Re: gEDA-dev: Another gschem crash

Thu, 14 Feb 2008 18:31:01 -0800 

On Fri, 2008-02-15 at 02:25 +0000, Peter Clifton wrote:
> This one has a slightly odd route to reproduce:
> 
> 1. Load gschem (getting a blank schematic).
> 2. Dirty it (say draw a net somewhere).
> 3. Create a new page.
> 4. Dirty that (say draw a net somewhere).
> 5. Close the current page (don't bother to save).
> 6. lose the gschem window (without saving).
> 7. Cancel out of the save confirmation dialog.
> 
> CRASH.
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread -1222043984 (LWP 16868)]
> 0xb74b2942 in strrchr () from /lib/tls/i686/cmov/libc.so.6
> (gdb) bt
> #0  0xb74b2942 in strrchr () from /lib/tls/i686/cmov/libc.so.6
> #1  0xb7ad488b in g_path_get_dirname () from /usr/lib/libglib-2.0.so.0
> #2  0xb7eab04b in s_page_goto (toplevel=0x80d74c0, p_new=0x8663588)
>     at s_page.c:274
> #3  0x0807b422 in x_dialog_close_window (w_current=0x80cfa78)
>     at x_dialog.c:4065
> #4  0x0808cf36 in x_window_close (w_current=0x80cfa78) at x_window.c:627
> #5  0x0805ed7a in i_callback_close_wm (widget=0x8144828,
> event=0x82d1b80, 
>     data=0x80cfa78) at i_callbacks.c:3557
> #6  0xb77481de in _gtk_marshal_BOOLEAN__BOXED (closure=0x81445d8, 
>     return_value=0xbf9df760, n_param_values=2, param_values=0xbf9df86c, 
>     invocation_hint=0xbf9df74c, marshal_data=0x805ed60)
>     at /build/buildd/gtk+2.0-2.12.0/gtk/gtkmarshalers.c:84


Valgrind seems to indicate that the badness in fact starts when the
second page dirty is closed without saving:


==16921== Invalid read of size 4
==16921==    at 0x407D040: s_page_goto (s_page.c:274)
==16921==    by 0x805B08F: g_keys_page_close (g_keys.c:307)
==16921==    by 0x40DC1B8: deval (eval.c:4122)
==16921==    by 0x40DD270: deval (eval.c:3384)
==16921==    by 0x40E1C79: scm_primitive_eval_x (eval.c:5906)
==16921==    by 0x4136307: inner_eval_string (strports.c:500)
==16921==    by 0x40E3A9D: scm_c_with_fluid (fluids.c:453)
==16921==    by 0x40FBFB4: scm_c_call_with_current_module (modules.c:91)
==16921==    by 0x4136560: scm_eval_string_in_module (strports.c:527)
==16921==    by 0x4136594: scm_eval_string (strports.c:535)
==16921==    by 0x41365C4: scm_c_eval_string (strports.c:481)
==16921==    by 0x805CBDD: g_keys_execute (g_keys.c:111)
==16921==  Address 0x7F5F0C8 is 40 bytes inside a block of size 2,132
free'd
==16921==    at 0x402237F: free (vg_replace_malloc.c:233)
==16921==    by 0x44389C0: g_free (in /usr/lib/libglib-2.0.so.0.1505.0)
==16921==    by 0x407D2D5: s_page_delete (s_page.c:217)
==16921==    by 0x808CA63: x_window_close_page (x_window.c:1019)
==16921==    by 0x807B5C2: x_dialog_close_changed_page (x_dialog.c:3943)
==16921==    by 0x805B08F: g_keys_page_close (g_keys.c:307)
==16921==    by 0x40DC1B8: deval (eval.c:4122)
==16921==    by 0x40DD270: deval (eval.c:3384)
==16921==    by 0x40E1C79: scm_primitive_eval_x (eval.c:5906)
==16921==    by 0x4136307: inner_eval_string (strports.c:500)
==16921==    by 0x40E3A9D: scm_c_with_fluid (fluids.c:453)
==16921==    by 0x40FBFB4: scm_c_call_with_current_module (modules.c:91)
==16921== 
==16921== Invalid read of size 1
==16921==    at 0x4023367: rindex (mc_replace_strmem.c:143)
==16921==    by 0x446388A: g_path_get_dirname
(in /usr/lib/libglib-2.0.so.0.1505.0)
==16921==    by 0x407D04A: s_page_goto (s_page.c:274)
==16921==    by 0x805B08F: g_keys_page_close (g_keys.c:307)
==16921==    by 0x40DC1B8: deval (eval.c:4122)
==16921==    by 0x40DD270: deval (eval.c:3384)
==16921==    by 0x40E1C79: scm_primitive_eval_x (eval.c:5906)
==16921==    by 0x4136307: inner_eval_string (strports.c:500)
==16921==    by 0x40E3A9D: scm_c_with_fluid (fluids.c:453)
==16921==    by 0x40FBFB4: scm_c_call_with_current_module (modules.c:91)
==16921==    by 0x4136560: scm_eval_string_in_module (strports.c:527)
==16921==    by 0x4136594: scm_eval_string (strports.c:535)
==16921==  Address 0x7E2D600 is 0 bytes inside a block of size 27 free'd
==16921==    at 0x402237F: free (vg_replace_malloc.c:233)
==16921==    by 0x44389C0: g_free (in /usr/lib/libglib-2.0.so.0.1505.0)
==16921==    by 0x407D2BB: s_page_delete (s_page.c:209)
==16921==    by 0x808CA63: x_window_close_page (x_window.c:1019)
==16921==    by 0x807B5C2: x_dialog_close_changed_page (x_dialog.c:3943)
==16921==    by 0x805B08F: g_keys_page_close (g_keys.c:307)
==16921==    by 0x40DC1B8: deval (eval.c:4122)
==16921==    by 0x40DD270: deval (eval.c:3384)
==16921==    by 0x40E1C79: scm_primitive_eval_x (eval.c:5906)
==16921==    by 0x4136307: inner_eval_string (strports.c:500)
==16921==    by 0x40E3A9D: scm_c_with_fluid (fluids.c:453)
==16921==    by 0x40FBFB4: scm_c_call_with_current_module (modules.c:91)
==16921== 
==16921== Invalid read of size 1
==16921==    at 0x4463891: g_path_get_dirname
(in /usr/lib/libglib-2.0.so.0.1505.0)
==16921==    by 0x407D04A: s_page_goto (s_page.c:274)
==16921==    by 0x805B08F: g_keys_page_close (g_keys.c:307)
==16921==    by 0x40DC1B8: deval (eval.c:4122)
==16921==    by 0x40DD270: deval (eval.c:3384)
==16921==    by 0x40E1C79: scm_primitive_eval_x (eval.c:5906)
==16921==    by 0x4136307: inner_eval_string (strports.c:500)
==16921==    by 0x40E3A9D: scm_c_with_fluid (fluids.c:453)
==16921==    by 0x40FBFB4: scm_c_call_with_current_module (modules.c:91)
==16921==    by 0x4136560: scm_eval_string_in_module (strports.c:527)
==16921==    by 0x4136594: scm_eval_string (strports.c:535)
==16921==    by 0x41365C4: scm_c_eval_string (strports.c:481)
==16921==  Address 0x7E2D60B is 11 bytes inside a block of size 27
free'd
==16921==    at 0x402237F: free (vg_replace_malloc.c:233)
==16921==    by 0x44389C0: g_free (in /usr/lib/libglib-2.0.so.0.1505.0)
==16921==    by 0x407D2BB: s_page_delete (s_page.c:209)
==16921==    by 0x808CA63: x_window_close_page (x_window.c:1019)
==16921==    by 0x807B5C2: x_dialog_close_changed_page (x_dialog.c:3943)
==16921==    by 0x805B08F: g_keys_page_close (g_keys.c:307)
==16921==    by 0x40DC1B8: deval (eval.c:4122)
==16921==    by 0x40DD270: deval (eval.c:3384)
==16921==    by 0x40E1C79: scm_primitive_eval_x (eval.c:5906)
==16921==    by 0x4136307: inner_eval_string (strports.c:500)
==16921==    by 0x40E3A9D: scm_c_with_fluid (fluids.c:453)
==16921==    by 0x40FBFB4: scm_c_call_with_current_module (modules.c:91)
==16921== 
==16921== Invalid read of size 1
==16921==    at 0x40238D0: memmove (mc_replace_strmem.c:514)
==16921==    by 0x44638C4: g_path_get_dirname
(in /usr/lib/libglib-2.0.so.0.1505.0)
==16921==    by 0x407D04A: s_page_goto (s_page.c:274)
==16921==    by 0x805B08F: g_keys_page_close (g_keys.c:307)
==16921==    by 0x40DC1B8: deval (eval.c:4122)
==16921==    by 0x40DD270: deval (eval.c:3384)
==16921==    by 0x40E1C79: scm_primitive_eval_x (eval.c:5906)
==16921==    by 0x4136307: inner_eval_string (strports.c:500)
==16921==    by 0x40E3A9D: scm_c_with_fluid (fluids.c:453)
==16921==    by 0x40FBFB4: scm_c_call_with_current_module (modules.c:91)
==16921==    by 0x4136560: scm_eval_string_in_module (strports.c:527)
==16921==    by 0x4136594: scm_eval_string (strports.c:535)
==16921==  Address 0x7E2D600 is 0 bytes inside a block of size 27 free'd
==16921==    at 0x402237F: free (vg_replace_malloc.c:233)
==16921==    by 0x44389C0: g_free (in /usr/lib/libglib-2.0.so.0.1505.0)
==16921==    by 0x407D2BB: s_page_delete (s_page.c:209)
==16921==    by 0x808CA63: x_window_close_page (x_window.c:1019)
==16921==    by 0x807B5C2: x_dialog_close_changed_page (x_dialog.c:3943)
==16921==    by 0x805B08F: g_keys_page_close (g_keys.c:307)
==16921==    by 0x40DC1B8: deval (eval.c:4122)
==16921==    by 0x40DD270: deval (eval.c:3384)
==16921==    by 0x40E1C79: scm_primitive_eval_x (eval.c:5906)
==16921==    by 0x4136307: inner_eval_string (strports.c:500)
==16921==    by 0x40E3A9D: scm_c_with_fluid (fluids.c:453)
==16921==    by 0x40FBFB4: scm_c_call_with_current_module (modules.c:91)
==16921== 
==16921== Invalid read of size 1
==16921==    at 0x40238DF: memmove (mc_replace_strmem.c:514)
==16921==    by 0x44638C4: g_path_get_dirname
(in /usr/lib/libglib-2.0.so.0.1505.0)
==16921==    by 0x407D04A: s_page_goto (s_page.c:274)
==16921==    by 0x805B08F: g_keys_page_close (g_keys.c:307)
==16921==    by 0x40DC1B8: deval (eval.c:4122)
==16921==    by 0x40DD270: deval (eval.c:3384)
==16921==    by 0x40E1C79: scm_primitive_eval_x (eval.c:5906)
==16921==    by 0x4136307: inner_eval_string (strports.c:500)
==16921==    by 0x40E3A9D: scm_c_with_fluid (fluids.c:453)
==16921==    by 0x40FBFB4: scm_c_call_with_current_module (modules.c:91)
==16921==    by 0x4136560: scm_eval_string_in_module (strports.c:527)
==16921==    by 0x4136594: scm_eval_string (strports.c:535)
==16921==  Address 0x7E2D602 is 2 bytes inside a block of size 27 free'd
==16921==    at 0x402237F: free (vg_replace_malloc.c:233)
==16921==    by 0x44389C0: g_free (in /usr/lib/libglib-2.0.so.0.1505.0)
==16921==    by 0x407D2BB: s_page_delete (s_page.c:209)
==16921==    by 0x808CA63: x_window_close_page (x_window.c:1019)
==16921==    by 0x807B5C2: x_dialog_close_changed_page (x_dialog.c:3943)
==16921==    by 0x805B08F: g_keys_page_close (g_keys.c:307)
==16921==    by 0x40DC1B8: deval (eval.c:4122)
==16921==    by 0x40DD270: deval (eval.c:3384)
==16921==    by 0x40E1C79: scm_primitive_eval_x (eval.c:5906)
==16921==    by 0x4136307: inner_eval_string (strports.c:500)
==16921==    by 0x40E3A9D: scm_c_with_fluid (fluids.c:453)
==16921==    by 0x40FBFB4: scm_c_call_with_current_module (modules.c:91)


-- 
Peter Clifton

Electrical Engineering Division,
Engineering Department,
University of Cambridge,
9, JJ Thomson Avenue,
Cambridge
CB3 0FA

Tel: +44 (0)7729 980173 - (No signal in the lab!)



_______________________________________________
geda-dev mailing list
[email protected]
http://www.seul.org/cgi-bin/mailman/listinfo/geda-dev

Reply via email to