[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
gEDA-bug: [ geda-Bugs-1530586 ] Tricky gschem segfault in autosave code
Bugs item #1530586, was opened at 2006-07-28 19:13
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=818426&aid=1530586&group_id=161080
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: gschem
Group: CVS
Status: Open
Resolution: None
Priority: 5
Submitted By: Peter Clifton (petercjclifton)
Assigned to: Nobody/Anonymous (nobody)
Summary: Tricky gschem segfault in autosave code
Initial Comment:
A segfault which I catch very very occasionally, which
trips out in s_page_autosave(...)
Unfortunatly, I've not caught a backtrace of it yet
from a codebase I can trust as not having introduced
the bug myself.
Since then, I've been watching for it on a CVS head
version, so I can be sure its not anything of mine
triggering it.
(I turned up the autosave timeout by removing the *
1000 - seconds to
milliseconds in the code, so I can set a save timeout
of 100ms from the
gschemrc file. This ought to catch the bug more often).
Valgrind output ( from CVS head build ):
==18659== Invalid read of size 4
==18659== at 0x405196C: s_page_autosave (s_page.c:546)
==18659== by 0x43C0ACC: g_timeout_dispatch (in
/usr/lib/libglib-2.0.so.0.1000.3)
==18659== by 0x43BC9B2: g_main_dispatch (in
/usr/lib/libglib-2.0.so.0.1000.3)
==18659== by 0x43BF10F: g_main_context_iterate (in
/usr/lib/libglib-2.0.so.0.1000.3)
==18659== by 0x43BF499: g_main_loop_run (in
/usr/lib/libglib-2.0.so.0.1000.3)
==18659== by 0x4581714: gtk_main (in
/usr/lib/libgtk-x11-2.0.so.0.800.19)
==18659== by 0x8059F00: main_prog (gschem.c:355)
==18659== by 0x40BE819: scm_boot_guile (in
/usr/lib/libguile.so.12.3.0)
==18659== by 0x805A0DD: main (gschem.c:382)
==18659== Address 0x4CC73E0 is 33,800 bytes inside a
block of size 34,188 free'd
==18659== at 0x401C66F: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==18659== by 0x43C65A3: g_free (in
/usr/lib/libglib-2.0.so.0.1000.3)
==18659== by 0x4055B1F: s_toplevel_delete
(s_toplevel.c:491)
==18659== by 0x808AB22: x_window_close (x_window.c:1036)
==18659== by 0x8079DAF: exit_dialog_ok (x_dialog.c:1660)
==18659== by 0x436EB75:
g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1000.3)
==18659== by 0x4356F68: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1000.3)
==18659== by 0x436D590: signal_emit_unlocked_R (in
/usr/lib/libgobject-2.0.so.0.1000.3)
==18659== by 0x436E4C3: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1000.3)
==18659== by 0x436E785: g_signal_emit (in
/usr/lib/libgobject-2.0.so.0.1000.3)
==18659== by 0x4484751: gtk_real_button_released (in
/usr/lib/libgtk-x11-2.0.so.0.800.19)
==18659== by 0x436EB75:
g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1000.3)
==18659==
==18659== Invalid read of size 4
==18659== at 0x4051976: s_page_autosave (s_page.c:553)
==18659== by 0x43C0ACC: g_timeout_dispatch (in
/usr/lib/libglib-2.0.so.0.1000.3)
==18659== by 0x43BC9B2: g_main_dispatch (in
/usr/lib/libglib-2.0.so.0.1000.3)
==18659== by 0x43BF10F: g_main_context_iterate (in
/usr/lib/libglib-2.0.so.0.1000.3)
==18659== by 0x43BF499: g_main_loop_run (in
/usr/lib/libglib-2.0.so.0.1000.3)
==18659== by 0x4581714: gtk_main (in
/usr/lib/libgtk-x11-2.0.so.0.800.19)
==18659== by 0x8059F00: main_prog (gschem.c:355)
==18659== by 0x40BE819: scm_boot_guile (in
/usr/lib/libguile.so.12.3.0)
==18659== by 0x805A0DD: main (gschem.c:382)
==18659== Address 0x4CBF0EC is 276 bytes inside a
block of size 34,188 free'd
==18659== at 0x401C66F: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==18659== by 0x43C65A3: g_free (in
/usr/lib/libglib-2.0.so.0.1000.3)
==18659== by 0x4055B1F: s_toplevel_delete
(s_toplevel.c:491)
==18659== by 0x808AB22: x_window_close (x_window.c:1036)
==18659== by 0x8079DAF: exit_dialog_ok (x_dialog.c:1660)
==18659== by 0x436EB75:
g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1000.3)
==18659== by 0x4356F68: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1000.3)
==18659== by 0x436D590: signal_emit_unlocked_R (in
/usr/lib/libgobject-2.0.so.0.1000.3)
==18659== by 0x436E4C3: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1000.3)
==18659== by 0x436E785: g_signal_emit (in
/usr/lib/libgobject-2.0.so.0.1000.3)
==18659== by 0x4484751: gtk_real_button_released (in
/usr/lib/libgtk-x11-2.0.so.0.800.19)
==18659== by 0x436EB75:
g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1000.3)
==18659==
So, the toplevel is being free'd as the window closes,
and the autosave timer is sometimes hitting after that.
I'm not 100% sure that this is the only case in which
the auto-save timer causes a crash, but its the main
one I've been able to reproduce occasionally. I think
I've also seen it crash out there whilst gschem is just
sitting before now, and the immediate cause is a
corrupt toplevel pointer, or page linked list.
(Its usually a page it can't access in the linked list,
but this may be as the toplevel is wrong, a
wild-goosechase along a random linked list ensues until
it hits a bad memory pointer.
I'd be inclined _not_ to do the obvious thing and
disable the auto-save timer as gschem closes _just
yet_, incase it masks any other potential triggers of
this bug.
Peter Clifton
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=818426&aid=1530586&group_id=161080
_______________________________________________
geda-bug mailing list
geda-bug@xxxxxxxxxxxxxx
http://www.seul.org/cgi-bin/mailman/listinfo/geda-bug