Hi Denis, I have one program based on dfb-1.4.3. And when it quit, there will be a double free or double linked issue from glibc. In my program, It will release the surface, and then the dfb struct like: ... surface->Release(surface); dfb->Release(dfb); ...
I found there are two thread may free the same or overlap the buffer, one is First, dfb->Release(dfb) -->... -->fusion_arena_exit-->dfb_core_arena_leave-->dfb_core_leave-->...localLeavePool -->fusion_call_destroy and free action and another is Second, surface->Release(surface) --> ... --> IDirectFBSurface_Destruct--> dfb_surface_unref --> "make the ref of surface to zero" --> the fusion will call master to call "object_reference_watcher" -->surface_destructor-->dfb_surface_buffer_destroy-->dfb_surface_pool_deallocate-->localDeallocateBuffer--> ... -> local_surface_pool_call_handler --> free, and then it will remove the surface allocation from the pool->allocs by "remove_allocation" And if first thread completed, then do the second action, there is no problem, that because the "fusion_call_destroy" in first thread have destroy the call hander so that the second will not call local_surface_pool_call_handler. But if do the second thread first, and after this thread complete the free action but not "remove_allocation", current now the do the first thread, this thread will free same buffer the second time. Do you think it's a bug in 1.4.3? or I may miss something. If you think it's really a issue, could you give me some advise to fix it in 1.4.3 version. BTW, It's occur sometimes, not every time. I think it's the execution sequence(Most time do the first thread and then the second). And this process is not the master.
_______________________________________________ directfb-dev mailing list directfb-dev@directfb.org http://mail.directfb.org/cgi-bin/mailman/listinfo/directfb-dev
