[Fontconfig] fontconfig: Branch 'master' - 23 commits

Behdad Esfahbod behdad at behdad.org
Mon Jan 7 19:57:06 PST 2013


On 13-01-07 08:40 PM, Raimund Steger wrote:
> Behdad Esfahbod wrote:
>> Oh, my bad.  That was against an old fontconfig.  With new one I see malloc
>> failures, perhaps because of a memory corruption...  Investigating.
> 
> Yes, that sounds more like it.

It's weird because I can't reproduce any error under valgrind, while it
crashes quickly in gdb.

These are what I commonly get:

#2  0x00007ffff7622bc0 in malloc_printerr (action=<optimized out>,
    str=0x7ffff7722388 "malloc(): memory corruption (fast)",
    ptr=<optimized out>) at malloc.c:5012
#3  0x00007ffff76253e8 in _int_malloc (av=0x7ffff795c720 <main_arena>,
    bytes=33) at malloc.c:3470
#4  0x00007ffff76256d6 in malloc_check (sz=32, caller=<optimized out>)
    at hooks.c:233
#5  0x00007ffff7babb22 in FcConfigValues (p=0x67db80, p_pat=0x0,
    kind=FcMatchPattern, e=0x6127a8, binding=FcValueBindingSame)
    at ../../src/fccfg.c:1296
#6  0x00007ffff7babf8f in IA__FcConfigSubstituteWithPat (
    config=<optimized out>, p=0x67db80, p_pat=0x0, kind=<optimized out>)
    at ../../src/fccfg.c:1600
#7  0x00000000004009fb in test_match (thr_num=92, test

and

#2  0x00007ffff7622bc0 in malloc_printerr (action=<optimized out>,
    str=0x7ffff7722388 "malloc(): memory corruption (fast)",
    ptr=<optimized out>) at malloc.c:5012
#3  0x00007ffff76253e8 in _int_malloc (av=0x7ffff795c720 <main_arena>,
    bytes=26) at malloc.c:3470
#4  0x00007ffff76256d6 in malloc_check (sz=25, caller=<optimized out>)
    at hooks.c:233
#5  0x00007ffff762cd72 in __GI___strdup (s=0x651970 "Bitstream Vera Sans Mono")
    at strdup.c:43
#6  0x00007ffff7bbb0e8 in IA__FcValueSave (v=...) at ../../src/fcpat.c:95
#7  0x00007ffff7bab4f3 in FcConfigEvaluate (p=0x6efc30, p_pat=0x0,
    kind=FcMatchPattern, e=0x60d380) at ../../src/fccfg.c:979
#8  0x00007ffff7babd3b in FcConfigMatchValueList (values=0x613600, t=0x6519d0,
    kind=FcMatchPattern, p_pat=0x0, p=0x6efc30) at ../../src/fccfg.c:1263
#9  IA__FcConfigSubstituteWithPat (config=<optimized out>, p=0x6efc30,
    p_pat=0x0, kind=<optimized out>) at ../../src/fccfg.c:1576
#10 0x00000000004009fb in test_match (thr_num=89, test_num=166)


I don't know how to proceed, short of wandering around fccfg code and looking
for trouble...  Downloading AddressSanitizer now, don't know if it's of any help.

b


> On Solaris, it depends on what malloc library I use. With the default malloc
> (non-scalable but threadsafe allocator), the crashes are often inside malloc.
> With libmtmalloc (multi-threaded allocator), they are often in FcStrListNext,
> called from FcConfigSubstituteWithPat, like:
> 
> sun2:fontconfig)dbx simple-pthread-test core
> [...]
> t at 2 (l at 2) terminated by signal SEGV (no mapping at the fault address)
> Current function is FcStrListNext
>  1258       return list->set->strs[list->n++];
> (dbx) where
> current thread: t at 2
> =>[1] FcStrListNext(list = 0x8161960), line 1258 in "fcstr.c"
>   [2] FcConfigSubstituteWithPat(config = 0x8065088, p = 0x8161948, p_pat =
> (nil), kind = FcMatchPattern), line 1508 in "fccfg.c"
>   [3] FcConfigSubstitute(config = (nil), p = 0x8161948, kind =
> FcMatchPattern), line 1729 in "fccfg.c"
>   [4] test_match(thr_num = 1, test_num = 40), line 53 in "simple-pthread-test.c"
>   [5] run_test_in_thread(arg = 0x8046e0c), line 68 in "simple-pthread-test.c"
>   [6] _thr_setup(0xfe720200), at 0xfee4875b
>   [7] _lwp_start(0x0, 0x8161964, 0x8161960, 0xfe82ef6c, 0xfeeefc1f,
> 0x8161960), at 0xfee48a60
> 
> 
> This is also what I have now seen on another box (FreeBSD 8.3, 8 core Opteron,
> 32 bit ABI, clang 3.0 -- which supports the GCC builtins -- with unmodified
> Git master):
> 
> bsd1:fontconfig)gdb simple-pthread-test simple-pthread-test.core
> [...]
> #0  0x280afc1c in IA__FcStrListNext (list=Variable "list" is not available.
> ) at fcstr.c:1258
> [...]
> (gdb) where
> #0  0x280afc1c in IA__FcStrListNext (list=Variable "list" is not available.
> ) at fcstr.c:1258
> #1  0x28096a41 in IA__FcConfigSubstituteWithPat (config=Unhandled dwarf
> expression opcode 0x0
> ) at fccfg.c:1508
> #2  0x28097534 in IA__FcConfigSubstitute (config=0x7e0e5f30, p=0x7e0e5f30,
>     kind=2114871088) at fccfg.c:1729
> #3  0x08048886 in test_match (thr_num=39, test_num=243)
>     at simple-pthread-test.c:53
> #4  0x080488ff in run_test_in_thread (arg=0x7fbfe8e4) at simple-pthread-test.c:68
> #5  0x280cb76f in pthread_getprio () from /lib/libthr.so.3
> #6  0x00000000 in ?? ()
> 
> 
> 
> -Raimund
> 
> 
> 
> 
> 

-- 
behdad
http://behdad.org/


More information about the Fontconfig mailing list