From: "Tommi Höynälänmaa" <tommi.hoynalanmaa@student.tut.fi>
To: guile-devel@gnu.org
Subject: A Pango attribute deallocated twice
Date: Tue, 5 Jun 2018 15:29:27 +0300 [thread overview]
Message-ID: <dc2e2f7c-3ee6-eba0-1a07-021dcf4e3f75@student.tut.fi> (raw)
Hi
A Pango attribute gets deallocated twice in program calc-9.scm causing
the program to crash. The Scheme code calc-9.scm is generated from the
Theme-D program calc-9.thp.
Gdb gives the following output:
---cut here---
scheme@(guile-user)> (load "rtp.scm")
scheme@(guile-user)> (__main (list "" "calc-9.go"))
*1*
*2*
(guile:1851): Pango-DEBUG: 20:41:22.941: pango_attr_color_new:
0x555556590d60
(guile:1851): Pango-DEBUG: 20:41:22.941: klass: 0x7fffeb7c5fa0
*4*
(guile:1851): Pango-DEBUG: 20:41:23.051: pango_attr_int_new: 0x55555615ae60
(guile:1851): Pango-DEBUG: 20:41:23.051: klass: 0x7fffeb7c5de0
(guile:1851): Pango-DEBUG: 20:41:23.051: pango_attr_list_unref ENTER
(guile:1851): Pango-DEBUG: 20:41:23.051: pango_attr_list_unref EXIT
(guile:1851): Pango-DEBUG: 20:41:23.051: pango_attr_int_new: 0x55555615afa0
(guile:1851): Pango-DEBUG: 20:41:23.051: klass: 0x7fffeb7c5de0
(guile:1851): Pango-DEBUG: 20:41:23.051: pango_attr_int_new: 0x55555615b0c0
(guile:1851): Pango-DEBUG: 20:41:23.051: klass: 0x7fffeb7c5de0
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref ENTER
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref/1
(guile:1851): Pango-DEBUG: 20:41:23.063: attr: 0x55555615afa0
(guile:1851): Pango-DEBUG: 20:41:23.063: klass: 0x7fffeb7c5de0
(guile:1851): Pango-DEBUG: 20:41:23.063: destroy: 0x7fffeb590dc0
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref/2
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref/3
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref/4
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref EXIT
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attribute_destroy ENTER:
0x55555615b0c0
(guile:1851): Pango-DEBUG: 20:41:23.063: klass: 0x7fffeb7c5de0
(guile:1851): Pango-DEBUG: 20:41:23.063: destroy: 0x7fffeb590dc0
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attribute_destroy EXIT
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_int_new: 0x55555615aec0
(guile:1851): Pango-DEBUG: 20:41:23.063: klass: 0x7fffeb7c5de0
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_int_new: 0x55555615af60
(guile:1851): Pango-DEBUG: 20:41:23.063: klass: 0x7fffeb7c5de0
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref ENTER
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref/1
(guile:1851): Pango-DEBUG: 20:41:23.063: attr: 0x55555615aec0
(guile:1851): Pango-DEBUG: 20:41:23.063: klass: 0x7fffeb7c5de0
(guile:1851): Pango-DEBUG: 20:41:23.063: destroy: 0x7fffeb590dc0
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref/2
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref/3
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref/4
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref EXIT
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attribute_destroy ENTER:
0x55555615af60
(guile:1851): Pango-DEBUG: 20:41:23.063: klass: 0x7fffeb7c5de0
(guile:1851): Pango-DEBUG: 20:41:23.063: destroy: 0x7fffeb590dc0
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attribute_destroy EXIT
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref ENTER
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref/1
(guile:1851): Pango-DEBUG: 20:41:23.063: attr: 0x55555615ae60
(guile:1851): Pango-DEBUG: 20:41:23.063: klass: 0x7fffeb7c5de0
(guile:1851): Pango-DEBUG: 20:41:23.063: destroy: 0x7fffeb590dc0
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref/2
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref/3
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref/4
(guile:1851): Pango-DEBUG: 20:41:23.063: pango_attr_list_unref EXIT
*5*
*6*
*7*
outer lambda enter
inner lambda enter
make-button-row ENTER
make-button-row EXIT
inner lambda exit
outer lambda exit
outer lambda enter
inner lambda enter
make-button-row ENTER
make-button-row EXIT
inner lambda exit
inner lambda enter
make-button-row ENTER
make-button-row EXIT
inner lambda exit
(guile:1851): Pango-DEBUG: 20:41:23.105: pango_attr_list_unref ENTER
(guile:1851): Pango-DEBUG: 20:41:23.105: pango_attr_list_unref/1
(guile:1851): Pango-DEBUG: 20:41:23.105: attr: 0x555556590d60
(guile:1851): Pango-DEBUG: 20:41:23.105: klass: 0x7fffeb7c5fa0
(guile:1851): Pango-DEBUG: 20:41:23.105: destroy: 0x7fffeb590db0
(guile:1851): Pango-DEBUG: 20:41:23.105: pango_attr_list_unref/2
(guile:1851): Pango-DEBUG: 20:41:23.105: pango_attr_list_unref/3
(guile:1851): Pango-DEBUG: 20:41:23.105: pango_attr_list_unref/4
(guile:1851): Pango-DEBUG: 20:41:23.105: pango_attr_list_unref EXIT
(guile:1851): Pango-DEBUG: 20:41:23.105: pango_attribute_destroy ENTER:
0x555556590d60
(guile:1851): Pango-DEBUG: 20:41:23.105: klass: 0x7fffec0014e0
(guile:1851): Pango-DEBUG: 20:41:23.105: destroy: 0x80
inner lambda enter
make-button-row ENTER
Thread 5 "guile" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff3504700 (LWP 1858)]
0x0000000000000080 in ?? ()
(gdb) backtrace
#0 0x0000000000000080 in ()
#1 0x00007fffeb591591 in pango_attribute_destroy ()
at /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0
#2 0x00007fffeb7d3259 in ()
at /usr/lib/guile-gnome-2/libgw-guile-gnome-pango.so.0
#3 0x00007ffff00d3f0f in () at /usr/lib/libgwrap-guile-runtime.so.2
#4 0x00007ffff00d3fae in () at /usr/lib/libgwrap-guile-runtime.so.2
#5 0x00007ffff724b74d in GC_invoke_finalizers ()
at /usr/lib/x86_64-linux-gnu/libgc.so.1
#6 0x00007ffff7affe79 in scm_run_finalizers ()
at /usr/lib/x86_64-linux-gnu/libguile-2.2.so.1
#7 0x00007ffff7affed5 in () at /usr/lib/x86_64-linux-gnu/libguile-2.2.so.1
#8 0x00007ffff7af0a4a in () at /usr/lib/x86_64-linux-gnu/libguile-2.2.so.1
#9 0x00007ffff7b6a30c in () at /usr/lib/x86_64-linux-gnu/libguile-2.2.so.1
#10 0x00007ffff7b74137 in scm_call_n ()
at /usr/lib/x86_64-linux-gnu/libguile-2.2.so.1
#11 0x00007ffff7b62da2 in () at /usr/lib/x86_64-linux-gnu/libguile-2.2.so.1
#12 0x00007ffff7af1030 in () at /usr/lib/x86_64-linux-gnu/libguile-2.2.so.1
#13 0x00007ffff7af10c5 in scm_c_with_continuation_barrier ()
at /usr/lib/x86_64-linux-gnu/libguile-2.2.so.1
#14 0x00007ffff7b619ec in () at /usr/lib/x86_64-linux-gnu/libguile-2.2.so.1
#15 0x00007ffff7252c42 in GC_call_with_stack_base ()
at /usr/lib/x86_64-linux-gnu/libgc.so.1
#16 0x00007ffff7b61d08 in scm_with_guile ()
at /usr/lib/x86_64-linux-gnu/libguile-2.2.so.1
#17 0x00007ffff78a16db in start_thread (arg=0x7ffff3504700)
at pthread_create.c:463
#18 0x00007ffff75ca88f in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb)
---cut here---
The attribute deallocated twice has address 0x55555658ff60. It is
allocated by function pango_attr_color_new at the start of the log.
By comparing the properties of this attribute printed after calls to
pango_attr_list_unref and pango_attribute_destroy at the end of the
log it can be seen that the contents of the attribute have got
corrupted after the first deallocation (of course, this is not an
error).
The files related to this bug can be found at
http://www.iki.fi/tohoyn/theme-d/theme-d-gnome-bug1.tar.bz2
There is a version file pango-attributes.c containing extra debug
information in the package. If you use that you also have to set the
environment variable G_MESSAGES_DEBUG (to value "all") so that the log
messages get printed. When I removed the Pango-related procedure
calls from the program the bug disappeared. When I added the same
Pango operations to the original version of calc.scm in guile-gnome
the bug did not occur. IMHO the variable attrlist should not be
deallocated at all in the position where it is done now since it is
defined in the surrounding let expression.
I use guile 2.2.3 and guile-gnome 2.16.5 on Ubuntu 18.04.
Steps to reproduce the bug:
1. Unpack file theme-d-gnome-bug1.tar.bz2 and cd to subdirectory
theme-d-gnome-bug1.
2. Launch script init.sh.
3. Launch script launch-gdb.sh.
4. Give command run.
5. After guile starts give the following commands:
(load "rtp.scm")
(__main (list "" "calc-9.go"))
Does anyone have ideas how to fix this?
- Tommi Höynälänmaa
next reply other threads:[~2018-06-05 12:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-05 12:29 Tommi Höynälänmaa [this message]
2018-06-05 20:28 ` A Pango attribute deallocated twice Mark H Weaver
2018-06-06 13:17 ` Tommi Höynälänmaa
2018-06-07 15:10 ` Tommi Höynälänmaa
2018-06-09 1:05 ` Mark H Weaver
2018-06-09 15:10 ` Tommi Höynälänmaa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/guile/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dc2e2f7c-3ee6-eba0-1a07-021dcf4e3f75@student.tut.fi \
--to=tommi.hoynalanmaa@student.tut.fi \
--cc=guile-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).