Package: librrd-dev Version: 1.4.8-1.1+b1 Severity: important Hi,
I'm generating graphs using librrd from within a c++ program. I link against the _th version which should be thread safe. My c++ program contains a webserver. If I keep F5 pressed in my browser and thus let tons of graphs be drawn in paralel, then rrdtool crashes and goes into a loop spewing glib errors. I tried wrapping the call to rrd_graph in a mutex so that only one instance is running at a time but that did not help. According to valgrind the following goes wrong: ==29025== Thread 8: ==29025== Invalid read of size 8 ==29025== at 0xADD6C2E: pango_cairo_font_map_create_context (pangocairo-fontmap.c:285) ==29025== by 0x6470CF9: rrd_graph_init (in /usr/lib/librrd_th.so.4.2.1) ==29025== by 0x647581E: rrd_graph_v (in /usr/lib/librrd_th.so.4.2.1) ==29025== by 0x6475B62: rrd_graph (in /usr/lib/librrd_th.so.4.2.1) ==29025== by 0x41B761: draw_RRD_file(char const*, char const*, char**, unsigned long*) (rrdtool.cpp:114) ==29025== by 0x417F4D: get_graph_cgi(MHD_Connection*, std::vector<std::pair<std::string, std::string>, std::allocator<std::pair<std::string, std::string> > >*) (webserver.cpp:451) ==29025== by 0x4182FD: request_handler(void*, MHD_Connection*, char const*, char const*, char const*, char const*, unsigned long*, void**) (webserver.cpp:551) ==29025== by 0x4E38011: ??? (in /usr/lib/x86_64-linux-gnu/libmicrohttpd.so.10.27.0) ==29025== by 0x4E391FF: ??? (in /usr/lib/x86_64-linux-gnu/libmicrohttpd.so.10.27.0) ==29025== by 0x4E3CEED: ??? (in /usr/lib/x86_64-linux-gnu/libmicrohttpd.so.10.27.0) ==29025== by 0x6EB50A3: start_thread (pthread_create.c:309) ==29025== by 0x71AFFBC: clone (clone.S:111) ==29025== Address 0x12558bc0 is 112 bytes inside a block of size 176 free'd ==29025== at 0x4C2970C: free (vg_replace_malloc.c:468) ==29025== by 0xB25CE31: g_type_free_instance (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4000.0) ==29025== by 0xAFF4831: pango_context_finalize (pango-context.c:118) ==29025== by 0xB240316: g_object_unref (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4000.0) ==29025== by 0xAFFC176: pango_layout_finalize (pango-layout.c:286) ==29025== by 0xB240316: g_object_unref (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4000.0) ==29025== by 0x6469E52: im_free (in /usr/lib/librrd_th.so.4.2.1) ==29025== by 0x64759FB: rrd_graph_v (in /usr/lib/librrd_th.so.4.2.1) ==29025== by 0x6475B62: rrd_graph (in /usr/lib/librrd_th.so.4.2.1) ==29025== by 0x41B761: draw_RRD_file(char const*, char const*, char**, unsigned long*) (rrdtool.cpp:114) ==29025== by 0x417F4D: get_graph_cgi(MHD_Connection*, std::vector<std::pair<std::string, std::string>, std::allocator<std::pair<std::string, std::string> > >*) (webserver.cpp:451) ==29025== by 0x4182FD: request_handler(void*, MHD_Connection*, char const*, char const*, char const*, char const*, unsigned long*, void**) (webserver.cpp:551) So it looks like either rrdtool or pango are trying to use memory that already had been freed. It also does something odd when setting up a cairo font map: ==29025== Invalid read of size 8 ==29025== at 0xADD6C36: pango_cairo_font_map_create_context (pangocairo-fontmap.c:285) ==29025== by 0x6470CF9: rrd_graph_init (in /usr/lib/librrd_th.so.4.2.1) ==29025== by 0x647581E: rrd_graph_v (in /usr/lib/librrd_th.so.4.2.1) ==29025== by 0x6475B62: rrd_graph (in /usr/lib/librrd_th.so.4.2.1) ==29025== by 0x41B761: draw_RRD_file(char const*, char const*, char**, unsigned long*) (rrdtool.cpp:114) ==29025== by 0x417F4D: get_graph_cgi(MHD_Connection*, std::vector<std::pair<std::string, std::string>, std::allocator<std::pair<std::string, std::string> > >*) (webserver.cpp:451) ==29025== by 0x4182FD: request_handler(void*, MHD_Connection*, char const*, char const*, char const*, char const*, unsigned long*, void**) (webserver.cpp:551) ==29025== by 0x4E38011: ??? (in /usr/lib/x86_64-linux-gnu/libmicrohttpd.so.10.27.0) ==29025== by 0x4E391FF: ??? (in /usr/lib/x86_64-linux-gnu/libmicrohttpd.so.10.27.0) ==29025== by 0x4E3CEED: ??? (in /usr/lib/x86_64-linux-gnu/libmicrohttpd.so.10.27.0) ==29025== by 0x6EB50A3: start_thread (pthread_create.c:309) ==29025== by 0x71AFFBC: clone (clone.S:111) ==29025== Address 0xb9b9b9b9b9b9b9b9 is not stack'd, malloc'd or (recently) free'd Note that the 0xb9... pattern comes from the valgrind command-line I use: valgrind --show-reachable=yes --leak-check=full --read-var-info=yes --track-origins=yes --malloc-fill=93 --free-fill=b9 --error-limit=no The errors outputted are by the way: (process:10571): Pango-CRITICAL **: pango_cairo_font_map_create_context: assertion 'PANGO_IS_CAIRO_FONT_MAP (fontmap)' failed (process:10571): GLib-GObject-CRITICAL **: g_object_get_qdata: assertion 'G_IS_OBJECT (object)' failed (process:10571): GLib-GObject-CRITICAL **: g_object_replace_qdata: assertion 'G_IS_OBJECT (object)' failed (process:10571): GLib-GObject-CRITICAL **: g_object_get_qdata: assertion 'G_IS_OBJECT (object)' failed (process:10571): GLib-GObject-CRITICAL **: g_object_replace_qdata: assertion 'G_IS_OBJECT (object)' failed [...] -- System Information: Debian Release: jessie/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-rc6-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages librrd-dev depends on: ii libc6-dev [libc-dev] 2.19-9 ii libcairo2-dev 1.12.16-2 ii libfreetype6-dev 2.5.2-1.1 ii libpango1.0-dev 1.36.6-1 ii libpng12-dev 1.2.50-2 ii librrd4 1.4.8-1.1+b1 ii libxml2-dev 2.9.1+dfsg1-3 ii zlib1g-dev 1:1.2.8.dfsg-1 librrd-dev recommends no packages. librrd-dev suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org