.p01, which we have attributed to the following new code in G4UIQt.cc:
```
  for (size_t i = 0; i < aString.length() - 1; ++i) {
    if (aString[i] == '\n') {
      aStringWithStyle += "<br>";
    } else if (aString[i] == ' ') {
      aStringWithStyle += "&nbsp;";
    } else if (aString[i] == '\t') {
      aStringWithStyle += "&nbsp;&nbsp;&nbsp;&nbsp;";
    } else {
      aStringWithStyle += aString[i];
    }
  }
```
On systems where size_t is unsigned int, and when aString is the empty string, aString.length() is zero and the upper index on the loop becomes +2^32-2. This results in a segmentation fault with i at some large value.

To fix this issue, we just add an additional requirement to the for loop condition:
```
  for (size_t i = 0; i < aString.length() && i < aString.length() - 1; ++i) {
```
though other fixes are possible. It seems this may be caused by `G4cout << G4endl` lines in our application code.
Comment 1 Wouter Deconinck 2021-04-13 22:54:36 CEST 
Some more info, as I figure this out myself. This is not related to `G4cout << G4endl` lines.

Why does G4cout receive an empty string? In our application code we set `G4cout.setstate(std::ios_base::failbit)` before a bit of geant4 code that we can't make less verbose with standard methods (G4GDMLParser). This effectively prevents output (until this issue). We then clear this state with `G4cout.clear()`.

Since this is clearly caused by some code in our application code, I have downgraded the severity to P3/normal. We can work around it by not playing tricks on G4cout.
Comment 2 Gabriele Cosmo 2021-04-14 08:16:54 CEST 
Problem already addressed and correction in G4UIQt will be included in a future patch.

*** This problem has been marked as a duplicate of problem 2347 ***
Comment 3 John.Allison 2021-04-14 15:22:56 CEST 
> Why does G4cout receive an empty string? In our application code we set `G4cout.setstate(std::ios_base::failbit)` before a bit of geant4 code that we can't make less verbose with standard methods (G4GDMLParser). This effectively prevents output (until this issue). We then clear this state with `G4cout.clear()`.

> Since this is clearly caused by some code in our application code, I have downgraded the severity to P3/normal. We can work around it by not playing tricks on G4cout.

Ah, yes! Strongly recommend not using this "trick". Nevertheless, we have fixed this "empty string" problem for the next release - see Bug #2347. It involves simply replacing

  if (!aString) return 0;

by

  if(aString.empty()) return  0;

If quietening G4cout is a requirement, please submit by the usual channel - the Technical Forum. We will see if there is a hygienic way of doing it.