Comment #2 on issue 9592 by [email protected]: Chromium Linux segfaults on exit because of a ref-counting bug in ChromeFont http://code.google.com/p/chromium/issues/detail?id=9592
I see something similar in the ipc tests, and the valgrind builder seems to have caught it about an hour ago... http://build.chromium.org/buildbot/waterfall/builders/Modules Linux (valgrind)/builds/149/steps/valgrind test%3A ipc/logs/stdio Here's the stack trace I get in gdb in ipc_tests: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb71fc720 (LWP 12188)] 0xb74d114f in std::_Rb_tree_decrement (__x=0x959b3b8) at ../../../../src/libstdc++-v3/src/tree.cc:94 94 ../../../../src/libstdc++-v3/src/tree.cc: No such file or directory. in ../../../../src/libstdc++-v3/src/tree.cc (gdb) bt #0 0xb74d114f in std::_Rb_tree_decrement (__x=0x959b3b8) at ../../../../src/libstdc++-v3/src/tree.cc:94 #1 0x0822888d in std::_Rb_tree_iterator<std::pair<std::string const, unsigned int> > ::operator-- (this=0xbf87c810) at /usr/include/c++/4.2/bits/stl_tree.h:198 #2 0x08229496 in std::_Rb_tree<std::string, std::pair<std::string const, unsigned int>, std::_Select1st<std::pair<std::string const, unsigned int> >, std::less<std::string>, std::allocator<std::pair<std::string const, unsigned int> > > ::_M_insert_unique (this=0x959b3b4, _...@0xbf87c8dc) at /usr/include/c++/4.2/bits/stl_tree.h:988 #3 0x08229614 in std::_Rb_tree<std::string, std::pair<std::string const, unsigned int>, std::_Select1st<std::pair<std::string const, unsigned int> >, std::less<std::string>, std::allocator<std::pair<std::string const, unsigned int> > > ::_M_insert_unique (this=0x959b3b4, __position= {_M_node = 0x959b3b8}, _...@0xbf87c8dc) at /usr/include/c++/4.2/bits/stl_tree.h:1008 #4 0x0822993b in std::map<std::string, unsigned int, std::less<std::string>, std::allocator<std::pair<std::string const, unsigned int> > >::insert ( this=0x959b3b4, __position={_M_node = 0x959b3b8}, _...@0xbf87c8dc) at /usr/include/c++/4.2/bits/stl_map.h:427 #5 0x08229a24 in std::map<std::string, unsigned int, std::less<std::string>, std::allocator<std::pair<std::string const, unsigned int> > >::operator[] (this=0x959b3b4, _...@0xbf87c924) at /usr/include/c++/4.2/bits/stl_map.h:350 #6 0x08226b49 in FileIdFromFilename (filename=0x9604750 "/usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf") at /home/dkegel/chromium/src/skia/ports/SkFontHost_fontconfig.cpp:202 #7 0x0822719f in SkFontHost::FindTypeface (familyFace=0x0, familyName=0x95f3eec "Sans", style=SkTypeface::kNormal) at /home/dkegel/chromium/src/skia/ports/SkFontHost_fontconfig.cpp:280 #8 0x08224072 in SkTypeface::Create (name=0x95f3eec "Sans", style=kNormal) at /home/dkegel/chromium/src/skia/sgl/SkTypeface.cpp:28 #9 0x08dfff63 in ChromeFont::CreateFont (font_na...@0xbf87cc18, font_size=10) at common/gfx/chrome_font_skia.cc:87 #10 0x08dff3a8 in ChromeFont (this=0x95b3bc0) at common/gfx/chrome_font_gtk.cc:37 #11 0x090b03f9 in __static_initialization_and_destruction_0 (__initialize_p=1, __priority=65535) at browser/gtk/tabs/tab_renderer_gtk.cc:59 #12 0x090b0432 in global constructors keyed to _ZNSt3tr165_GLOBAL__N_browser_gtk_tabs_tab_renderer_gtk.cc_00000000_7734FAEC6ignoreE () at browser/gtk/tabs/tab_renderer_gtk.cc:382 #13 0x09271a45 in __do_global_ctors_aux () #14 0x080545a8 in _init () #15 0x092718e9 in __libc_csu_init () #16 0xb730d3f1 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #17 0x08057cb1 in _start () -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
