[cairo] segfaults, invalid read/write using cairo-demos
Pierre-Alain Joye
pierre at dotgeek.org
Mon Feb 7 05:35:01 PST 2005
Hello,
During some tests, I got a segfault using cairo-demos/X11.
cairo-demo segfaults in each case (see valgrind output
cairo_demo.txt).
cairo-spline randomly (valgrin: cairo_spline.txt).
I do not have the time look deeper, but the errors seem to
be only in the matrix_transport_distance and matrix_transform_point
(with sideeffects in gstate).
Sorry to do not help more for now...
Regards,
--Pierre
-------------- next part --------------
==24154== Memcheck, a memory error detector for x86-linux.
==24154== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al.
==24154== Using valgrind-2.2.0, a program supervision framework for x86-linux.
==24154== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al.
==24154== For more details, rerun with: -v
==24154==
==24154== Invalid read of size 8
==24154== at 0x1B92A86C: INT_cairo_matrix_transform_distance (cairo_matrix.c:385)
==24154== by 0x1B929302: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2304)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== Address 0x1B96E5D4 is 4 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid read of size 8
==24154== at 0x1B92A870: INT_cairo_matrix_transform_distance (cairo_matrix.c:385)
==24154== by 0x1B929302: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2304)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== Address 0x1B96E5DC is 12 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid write of size 8
==24154== at 0x1B92A88F: INT_cairo_matrix_transform_distance (cairo_matrix.c:390)
==24154== by 0x1B929302: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2304)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== Address 0x1B96E5D4 is 4 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid write of size 8
==24154== at 0x1B92A891: INT_cairo_matrix_transform_distance (cairo_matrix.c:391)
==24154== by 0x1B929302: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2304)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== Address 0x1B96E5DC is 12 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid read of size 8
==24154== at 0x1B92A8B0: INT_cairo_matrix_transform_point (cairo_matrix.c:412)
==24154== by 0x1B929302: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2304)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== Address 0x1B96E5D4 is 4 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid write of size 8
==24154== at 0x1B92A8B2: INT_cairo_matrix_transform_point (cairo_matrix.c:412)
==24154== by 0x1B929302: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2304)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== Address 0x1B96E5D4 is 4 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid read of size 8
==24154== at 0x1B92A8BA: INT_cairo_matrix_transform_point (cairo_matrix.c:413)
==24154== by 0x1B929302: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2304)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== Address 0x1B96E5DC is 12 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid write of size 8
==24154== at 0x1B92A8BC: INT_cairo_matrix_transform_point (cairo_matrix.c:413)
==24154== by 0x1B929302: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2304)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== Address 0x1B96E5DC is 12 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid read of size 8
==24154== at 0x1B92930B: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2307)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== by 0x8048E37: main (cairo-demo.c:63)
==24154== Address 0x1B96E5D4 is 4 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid write of size 8
==24154== at 0x1B92930F: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2307)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== by 0x8048E37: main (cairo-demo.c:63)
==24154== Address 0x1B96E5D4 is 4 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid read of size 8
==24154== at 0x1B929318: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2308)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== by 0x8048E37: main (cairo-demo.c:63)
==24154== Address 0x1B96E5DC is 12 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid write of size 8
==24154== at 0x1B92931C: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2308)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== by 0x8048E37: main (cairo-demo.c:63)
==24154== Address 0x1B96E5DC is 12 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid read of size 4
==24154== at 0x1B929497: _cairo_gstate_show_glyphs (cairo_gstate.c:2368)
==24154== by 0x1B9248E8: cairo_show_text (cairo.c:1179)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== by 0x8048E37: main (cairo-demo.c:63)
==24154== Address 0x1B96E5D0 is 0 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid free() / delete / delete[]
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B9248D4: cairo_show_text (cairo.c:1183)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== by 0x8048E37: main (cairo-demo.c:63)
==24154== Address 0x1B96E5D0 is 0 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid read of size 8
==24154== at 0x1B92930B: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2307)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== by 0x8049922: win_handle_events (cairo-demo.c:442)
==24154== Address 0x1B9968A4 is 4 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid write of size 8
==24154== at 0x1B92930F: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2307)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== by 0x8049922: win_handle_events (cairo-demo.c:442)
==24154== Address 0x1B9968A4 is 4 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid read of size 8
==24154== at 0x1B929318: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2308)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== by 0x8049922: win_handle_events (cairo-demo.c:442)
==24154== Address 0x1B9968AC is 12 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid write of size 8
==24154== at 0x1B92931C: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2308)
==24154== by 0x1B9248A4: cairo_show_text (cairo.c:1170)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== by 0x8049922: win_handle_events (cairo-demo.c:442)
==24154== Address 0x1B9968AC is 12 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid read of size 4
==24154== at 0x1B929497: _cairo_gstate_show_glyphs (cairo_gstate.c:2368)
==24154== by 0x1B9248E8: cairo_show_text (cairo.c:1179)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== by 0x8049922: win_handle_events (cairo-demo.c:442)
==24154== Address 0x1B9968A0 is 0 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
==24154==
==24154== Invalid free() / delete / delete[]
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B9248D4: cairo_show_text (cairo.c:1183)
==24154== by 0x80494DB: win_draw (cairo-demo.c:249)
==24154== by 0x8049922: win_handle_events (cairo-demo.c:442)
==24154== Address 0x1B9968A0 is 0 bytes inside a block of size 240 free'd
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x1B932EE1: _cairo_ft_font_text_to_glyphs (cairo_ft_font.c:780)
==24154== by 0x1B925DD4: _cairo_font_text_to_glyphs (cairo_font.c:80)
==24154== by 0x1B9292A7: _cairo_gstate_text_to_glyphs (cairo_gstate.c:2293)
X connection to :0.0 broken (explicit kill or server shutdown).
==24154==
==24154== Invalid free() / delete / delete[]
==24154== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24154== by 0x7F066B: free_mem (in /lib/tls/libc-2.3.4.so)
==24154== by 0x7F00B1: __GI___libc_freeres (in /lib/tls/libc-2.3.4.so)
==24154== by 0x1B8FC9FC: _vgw(float, long double,...)(...)(long double,...)(short) (vg_intercept.c:117)
==24154== Address 0x1B952D50 is not stack'd, malloc'd or (recently) free'd
==24154==
==24154== ERROR SUMMARY: 2666 errors from 21 contexts (suppressed: 26 from 1)
==24154== malloc/free: in use at exit: 294187 bytes in 1311 blocks.
==24154== malloc/free: 18172 allocs, 16875 frees, 7230244 bytes allocated.
==24154== For a detailed leak analysis, rerun with: --leak-check=yes
==24154== For counts of detected errors, rerun with: -v
-------------- next part --------------
==24152== Memcheck, a memory error detector for x86-linux.
==24152== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al.
==24152== Using valgrind-2.2.0, a program supervision framework for x86-linux.
==24152== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al.
==24152== For more details, rerun with: -v
==24152==
==24152== Use of uninitialised value of size 8
==24152== at 0x1B92A86C: INT_cairo_matrix_transform_distance (cairo_matrix.c:385)
==24152== by 0x1B9271CD: _cairo_gstate_inverse_transform_point (cairo_gstate.c:709)
==24152== by 0x1B9237B6: cairo_inverse_transform_point (cairo.c:638)
==24152== by 0x8049150: draw_spline (cairo-spline.c:188)
==24152==
==24152== Use of uninitialised value of size 8
==24152== at 0x1B92A870: INT_cairo_matrix_transform_distance (cairo_matrix.c:385)
==24152== by 0x1B9271CD: _cairo_gstate_inverse_transform_point (cairo_gstate.c:709)
==24152== by 0x1B9237B6: cairo_inverse_transform_point (cairo.c:638)
==24152== by 0x8049150: draw_spline (cairo-spline.c:188)
X connection to :0.0 broken (explicit kill or server shutdown).
==24152==
==24152== Invalid free() / delete / delete[]
==24152== at 0x1B904FB1: free (vg_replace_malloc.c:153)
==24152== by 0x7F066B: free_mem (in /lib/tls/libc-2.3.4.so)
==24152== by 0x7F00B1: __GI___libc_freeres (in /lib/tls/libc-2.3.4.so)
==24152== by 0x1B8FC9FC: _vgw(float, long double,...)(...)(long double,...)(short) (vg_intercept.c:117)
==24152== Address 0x1B952D50 is not stack'd, malloc'd or (recently) free'd
==24152==
==24152== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 26 from 1)
==24152== malloc/free: in use at exit: 31616 bytes in 47 blocks.
==24152== malloc/free: 201 allocs, 155 frees, 128930 bytes allocated.
==24152== For a detailed leak analysis, rerun with: --leak-check=yes
==24152== For counts of detected errors, rerun with: -v
More information about the cairo
mailing list