[cairo] use after free causes sporadic assertion fail

Claude Heiland-Allen claude at mathr.co.uk
Sat Aug 3 07:30:24 PDT 2013

Hi all,

The attached log from valgrind shows a use after free, which results
in an assertion failure.  Inspecting with gdb seems to show a font is
removed from a cache, which requires looking up its key in a hash
table, which aborts when the key isn't found - this can happen when
the key contains garbage as the memory was already freed.  I tried
using ltrace to see the sequence of events leading to the crash, but
unfortunately ltrace itself crashed earlier.  I'm using Debian Stable
(Wheezy) with libcairo2 1.12.14-4 from Testing (Jessie).

My program is written in Haskell using the diagrams [1] library with
its cairo backend [2].  My program is multithreaded but this should be
safe as cairo is threadsafe [3], and each of my threads should be
independent regarding any calls to cairo.  I'm using Haskell's forkOS
[4] to ensure that each Haskell thread makes all its 'safe' foreign
calls to cairo from the same OS thread.  The lower level Haskell cairo
bindings [5] seem to use 'safe' foreign calls throughout [6].  I
haven't been able to reproduce this crash in a single-threaded version
of my program.

Any suggestions for further debugging steps I might take to help fix
this bug are welcome.


[1] http://projects.haskell.org/diagrams/
[2] http://hackage.haskell.org/package/diagrams-cairo
[5] http://hackage.haskell.org/package/cairo

