URL:
<http://gna.org/bugs/?22047>
Summary: Crash in gtk_text_layout_get_cursor_locations() on
"Connect to network game"
Project: Freeciv
Submitted by: jtn
Submitted on: Sun 18 May 2014 12:58:01 BST
Category: client-gtk-2.0
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Assigned to: None
Originator Email:
Open/Closed: Open
Release: trunk r24892
Discussion Lock: Any
Operating System: GNU/Linux
Planned Release: 2.6.0
_______________________________________________________
Details:
(Found while verifying fix for bug #21896.)
Trunk code on Ubuntu 12.04 amd64: start client/freeciv-gtk2; press Alt-O for
"connect to network game". Crashed immediately in 8 of 17 trials.
The crash details differ (just a segfault, "double free or corruption", etc),
but the function gtk_text_layout_get_cursor_locations() is always in the
backtrace (so may be the same as bug #21575).
The metaserver thread appears quiescent (in ppoll()) in all the coredumps, so
this isn't as obviously a thread-safety issue as bug #21896 was.
Not tried branches other than trunk.
Some backtraces (main thread):
----
Most common symptom: seen in 7 of 8 crashes.
#0 0x00007fc22a4cc425 in __GI_raise (sig=<optimised out>)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
resultvar = 0
pid = <optimised out>
selftid = 6789
#1 0x00007fc22a4cfb8b in __GI_abort () at abort.c:91
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x4, sa_sigaction = 0x4},
sa_mask = {__val = {5, 140733887709049, 19, 140471911392743, 3,
140733887697754, 6, 140471911392747, 2, 140733887697774, 2,
140471911383746, 1, 140471911392743, 3, 140733887697748}},
sa_flags = 12, sa_restorer = 0x7fc22a6125eb}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007fc22a50a39e in __libc_message (do_abort=2,
fmt=0x7fc22a614748 "*** glibc detected *** %s: %s: 0x%s ***\n")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:201
ap = {{gp_offset = 40, fp_offset = 48,
overflow_arg_area = 0x7fff29625cd0,
reg_save_area = 0x7fff29625be0}}
ap_copy = {{gp_offset = 16, fp_offset = 48,
overflow_arg_area = 0x7fff29625cd0,
reg_save_area = 0x7fff29625be0}}
fd = 11
on_2 = <optimised out>
list = <optimised out>
nlist = <optimised out>
cp = <optimised out>
written = <optimised out>
#3 0x00007fc22a514b96 in malloc_printerr (action=3,
str=0x7fc22a614938 "double free or corruption (fasttop)",
ptr=<optimised out>) at malloc.c:5039
buf = "00000000045228c0"
cp = <optimised out>
#4 0x00007fc22b3a5176 in gtk_text_layout_get_cursor_locations ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#5 0x00007fc22b3b0d40 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#6 0x00007fc22b3b0d77 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#7 0x00007fc22b3b0dd3 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#8 0x00007fc22af2bd56 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
No symbol table info available.
#9 0x00007fc22be85d13 in g_main_context_dispatch ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#10 0x00007fc22be86060 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#11 0x00007fc22be8645a in g_main_loop_run ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#12 0x00007fc22b2f4397 in gtk_main ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#13 0x000000000044d1e9 in ui_main (argc=1, argv=0x7fff296263a8)
at gui_main.c:1677
home = <optimised out>
sig = <optimised out>
__FUNCTION__ = "ui_main"
#14 0x0000000000476f58 in client_main (argc=1, argv=0x7fff296263a8)
at client_main.c:620
i = 1
loglevel = LOG_NORMAL
ui_options = <optimised out>
ui_separator = <optimised out>
option = <optimised out>
user_tileset = <optimised out>
fatal_assertions = -1
aii = <optimised out>
__FUNCTION__ = "client_main"
#15 0x00007fc22a4b776d in __libc_start_main (main=0x449f40 <main>, argc=1,
ubp_av=0x7fff296263a8, init=<optimised out>, fini=<optimised out>,
rtld_fini=<optimised out>, stack_end=0x7fff29626398) at libc-start.c:226
result = <optimised out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -8850937098092952370,
4497224, 140733887701920, 0, 0, 8851109690452985038,
8840411090749211854}, mask_was_saved = 0}}, priv = {pad = {
0x0, 0x0, 0x646fc0, 0x7fff296263a8}, data = {prev = 0x0,
cleanup = 0x0, canceltype = 6582208}}}
not_first_call = <optimised out>
#16 0x0000000000449f71 in _start ()
No symbol table info available.
----
Seen once. In this case the console showed
(freeciv-gtk2:7340): GLib-GObject-CRITICAL **: g_object_ref: assertion
`object->ref_count > 0' failed
Program terminated with signal 11, Segmentation fault.
#0 0x00007f2f024090ab in g_slist_foreach ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#1 0x00007f2f0190c33e in gtk_text_layout_free_line_display ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#2 0x00007f2f0190e176 in gtk_text_layout_get_cursor_locations ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#3 0x00007f2f01919d40 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#4 0x00007f2f01919d77 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#5 0x00007f2f01919dd3 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#6 0x00007f2f01494d56 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
No symbol table info available.
#7 0x00007f2f023eed13 in g_main_context_dispatch ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#8 0x00007f2f023ef060 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#9 0x00007f2f023ef45a in g_main_loop_run ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#10 0x00007f2f0185d397 in gtk_main ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#11 0x000000000044d1e9 in ui_main (argc=1, argv=0x7fffd36d2db8)
at gui_main.c:1677
home = <optimised out>
sig = <optimised out>
__FUNCTION__ = "ui_main"
#12 0x0000000000476f58 in client_main (argc=1, argv=0x7fffd36d2db8)
at client_main.c:620
i = 1
loglevel = LOG_NORMAL
ui_options = <optimised out>
ui_separator = <optimised out>
option = <optimised out>
user_tileset = <optimised out>
fatal_assertions = -1
aii = <optimised out>
__FUNCTION__ = "client_main"
#13 0x00007f2f00a2076d in __libc_start_main (main=0x449f40 <main>, argc=1,
ubp_av=0x7fffd36d2db8, init=<optimised out>, fini=<optimised out>,
rtld_fini=<optimised out>, stack_end=0x7fffd36d2da8) at libc-start.c:226
result = <optimised out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -1061003639017951652,
4497224, 140736740535728, 0, 0, 1060923260418403932,
1087777140404923996}, mask_was_saved = 0}}, priv = {pad = {
0x0, 0x0, 0x646fc0, 0x7fffd36d2db8}, data = {prev = 0x0,
cleanup = 0x0, canceltype = 6582208}}}
not_first_call = <optimised out>
#14 0x0000000000449f71 in _start ()
No symbol table info available.
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?22047>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
_______________________________________________
Freeciv-dev mailing list
[email protected]
https://mail.gna.org/listinfo/freeciv-dev
