Crash in SoCallbackAction

[dhoepfl]

When looking at this issue, I noticed something in SoCallbackAction which might be a memory leak (but then realized it is not but nonetheless explains the crash) - I only read the source, I did not compile or debug it. So please bare with me if this report is incorrect:

Calling SoCallbackAction::addPreCallback calls set_callback_data which in turn calls set_callback_data_idx.

This extends the given SbList to have enough entries, adding NULL entries as necessary, then places a pointer to a newly allocated instance of SOCallbackData in the appropriate entry.

Subsequent calls to addPreCallback, use append of the first SOCallbackData to add allocated instances of SOCallbackDatas.

After a few calls, the list looks like this:

list[0]->NULL
…
list[idx-1]->NULL
list[idx]->[SOCallbackData 1]-next->[SOCallbackData 2]-next->[SOCallbackData 3]-next->NULL.

The destructor of SoCallbackAction calls delete_list_elements on the list, which calls for each index deleteAll on the element it points to (SOCallbackData 1 in the above example). It also tries to call deleteAll on entries that were set to NULL when expanding, thus calling ((SoCallbackAction *)NULL)->deleteAll() which leads to crashes.

[VolkerEnderlein]

Thanks for the thorough bug report and your analysis. I'll try to figure out what's needed to prevent the crash.