Page MenuHomePhabricator

Memory corruption, leading to segfault
Open, Incoming QueuePublic

Description

Sometimes, when switching between tabs, terminology segfaults. This is pretty rare and very difficult to reproduce, but damn annoying. I'm using commit 5e5889338e85e4eb7daa8cd3bd953d5f9ce4f54c, but it is not a very recent issue.

I managed to get a GDB backtrace, but I'm afraid it won't help much. The only thing I can deduce of this is that there is memory corruption somewhere, and it makes malloc() panic.

Thread 1 "terminology" received signal SIGSEGV, Segmentation fault.
_int_malloc (av=av@entry=0x7ffff4de5c20 <main_arena>, bytes=bytes@entry=24)
    at malloc.c:3842
3842	malloc.c: No such file or directory.
(gdb) bt
#0  _int_malloc (av=av@entry=0x7ffff4de5c20 <main_arena>, bytes=bytes@entry=24) at malloc.c:3842
#1  0x00007ffff4a9b77b in __libc_calloc (n=<optimized out>, elem_size=<optimized out>) at malloc.c:3438
#2  0x00007ffff6ae700b in evas_common_text_props_content_create (_fi=0x55555600e7b0, 
    text=0x7fffffffb734 L" \x5600e7b0啕\x5600e7b0啕\xa044ca00\xfb6c71a3\x55e85d50啕\x5648de90啕\001", text_props=0x555556213ff0, par_props=0x0, par_pos=0, len=1, 
    mode=EVAS_TEXT_PROPS_MODE_NONE, lang=0x555555e3ab6c "en_US") at ../../src/lib/evas/common/evas_text_utils.c:531
#3  0x00007ffff69ea519 in evas_object_textgrid_row_text_append (is_italic=<optimized out>, is_bold=<optimized out>, a=<optimized out>, b=<optimized out>, g=<optimized out>, 
    r=<optimized out>, codepoint=<optimized out>, x=1792, o=0x55555648dfc0, obj=<optimized out>, row=0x555555f16e70) at ../../src/lib/evas/canvas/evas_object_textgrid.c:350
#4  evas_object_textgrid_render (eo_obj=<optimized out>, obj=<optimized out>, type_private_data=0x55555648dfc0, engine=<optimized out>, output=<optimized out>, 
    context=<optimized out>, surface=<optimized out>, x=<optimized out>, y=<optimized out>, do_async=<optimized out>) at ../../src/lib/evas/canvas/evas_object_textgrid.c:487
#5  0x00007ffff69f8d83 in evas_render_mapped (evas=evas@entry=0x55555597a8b0, eo_obj=eo_obj@entry=0x4000001e95ca, obj=obj@entry=0x55555648de90, 
    context=context@entry=0x555555e8e490, output=output@entry=0x5555559c39d0, surface=surface@entry=0x555555b71100, off_x=<optimized out>, off_y=<optimized out>, 
    mapped=<optimized out>, ecx=<optimized out>, ecy=<optimized out>, ecw=<optimized out>, ech=<optimized out>, proxy_render_data=<optimized out>, level=<optimized out>, 
    do_async=<optimized out>) at ../../src/lib/evas/canvas/evas_render.c:2288
#6  0x00007ffff69faece in evas_render_updates_internal_loop (eo_e=eo_e@entry=0x40000000eda6, evas=evas@entry=0x55555597a8b0, output=0x5555559c39d0, 
    surface=surface@entry=0x555555b71100, context=context@entry=0x555555e8e490, top=top@entry=0x0, ux=0, uy=0, uw=1920, uh=1025, cx=0, cy=0, cw=1920, ch=1025, fx=0, fy=0, 
    skip_cutouts=0 '\000', cutout_margin=0x0, alpha=0 '\000', do_async=0 '\000', offset=0x7fffffffbae0, level=0) at ../../src/lib/evas/canvas/evas_render.c:3075
#7  0x00007ffff69fd299 in evas_render_updates_internal (eo_e=eo_e@entry=0x40000000eda6, make_updates=make_updates@entry=1 '\001', do_draw=do_draw@entry=1 '\001', 
    do_async=do_async@entry=0 '\000') at ../../src/lib/evas/canvas/evas_render.c:3511
#8  0x00007ffff69fe5b3 in evas_render_updates_internal_wait (eo_e=eo_e@entry=0x40000000eda6, make_updates=make_updates@entry=1 '\001', do_draw=1 '\001')
    at ../../src/lib/evas/canvas/evas_render.c:3931
#9  0x00007ffff69ff30e in _evas_canvas_render_updates (eo_e=0x40000000eda6, e=<optimized out>) at ../../src/lib/evas/canvas/evas_render.c:3956
#10 0x00007ffff697942e in evas_canvas_render_updates (obj=0x40000000eda6) at ../src/lib/evas/canvas/evas_canvas.eo.c:236
#11 0x00007ffff697dc75 in evas_render_updates (obj=<optimized out>) at ../src/lib/evas/canvas/evas_canvas.eo.c:797
#12 0x00007fffdfbef935 in _ecore_evas_x_render (ee=0x555555976450) at ../../src/modules/ecore_evas/engines/x/ecore_evas_x.c:805
#13 0x00007ffff647ed5d in _ecore_evas_idle_enter (data=<optimized out>) at ../../src/lib/ecore_evas/ecore_evas.c:284
#14 0x00007ffff66b306f in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at ../../src/lib/ecore/ecore_private.h:379
#15 _ecore_factorized_idle_process (data=0x55555580f340, event=<optimized out>) at ../../src/lib/ecore/ecore_idler.c:35
#16 0x00007ffff43e3bef in _event_callback_call (legacy_compare=0 '\000', event_info=<optimized out>, desc=0x7ffff68fc9b0 <_EFL_LOOP_EVENT_IDLE_ENTER>, pd=0x555555800ab0, 
    obj_id=<optimized out>) at ../../src/lib/eo/eo_base_class.c:1519
#17 _efl_object_event_callback_call (obj_id=<optimized out>, pd=0x555555800ab0, desc=0x7ffff68fc9b0 <_EFL_LOOP_EVENT_IDLE_ENTER>, event_info=<optimized out>)
    at ../../src/lib/eo/eo_base_class.c:1603
#18 0x00007ffff43de73e in efl_event_callback_call (obj=obj@entry=0x40000000016b, desc=0x7ffff68fc9b0 <_EFL_LOOP_EVENT_IDLE_ENTER>, event_info=event_info@entry=0x0)
    at ../../src/lib/eo/eo_base_class.c:1606
#19 0x00007ffff66b5af1 in _ecore_main_loop_iterate_internal (obj=0x40000000016b, pd=0x555555800b00, once_only=0) at ../../src/lib/ecore/ecore_main.c:2343
#20 0x00007ffff66b63d5 in _ecore_main_loop_begin (obj=0x40000000016b, pd=pd@entry=0x555555800b00) at ../../src/lib/ecore/ecore_main.c:1162
#21 0x00007ffff66bb449 in _efl_loop_begin (obj=<optimized out>, pd=0x555555800b00) at ../../src/lib/ecore/efl_loop.c:85
#22 0x00007ffff66bbc0e in efl_loop_begin (obj=0x40000000016b) at ../src/lib/ecore/efl_loop.eo.c:44
#23 0x00007ffff66b64a7 in ecore_main_loop_begin () at ../../src/lib/ecore/ecore_main.c:1235
#24 0x0000555555574e43 in elm_main (argc=1, argv=0x7fffffffe2e8) at ../src/bin/main.c:983
#25 0x0000555555574f5c in main (argc=1, argv=0x7fffffffe2e8) at ../src/bin/main.c:1022