Bug 10035

Summary: Cairo 1.3.14 deadlocks in cairo_scaled_font_glyph_extents or _cairo_ft_unscaled_font_lock_face
Product: cairo Reporter: Jonathan Briggs <zlynx>
Component: freetype font backendAssignee: Carl Worth <cworth>
Status: RESOLVED FIXED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: blocker    
Priority: medium CC: ghepeu
Version: 1.3.14   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: Add code to debug mutex deadlocks
strace output
gdb backtrace
patch
FIX: Implement CAIRO_MUTEX_INIT with memcpy instead of pthread_mutex_init

Description Jonathan Briggs 2007-02-19 17:43:10 UTC
The situation is that my Gentoo installed 1.3.14 today, and now I can't use GPG.  Yay for the cutting edge. :)

The program called "pinentry" is where I see the problem.  I believe that you can get it from ftp://ftp.gnupg.org/gcrypt/pinentry/ if you don't have it.

strace reveals the commands sent to pinentry, and indeed, they cause the freeze for me.  Here they are:
OPTION grab
OPTION ttyname=/dev/pts/4
OPTION ttytype=xterm
OPTION lc-ctype=en_US.utf8
OPTION lc-messages=en_US.utf8
SETDESC You need a passphrase to unlock the secret key for user:%0A\"Zan Lynx <zlynx@acm.org>\"%0A2048-bit ELG key, ID 3DD9237B, created 2002-04-01 (main key ID E2D35B08)%0A
SETPROMPT Passphrase
GETPIN

Run pinentry and feed those in stdin.

Here is the GDB backtrace of the deadlock:
#0  0x000000317fc0c288 in __lll_mutex_lock_wait () from /lib/libpthread.so.0
#1  0x000000317fc084b4 in _L_mutex_lock_97 () from /lib/libpthread.so.0
#2  0x000000317fc07f75 in __pthread_mutex_lock (mutex=0x73ab10) at pthread_mutex_lock.c:81
#3  0x00002abf5c6f04de in cairo_scaled_font_glyph_extents () from /usr/lib/libcairo.so.2
#4  0x00002abf5c280f89 in pango_cairo_fc_font_get_glyph_extents () from /usr/lib/libpangocairo-1.0.so.0
#5  0x00002abf5c97eedc in pango_ot_buffer_output () from /usr/lib/libpangoft2-1.0.so.0
#6  0x00002abf5e7528cf in basic_engine_shape () from /usr/lib64/pango/1.5.0/modules/pango-basic-fc.so
#7  0x00002abf5c4acc65 in pango_shape () from /usr/lib/libpango-1.0.so.0
#8  0x00002abf5c49f946 in shape_run () from /usr/lib/libpango-1.0.so.0
#9  0x00002abf5c49ffec in process_item () from /usr/lib/libpango-1.0.so.0
#10 0x00002abf5c4a2dac in pango_layout_check_lines () from /usr/lib/libpango-1.0.so.0
#11 0x00002abf5c4a360d in pango_layout_get_extents_internal () from /usr/lib/libpango-1.0.so.0
#12 0x00000033f0720ae5 in gtk_label_size_request (widget=0x6759d0, requisition=0x675a08) at gtklabel.c:2117
#13 0x0000003184c0bb03 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#14 0x0000003184c1bf5e in signal_emit_unlocked_R () from /usr/lib/libgobject-2.0.so.0
#15 0x0000003184c1d68f in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#16 0x0000003184c20940 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#17 0x00000033f078eb3f in _gtk_size_group_compute_requisition (widget=0x6759d0, requisition=0x7fff4e85b740) at gtksizegroup.c:792
#18 0x00000033f06f7a01 in gtk_hbox_size_request (widget=0x640a80, requisition=0x640ab8) at gtkhbox.c:97
#19 0x0000003184c0bb03 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#20 0x0000003184c1bf5e in signal_emit_unlocked_R () from /usr/lib/libgobject-2.0.so.0
#21 0x0000003184c1d68f in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#22 0x0000003184c20940 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#23 0x00000033f078eb3f in _gtk_size_group_compute_requisition (widget=0x640a80, requisition=0x7fff4e85bdb0) at gtksizegroup.c:792
#24 0x00000033f066d219 in gtk_alignment_size_request (widget=0x642510, requisition=0x642548) at gtkalignment.c:430
#25 0x0000003184c0bb03 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#26 0x0000003184c1bf5e in signal_emit_unlocked_R () from /usr/lib/libgobject-2.0.so.0
#27 0x0000003184c1d68f in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#28 0x0000003184c20940 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#29 0x00000033f078eb3f in _gtk_size_group_compute_requisition (widget=0x642510, requisition=0x7fff4e85c420) at gtksizegroup.c:792
#30 0x00000033f06793ba in gtk_button_size_request (widget=0x6700b0, requisition=0x6700e8) at gtkbutton.c:1129
#31 0x0000003184c0bb03 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#32 0x0000003184c1bf5e in signal_emit_unlocked_R () from /usr/lib/libgobject-2.0.so.0
#33 0x0000003184c1d68f in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#34 0x0000003184c20940 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#35 0x00000033f078eb3f in _gtk_size_group_compute_requisition (widget=0x6700b0, requisition=0x7fff4e85cac0) at gtksizegroup.c:792
#36 0x00000033f0672388 in _gtk_button_box_child_requisition (widget=<value optimized out>, nvis_children=0x7fff4e85cb34, 
    nvis_secondaries=0x0, width=0x7fff4e85cb30, height=0x7fff4e85cb2c) at gtkbbox.c:454
#37 0x00000033f06f7158 in gtk_hbutton_box_size_request (widget=0x73ab10, requisition=0x6425e8) at gtkhbbox.c:129
#38 0x0000003184c0bb03 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#39 0x0000003184c1bf5e in signal_emit_unlocked_R () from /usr/lib/libgobject-2.0.so.0
#40 0x0000003184c1d68f in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#41 0x0000003184c20940 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#42 0x00000033f078eb3f in _gtk_size_group_compute_requisition (widget=0x6425b0, requisition=0x7fff4e85d180) at gtksizegroup.c:792
#43 0x00000033f0828cb1 in gtk_vbox_size_request (widget=0x640880, requisition=0x6408b8) at gtkvbox.c:95
#44 0x0000003184c0bb03 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#45 0x0000003184c1bf5e in signal_emit_unlocked_R () from /usr/lib/libgobject-2.0.so.0
#46 0x0000003184c1d68f in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#47 0x0000003184c20940 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#48 0x00000033f078eb3f in _gtk_size_group_compute_requisition (widget=0x640880, requisition=0x7fff4e85d7f0) at gtksizegroup.c:792
#49 0x00000033f0837998 in gtk_window_size_request (widget=<value optimized out>, requisition=0x6560b8) at gtkwindow.c:4445
#50 0x0000003184c0ba4a in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#51 0x0000003184c1bf5e in signal_emit_unlocked_R () from /usr/lib/libgobject-2.0.so.0
#52 0x0000003184c1d68f in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#53 0x0000003184c20940 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#54 0x00000033f078eb3f in _gtk_size_group_compute_requisition (widget=0x656080, requisition=0x0) at gtksizegroup.c:792
#55 0x00000033f0837d33 in gtk_window_compute_configure_request (window=0x656080, request=0x7fff4e85dfa0, geometry=0x7fff4e85df60, 
    flags=0x7fff4e85dfcc) at gtkwindow.c:5298
#56 0x00000033f0840071 in gtk_window_show (widget=0x656080) at gtkwindow.c:4022
#57 0x0000003184c0ba4a in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#58 0x0000003184c1bf5e in signal_emit_unlocked_R () from /usr/lib/libgobject-2.0.so.0
#59 0x0000003184c1d68f in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#60 0x0000003184c1d8d3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#61 0x00000033f0832ff0 in IA__gtk_widget_show (widget=0x656080) at gtkwidget.c:2224
#62 0x0000000000407691 in gtk_cmd_handler ()
#63 0x000000000040e528 in cmd_getpin ()
#64 0x0000000000410b50 in process_request ()
#65 0x0000000000410dfc in assuan_process ()
#66 0x000000000040e3ed in pinentry_loop ()
#67 0x0000000000407bdb in main ()
#68 0x000000317f01d944 in __libc_start_main (main=0x407b90 <main>, argc=3, ubp_av=0x7fff4e85e928, init=<value optimized out>, 
    fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fff4e85e918) at libc-start.c:238
#69 0x0000000000406f49 in _start ()
Comment 1 Giacomo Perale 2007-02-22 16:37:11 UTC
I'm experiencing the same problem here (I'm using Gentoo, too) but with gimp 2.3.14. When I simply launch "gimp" everything works, when I launch "gimp filename" it hangs when it loads the modules. Backtrace is pretty much the same.
Comment 2 Carl Worth 2007-02-25 17:41:19 UTC
Created attachment 8847 [details] [review]
Add code to debug mutex deadlocks

I've failed to replicate this bug with either pinentry or gimp. Perhaps
there's something gentoo- or AMD64-specific happening here?

I've also audited all the scaled_font->mutex locks (there really aren't
that many---see below) and I haven't found anywhere that allows a return
from a cairo function with the lock held, (which would be required to
cause a single-threaded application to deadlock as in the given stacktrace).

So I'm a bit stumped on this one right now. But if you can still replicate
it, perhaps you can provide some more information. I've attached a patch
which attempts to print the filename and line of the original lock that is
leading to the deadlock.

Can you please recompile cairo 1.3.14 with this patch applied and report
back what it prints?

Thank you,

-Carl

$ grep 'MUTEX_.*LOCK.*font->mutex' src/*.c
src/cairo-paginated-surface.c:    CAIRO_MUTEX_UNLOCK (scaled_font->mutex);
src/cairo-paginated-surface.c:    CAIRO_MUTEX_LOCK (scaled_font->mutex);
src/cairo-scaled-font.c:    CAIRO_MUTEX_LOCK (scaled_font->mutex);
src/cairo-scaled-font.c:    CAIRO_MUTEX_UNLOCK (scaled_font->mutex);
src/cairo-scaled-font.c:    CAIRO_MUTEX_LOCK (scaled_font->mutex);
src/cairo-scaled-font.c:    CAIRO_MUTEX_UNLOCK (scaled_font->mutex);
src/cairo-surface.c:    CAIRO_MUTEX_LOCK (dev_scaled_font->mutex);
src/cairo-surface.c:    CAIRO_MUTEX_UNLOCK (dev_scaled_font->mutex);
src/test-meta-surface.c:    CAIRO_MUTEX_UNLOCK (scaled_font->mutex);
src/test-meta-surface.c:    CAIRO_MUTEX_LOCK (scaled_font->mutex);
src/test-paginated-surface.c:    CAIRO_MUTEX_UNLOCK (scaled_font->mutex);
src/test-paginated-surface.c:    CAIRO_MUTEX_LOCK (scaled_font->mutex);
Comment 3 Giacomo Perale 2007-02-26 01:35:55 UTC
Created attachment 8849 [details]
strace output

I applied the patch but I'm not receiving any supplemental output on console. I attached to this comment the output of "strace gimp filename.jpg".

Some more informations: I'm using Gentoo 32 bit on a AMD Athlon64 cpu, so the amd64 architecture shouldn't be the problem. My system is pretty much updated (kernel 2.6.20, gcc 4.1.1, glibc 2.5, xorg 7.2) but I'm still using freetype 2.1.10; I'll try to upgrade it later to see if that is the problem.
Comment 4 Giacomo Perale 2007-02-26 01:39:18 UTC
Created attachment 8850 [details]
gdb backtrace

This is the gdb backtrace obtained with pango and cairo recompiled with CFLAGS="-D_GNU_SOURCE -march=athlon64 -O0 -ggdb -pipe
Comment 5 Giacomo Perale 2007-02-26 02:01:35 UTC
Ok, I've upgraded to freetype 2.3.1 and now I get this:

ghepeu@KazeNoTani Desktop $ gimp altan.jpg 
This is a development version of GIMP.  Debug messages may appear here.

gimp: pthread_mutex_lock.c:82: __pthread_mutex_lock: Asserzione `mutex->__data.__owner == 0' fallita.
gimp: terminated: Abortito

"Asserzione fallita" means "Assertion failed"

More interesting: when I launched gimp with LC_ALL="C" to get the English output, gimp started without problems.
My default locale is it_IT.utf8, and with that locale the bug is always reproducible. If I use "en_US.utf8" gimp works again; I can't try other locales here.
Comment 6 Carl Worth 2007-02-26 16:10:40 UTC
(In reply to comment #3)
> I applied the patch but I'm not receiving any supplemental output on console. 

That makes sense, because according to the backtrace you're showing here, you are hitting a different deadlock. Could you follow the additions in that patch to instrument =_cairo_ft_unscaled_font_lock_face to add the same kind of printing-on-deadlock that I added to cairo_scaled_font_glyph_extents in the patch?

And then let me know what you get?

Thanks,

-Carl
Comment 7 Giacomo Perale 2007-02-26 16:51:26 UTC
Created attachment 8862 [details] [review]
patch

I still can't get any output. However, I don't really know C, so it is probable that I made a mistake when I adapted the patch. Attached there's what I managed to do.
Comment 8 Carl Worth 2007-02-26 16:57:10 UTC
(In reply to comment #7)
> I still can't get any output. However, I don't really know C, so it is probable
> that I made a mistake when I adapted the patch. Attached there's what I managed
> to do.

The patch looks correct.

But if you can't get the automatic printing to work, the patch should still let you get the information you need. Just replicate the deadlock with the patch applied with the program running under gdb, interrupt the program, then at the gdb prompt type:

    print CAIRO_MUTEX_LOCK_FILE
    print CAIRO_MUTEX_LOCK_LINE

and give me the results of that, (correlated with a stack trace showing the deadlock---which could be just a pointer to a stack trace already posted).

-Carl


Comment 9 Giacomo Perale 2007-02-26 17:12:11 UTC
Ok, this works:

(gdb) print CAIRO_MUTEX_LOCK_FILE
$1 = 0xa79c424c "cairo-scaled-font.c"
(gdb) print CAIRO_MUTEX_LOCK_LINE
$2 = 195

Relevant lines of the backtrace:

#5  0xa7970753 in _cairo_ft_unscaled_font_lock_face (unscaled=0x84aad08)
    at cairo-ft-font.c:524
        err = 0
        font_map = (cairo_ft_unscaled_font_map_t *) 0x2c
        face = (FT_Face) 0x0
        __PRETTY_FUNCTION__ = "_cairo_ft_unscaled_font_lock_face"
#6  0xa7973ae9 in *INT_cairo_ft_scaled_font_lock_face (abstract_font=0x84ae650)
    at cairo-ft-font.c:2463
        scaled_font = (cairo_ft_scaled_font_t *) 0x84ae650
        face = (FT_Face) 0x8484258

The rest is equal to the one in comment #24.
Comment 10 Carl Worth 2007-02-28 10:21:01 UTC
Putting _cairo_ft_unscaled_font_lock_face into the bug description as well.

-Carl
Comment 11 Kjartan Maraas 2007-02-28 14:46:40 UTC
Here's the valgrind log from the case I found to trigger this bug (sysprof, start collecting data, hit profile and then try to save the data)

warning: Inode mismatch for /usr/lib/libcairo.so.2.10.4 (disk: 2046693, memory: 2047788)
==575== 
==575== Conditional jump or move depends on uninitialised value(s)
==575==    at 0x35F216: pthread_mutex_lock (pthread_mutex_lock.c:46)
==575==    by 0x1DB755: pthread_mutex_lock (forward.c:182)
==575==    by 0x4052B42: _cairo_ft_unscaled_font_lock_face (cairo-ft-font.c:522)
==575==    by 0x405602A: cairo_ft_scaled_font_lock_face (cairo-ft-font.c:2453)
==575==    by 0x3C1B5A: pango_cairo_fc_font_lock_face (pangocairo-fcfont.c:272)
==575==    by 0x35626D0: pango_fc_font_lock_face (pangofc-font.c:593)
==575==    by 0x358445B: basic_engine_shape (basic-fc.c:331)
==575==    by 0x3631BD9: _pango_engine_shape_shape (pango-engine.c:71)
==575==    by 0x3642E66: pango_shape (shape.c:51)
==575==    by 0x3635B49: shape_run (pango-layout.c:3020)
==575==    by 0x36387F4: process_item (pango-layout.c:3112)
==575==    by 0x3638D5C: pango_layout_check_lines (pango-layout.c:3349)
==575==    by 0x36396E6: pango_layout_get_extents_internal (pango-layout.c:2318)
==575==    by 0x363A715: pango_layout_get_pixel_extents (pango-layout.c:2520)
==575==    by 0x5A51730: get_size (gtkcellrenderertext.c:1528)
==575==    by 0x5A4A6A3: gtk_cell_renderer_get_size (gtkcellrenderer.c:507)
==575==    by 0x5C17BB6: gtk_tree_view_column_cell_get_size (gtktreeviewcolumn.c:2579)
==575==    by 0x5BFC68F: validate_row (gtktreeview.c:5527)
==575==    by 0x5C00B07: do_validate_rows (gtktreeview.c:6102)
==575==    by 0x5C09BC9: gtk_tree_view_size_request (gtktreeview.c:1984)
==575==    by 0x4F59768: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566)
==575==    by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567)
==575==    by 0x4F4CE7C: g_closure_invoke (gclosure.c:490)
==575==    by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370)
==575==    by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199)
==575==    by 0x4F60CED: g_signal_emit_by_name (gsignal.c:2267)
==575==    by 0x5B76BE5: do_size_request (gtksizegroup.c:592)
==575==    by 0x5B76E39: _gtk_size_group_compute_requisition (gtksizegroup.c:792)
==575==    by 0x5C2BD8B: gtk_widget_size_request (gtkwidget.c:2880)
==575==    by 0x5B6B75E: gtk_scrolled_window_size_request (gtkscrolledwindow.c:1165)
==575== 
==575== Conditional jump or move depends on uninitialised value(s)
==575==    at 0x360315: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:34)
==575==    by 0x3606EF: pthread_mutex_unlock (pthread_mutex_unlock.c:261)
==575==    by 0x1DB795: pthread_mutex_unlock (forward.c:184)
==575==    by 0x4056080: cairo_ft_scaled_font_lock_face (cairo-ft-font.c:2468)
==575==    by 0x3C1B5A: pango_cairo_fc_font_lock_face (pangocairo-fcfont.c:272)
==575==    by 0x35626D0: pango_fc_font_lock_face (pangofc-font.c:593)
==575==    by 0x358445B: basic_engine_shape (basic-fc.c:331)
==575==    by 0x3631BD9: _pango_engine_shape_shape (pango-engine.c:71)
==575==    by 0x3642E66: pango_shape (shape.c:51)
==575==    by 0x3635B49: shape_run (pango-layout.c:3020)
==575==    by 0x36387F4: process_item (pango-layout.c:3112)
==575==    by 0x3638D5C: pango_layout_check_lines (pango-layout.c:3349)
==575==    by 0x36396E6: pango_layout_get_extents_internal (pango-layout.c:2318)
==575==    by 0x363A715: pango_layout_get_pixel_extents (pango-layout.c:2520)
==575==    by 0x5A51730: get_size (gtkcellrenderertext.c:1528)
==575==    by 0x5A4A6A3: gtk_cell_renderer_get_size (gtkcellrenderer.c:507)
==575==    by 0x5C17BB6: gtk_tree_view_column_cell_get_size (gtktreeviewcolumn.c:2579)
==575==    by 0x5BFC68F: validate_row (gtktreeview.c:5527)
==575==    by 0x5C00B07: do_validate_rows (gtktreeview.c:6102)
==575==    by 0x5C09BC9: gtk_tree_view_size_request (gtktreeview.c:1984)
==575==    by 0x4F59768: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566)
==575==    by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567)
==575==    by 0x4F4CE7C: g_closure_invoke (gclosure.c:490)
==575==    by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370)
==575==    by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199)
==575==    by 0x4F60CED: g_signal_emit_by_name (gsignal.c:2267)
==575==    by 0x5B76BE5: do_size_request (gtksizegroup.c:592)
==575==    by 0x5B76E39: _gtk_size_group_compute_requisition (gtksizegroup.c:792)
==575==    by 0x5C2BD8B: gtk_widget_size_request (gtkwidget.c:2880)
==575==    by 0x5B6B75E: gtk_scrolled_window_size_request (gtkscrolledwindow.c:1165)
==575== 
==575== Conditional jump or move depends on uninitialised value(s)
==575==    at 0x360315: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:34)
==575==    by 0x3606EF: pthread_mutex_unlock (pthread_mutex_unlock.c:261)
==575==    by 0x1DB795: pthread_mutex_unlock (forward.c:184)
==575==    by 0x40560C7: cairo_ft_scaled_font_unlock_face (cairo-ft-font.c:2494)
==575==    by 0x3C1B28: pango_cairo_fc_font_unlock_face (pangocairo-fcfont.c:283)
==575==    by 0x3562654: pango_fc_font_unlock_face (pangofc-font.c:610)
==575==    by 0x3568F0C: pango_ot_buffer_new (pango-ot-buffer.c:60)
==575==    by 0x35844D8: basic_engine_shape (basic-fc.c:350)
==575==    by 0x3631BD9: _pango_engine_shape_shape (pango-engine.c:71)
==575==    by 0x3642E66: pango_shape (shape.c:51)
==575==    by 0x3635B49: shape_run (pango-layout.c:3020)
==575==    by 0x36387F4: process_item (pango-layout.c:3112)
==575==    by 0x3638D5C: pango_layout_check_lines (pango-layout.c:3349)
==575==    by 0x36396E6: pango_layout_get_extents_internal (pango-layout.c:2318)
==575==    by 0x363A715: pango_layout_get_pixel_extents (pango-layout.c:2520)
==575==    by 0x5A51730: get_size (gtkcellrenderertext.c:1528)
==575==    by 0x5A4A6A3: gtk_cell_renderer_get_size (gtkcellrenderer.c:507)
==575==    by 0x5C17BB6: gtk_tree_view_column_cell_get_size (gtktreeviewcolumn.c:2579)
==575==    by 0x5BFC68F: validate_row (gtktreeview.c:5527)
==575==    by 0x5C00B07: do_validate_rows (gtktreeview.c:6102)
==575==    by 0x5C09BC9: gtk_tree_view_size_request (gtktreeview.c:1984)
==575==    by 0x4F59768: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566)
==575==    by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567)
==575==    by 0x4F4CE7C: g_closure_invoke (gclosure.c:490)
==575==    by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370)
==575==    by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199)
==575==    by 0x4F60CED: g_signal_emit_by_name (gsignal.c:2267)
==575==    by 0x5B76BE5: do_size_request (gtksizegroup.c:592)
==575==    by 0x5B76E39: _gtk_size_group_compute_requisition (gtksizegroup.c:792)
==575==    by 0x5C2BD8B: gtk_widget_size_request (gtkwidget.c:2880)
==575== 
==575== Conditional jump or move depends on uninitialised value(s)
==575==    at 0x360315: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:34)
==575==    by 0x3606EF: pthread_mutex_unlock (pthread_mutex_unlock.c:261)
==575==    by 0x1DB795: pthread_mutex_unlock (forward.c:184)
==575==    by 0x4052D1D: _cairo_ft_unscaled_font_unlock_face (cairo-ft-font.c:576)
==575==    by 0x40560D8: cairo_ft_scaled_font_unlock_face (cairo-ft-font.c:2496)
==575==    by 0x3C1B28: pango_cairo_fc_font_unlock_face (pangocairo-fcfont.c:283)
==575==    by 0x3562654: pango_fc_font_unlock_face (pangofc-font.c:610)
==575==    by 0x3568F0C: pango_ot_buffer_new (pango-ot-buffer.c:60)
==575==    by 0x35844D8: basic_engine_shape (basic-fc.c:350)
==575==    by 0x3631BD9: _pango_engine_shape_shape (pango-engine.c:71)
==575==    by 0x3642E66: pango_shape (shape.c:51)
==575==    by 0x3635B49: shape_run (pango-layout.c:3020)
==575==    by 0x36387F4: process_item (pango-layout.c:3112)
==575==    by 0x3638D5C: pango_layout_check_lines (pango-layout.c:3349)
==575==    by 0x36396E6: pango_layout_get_extents_internal (pango-layout.c:2318)
==575==    by 0x363A715: pango_layout_get_pixel_extents (pango-layout.c:2520)
==575==    by 0x5A51730: get_size (gtkcellrenderertext.c:1528)
==575==    by 0x5A4A6A3: gtk_cell_renderer_get_size (gtkcellrenderer.c:507)
==575==    by 0x5C17BB6: gtk_tree_view_column_cell_get_size (gtktreeviewcolumn.c:2579)
==575==    by 0x5BFC68F: validate_row (gtktreeview.c:5527)
==575==    by 0x5C00B07: do_validate_rows (gtktreeview.c:6102)
==575==    by 0x5C09BC9: gtk_tree_view_size_request (gtktreeview.c:1984)
==575==    by 0x4F59768: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566)
==575==    by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567)
==575==    by 0x4F4CE7C: g_closure_invoke (gclosure.c:490)
==575==    by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370)
==575==    by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199)
==575==    by 0x4F60CED: g_signal_emit_by_name (gsignal.c:2267)
==575==    by 0x5B76BE5: do_size_request (gtksizegroup.c:592)
==575==    by 0x5B76E39: _gtk_size_group_compute_requisition (gtksizegroup.c:792)
==575== 
==575== Syscall param write(buf) points to uninitialised byte(s)
==575==    at 0x1BFA7B: (within /lib/libc-2.5.90.so)
==575==    by 0x28E70E: _X11TransWrite (Xtrans.c:900)
==575==    by 0x294656: _XFlushInt (XlibInt.c:665)
==575==    by 0x29472A: _XReply (XlibInt.c:1694)
==575==    by 0x27A5C1: XInternAtom (IntAtom.c:185)
==575==    by 0x5DC9B22: gdk_x11_atom_to_xatom_for_display (gdkproperty-x11.c:206)
==575==    by 0x5DC9CB7: gdk_x11_get_xatom_by_name_for_display (gdkproperty-x11.c:456)
==575==    by 0x5DCF2AC: gdk_window_set_type_hint (gdkwindow-x11.c:2235)
==575==    by 0x5C3CC69: gtk_window_realize (gtkwindow.c:4360)
==575==    by 0x4F5A0F8: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
==575==    by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567)
==575==    by 0x4F4CD9A: g_closure_invoke (gclosure.c:490)
==575==    by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370)
==575==    by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199)
==575==    by 0x4F5EB18: g_signal_emit (gsignal.c:2243)
==575==    by 0x5C2D659: gtk_widget_realize (gtkwidget.c:2498)
==575==    by 0x5C3D31F: gtk_window_show (gtkwindow.c:4045)
==575==    by 0x4F5A0F8: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
==575==    by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567)
==575==    by 0x4F4CD9A: g_closure_invoke (gclosure.c:490)
==575==    by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370)
==575==    by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199)
==575==    by 0x4F5EB18: g_signal_emit (gsignal.c:2243)
==575==    by 0x5C2E057: gtk_widget_show (gtkwidget.c:2224)
==575==    by 0x5A8CD37: gtk_dialog_run (gtkdialog.c:967)
==575==    by 0x805D8C1: on_save_as_clicked (sysprof.c:786)
==575==    by 0x4F5A0F8: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
==575==    by 0x4F4CD9A: g_closure_invoke (gclosure.c:490)
==575==    by 0x4F5D432: signal_emit_unlocked_R (gsignal.c:2440)
==575==    by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199)
==575==  Address 0x40fc488 is 368 bytes inside a block of size 16,384 alloc'd
==575==    at 0x4004874: calloc (vg_replace_malloc.c:391)
==575==    by 0x27F3F6: XOpenDisplay (OpenDis.c:262)
==575==    by 0x5DB21F1: gdk_display_open (gdkdisplay-x11.c:145)
==575==    by 0x5D8FD1E: gdk_display_open_default_libgtk_only (gdk.c:278)
==575==    by 0x5B0CBCE: gtk_init_check (gtkmain.c:889)
==575==    by 0x5B0CC03: gtk_init (gtkmain.c:924)
==575==    by 0x805C471: main (sysprof.c:1653)
==575== 
==575== Syscall param writev(vector[...]) points to uninitialised byte(s)
==575==    at 0x1C761E: writev (writev.c:46)
==575==    by 0x28E97D: _X11TransSocketWritev (Xtranssock.c:2192)
==575==    by 0x28E76E: _X11TransWritev (Xtrans.c:914)
==575==    by 0x294498: _XSend (XlibInt.c:1427)
==575==    by 0x2841AC: PutSubImage (PutImage.c:804)
==575==    by 0x28437E: XPutImage (PutImage.c:1027)
==575==    by 0x4F3ABDD: XcursorImageLoadCursor (cursor.c:585)
==575==    by 0x4F3B7ED: XcursorImagesLoadCursors (cursor.c:684)
==575==    by 0x4F3B919: XcursorImagesLoadCursor (cursor.c:703)
==575==    by 0x4F3EF59: XcursorTryShapeCursor (xlib.c:110)
==575==    by 0x26DC61: XCreateGlyphCursor (CrGlCur.c:175)
==575==    by 0x26E0EC: XCreateFontCursor (Cursor.c:52)
==575==    by 0x5DB1261: gdk_cursor_new_for_display (gdkcursor-x11.c:132)
==575==    by 0x5AAA92E: set_busy_cursor (gtkfilechooserdefault.c:5901)
==575==    by 0x5AAB002: gtk_file_chooser_default_update_current_folder (gtkfilechooserdefault.c:6660)
==575==    by 0x5AA086A: _gtk_file_chooser_set_current_folder_path (gtkfilechooser.c:1081)
==575==    by 0x5AA108B: gtk_file_chooser_set_current_folder (gtkfilechooser.c:677)
==575==    by 0x5AB01ED: gtk_file_chooser_default_map (gtkfilechooserdefault.c:5724)
==575==    by 0x4F5A0F8: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
==575==    by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567)
==575==    by 0x4F4CE7C: g_closure_invoke (gclosure.c:490)
==575==    by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370)
==575==    by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199)
==575==    by 0x4F5EB18: g_signal_emit (gsignal.c:2243)
==575==    by 0x5C2D8E0: gtk_widget_map (gtkwidget.c:2417)
==575==    by 0x5A7DB64: gtk_container_map_child (gtkcontainer.c:2387)
==575==    by 0x5A3FD1F: gtk_box_forall (gtkbox.c:670)
==575==    by 0x5A7B45A: gtk_container_forall (gtkcontainer.c:1261)
==575==    by 0x5A7DB1A: gtk_container_map (gtkcontainer.c:2395)
==575==    by 0x4F5A0F8: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
==575==  Address 0x40fc35d is 69 bytes inside a block of size 16,384 alloc'd
==575==    at 0x4004874: calloc (vg_replace_malloc.c:391)
==575==    by 0x27F3F6: XOpenDisplay (OpenDis.c:262)
==575==    by 0x5DB21F1: gdk_display_open (gdkdisplay-x11.c:145)
==575==    by 0x5D8FD1E: gdk_display_open_default_libgtk_only (gdk.c:278)
==575==    by 0x5B0CBCE: gtk_init_check (gtkmain.c:889)
==575==    by 0x5B0CC03: gtk_init (gtkmain.c:924)
==575==    by 0x805C471: main (sysprof.c:1653)
==575== 
==575== Conditional jump or move depends on uninitialised value(s)
==575==    at 0x35F216: pthread_mutex_lock (pthread_mutex_lock.c:46)
==575==    by 0x1DB755: pthread_mutex_lock (forward.c:182)
==575==    by 0x4045EA4: _cairo_surface_show_glyphs (cairo-surface.c:1787)
==575==    by 0x4036CC5: _cairo_gstate_show_glyphs (cairo-gstate.c:1503)
==575==    by 0x402E56C: cairo_show_glyphs (cairo.c:2699)
==575==    by 0x3C14D7: pango_cairo_renderer_draw_glyphs (pangocairo-render.c:260)
==575==    by 0x363EA69: pango_renderer_draw_glyphs (pango-renderer.c:613)
==575==    by 0x3C0A43: _pango_cairo_do_glyph_string (pangocairo-render.c:498)
==575==    by 0x5D9AD97: gdk_pango_renderer_draw_glyphs (gdkpango.c:243)
==575==    by 0x363EA69: pango_renderer_draw_glyphs (pango-renderer.c:613)
==575==    by 0x363F0A2: pango_renderer_draw_layout_line (pango-renderer.c:544)
==575==    by 0x363F409: pango_renderer_draw_layout (pango-renderer.c:184)
==575==    by 0x5D99BFC: gdk_draw_layout_with_colors (gdkpango.c:1053)
==575==    by 0x5D99EB4: gdk_draw_layout (gdkpango.c:1115)
==575==    by 0x5B85D2F: gtk_default_draw_layout (gtkstyle.c:5081)
==575==    by 0x5B821F8: gtk_paint_layout (gtkstyle.c:6355)
==575==    by 0x5AFD86B: gtk_label_expose (gtklabel.c:2474)
==575==    by 0x5B11BAF: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84)
==575==    by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567)
==575==    by 0x4F4CE7C: g_closure_invoke (gclosure.c:490)
==575==    by 0x4F5DA82: signal_emit_unlocked_R (gsignal.c:2478)
==575==    by 0x4F5E71E: g_signal_emit_valist (gsignal.c:2209)
==575==    by 0x4F5EB18: g_signal_emit (gsignal.c:2243)
==575==    by 0x5C26837: gtk_widget_event_internal (gtkwidget.c:3915)
==575==    by 0x5A7AA06: gtk_container_propagate_expose (gtkcontainer.c:2461)
==575==    by 0x5A7AA70: gtk_container_expose_child (gtkcontainer.c:2349)
==575==    by 0x5A3FD1F: gtk_box_forall (gtkbox.c:670)
==575==    by 0x5A7B45A: gtk_container_forall (gtkcontainer.c:1261)
==575==    by 0x5A7B54E: gtk_container_expose (gtkcontainer.c:2372)
==575==    by 0x5B11BAF: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84)
==575== 
==575== Conditional jump or move depends on uninitialised value(s)
==575==    at 0x360315: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:34)
==575==    by 0x3606EF: pthread_mutex_unlock (pthread_mutex_unlock.c:261)
==575==    by 0x1DB795: pthread_mutex_unlock (forward.c:184)
==575==    by 0x4045F5B: _cairo_surface_show_glyphs (cairo-surface.c:1801)
==575==    by 0x4036CC5: _cairo_gstate_show_glyphs (cairo-gstate.c:1503)
==575==    by 0x402E56C: cairo_show_glyphs (cairo.c:2699)
==575==    by 0x3C14D7: pango_cairo_renderer_draw_glyphs (pangocairo-render.c:260)
==575==    by 0x363EA69: pango_renderer_draw_glyphs (pango-renderer.c:613)
==575==    by 0x3C0A43: _pango_cairo_do_glyph_string (pangocairo-render.c:498)
==575==    by 0x5D9AD97: gdk_pango_renderer_draw_glyphs (gdkpango.c:243)
==575==    by 0x363EA69: pango_renderer_draw_glyphs (pango-renderer.c:613)
==575==    by 0x363F0A2: pango_renderer_draw_layout_line (pango-renderer.c:544)
==575==    by 0x363F409: pango_renderer_draw_layout (pango-renderer.c:184)
==575==    by 0x5D99BFC: gdk_draw_layout_with_colors (gdkpango.c:1053)
==575==    by 0x5D99EB4: gdk_draw_layout (gdkpango.c:1115)
==575==    by 0x5B85D2F: gtk_default_draw_layout (gtkstyle.c:5081)
==575==    by 0x5B821F8: gtk_paint_layout (gtkstyle.c:6355)
==575==    by 0x5AFD86B: gtk_label_expose (gtklabel.c:2474)
==575==    by 0x5B11BAF: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84)
==575==    by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567)
==575==    by 0x4F4CE7C: g_closure_invoke (gclosure.c:490)
==575==    by 0x4F5DA82: signal_emit_unlocked_R (gsignal.c:2478)
==575==    by 0x4F5E71E: g_signal_emit_valist (gsignal.c:2209)
==575==    by 0x4F5EB18: g_signal_emit (gsignal.c:2243)
==575==    by 0x5C26837: gtk_widget_event_internal (gtkwidget.c:3915)
==575==    by 0x5A7AA06: gtk_container_propagate_expose (gtkcontainer.c:2461)
==575==    by 0x5A7AA70: gtk_container_expose_child (gtkcontainer.c:2349)
==575==    by 0x5A3FD1F: gtk_box_forall (gtkbox.c:670)
==575==    by 0x5A7B45A: gtk_container_forall (gtkcontainer.c:1261)
==575==    by 0x5A7B54E: gtk_container_expose (gtkcontainer.c:2372)
==575== 
==575== Conditional jump or move depends on uninitialised value(s)
==575==    at 0x35F216: pthread_mutex_lock (pthread_mutex_lock.c:46)
==575==    by 0x1DB755: pthread_mutex_lock (forward.c:182)
==575==    by 0x4040EA2: cairo_scaled_font_glyph_extents (cairo-scaled-font.c:723)
==575==    by 0x3C1D7B: pango_cairo_fc_font_get_glyph_extents (pangocairo-fcfont.c:332)
==575==    by 0x3629D1D: pango_font_get_glyph_extents (fonts.c:1317)
==575==    by 0x3568999: pango_ot_buffer_output (pango-ot-buffer.c:333)
==575==    by 0x35846D6: basic_engine_shape (basic-fc.c:402)
==575==    by 0x3631BD9: _pango_engine_shape_shape (pango-engine.c:71)
==575==    by 0x3642E66: pango_shape (shape.c:51)
==575==    by 0x3635B49: shape_run (pango-layout.c:3020)
==575==    by 0x36387F4: process_item (pango-layout.c:3112)
==575==    by 0x3638D5C: pango_layout_check_lines (pango-layout.c:3349)
==575==    by 0x36396E6: pango_layout_get_extents_internal (pango-layout.c:2318)
==575==    by 0x363A715: pango_layout_get_pixel_extents (pango-layout.c:2520)
==575==    by 0x5A51730: get_size (gtkcellrenderertext.c:1528)
==575==    by 0x5A51B13: gtk_cell_renderer_text_render (gtkcellrenderertext.c:1612)
==575==    by 0x5A4A573: gtk_cell_renderer_render (gtkcellrenderer.c:563)
==575==    by 0x5C16D44: gtk_tree_view_column_cell_process_action (gtktreeviewcolumn.c:2769)
==575==    by 0x5C17A28: _gtk_tree_view_column_cell_render (gtktreeviewcolumn.c:3102)
==575==    by 0x5C11009: gtk_tree_view_expose (gtktreeview.c:4575)
==575==    by 0x5B11BAF: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84)
==575==    by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567)
==575==    by 0x4F4CD9A: g_closure_invoke (gclosure.c:490)
==575==    by 0x4F5DA82: signal_emit_unlocked_R (gsignal.c:2478)
==575==    by 0x4F5E71E: g_signal_emit_valist (gsignal.c:2209)
==575==    by 0x4F5EB18: g_signal_emit (gsignal.c:2243)
==575==    by 0x5C26837: gtk_widget_event_internal (gtkwidget.c:3915)
==575==    by 0x5B0C3A3: gtk_main_do_event (gtkmain.c:1527)
==575==    by 0x5DA961E: gdk_window_process_updates_internal (gdkwindow.c:2333)
==575==    by 0x5DA9866: gdk_window_process_all_updates (gdkwindow.c:2396)
==575== 
==575== Conditional jump or move depends on uninitialised value(s)
==575==    at 0x360315: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:34)
==575==    by 0x3606EF: pthread_mutex_unlock (pthread_mutex_unlock.c:261)
==575==    by 0x1DB795: pthread_mutex_unlock (forward.c:184)
==575==    by 0x4041170: cairo_scaled_font_glyph_extents (cairo-scaled-font.c:797)
==575==    by 0x3C1D7B: pango_cairo_fc_font_get_glyph_extents (pangocairo-fcfont.c:332)
==575==    by 0x3629D1D: pango_font_get_glyph_extents (fonts.c:1317)
==575==    by 0x3568999: pango_ot_buffer_output (pango-ot-buffer.c:333)
==575==    by 0x35846D6: basic_engine_shape (basic-fc.c:402)
==575==    by 0x3631BD9: _pango_engine_shape_shape (pango-engine.c:71)
==575==    by 0x3642E66: pango_shape (shape.c:51)
==575==    by 0x3635B49: shape_run (pango-layout.c:3020)
==575==    by 0x36387F4: process_item (pango-layout.c:3112)
==575==    by 0x3638D5C: pango_layout_check_lines (pango-layout.c:3349)
==575==    by 0x36396E6: pango_layout_get_extents_internal (pango-layout.c:2318)
==575==    by 0x363A715: pango_layout_get_pixel_extents (pango-layout.c:2520)
==575==    by 0x5A51730: get_size (gtkcellrenderertext.c:1528)
==575==    by 0x5A51B13: gtk_cell_renderer_text_render (gtkcellrenderertext.c:1612)
==575==    by 0x5A4A573: gtk_cell_renderer_render (gtkcellrenderer.c:563)
==575==    by 0x5C16D44: gtk_tree_view_column_cell_process_action (gtktreeviewcolumn.c:2769)
==575==    by 0x5C17A28: _gtk_tree_view_column_cell_render (gtktreeviewcolumn.c:3102)
==575==    by 0x5C11009: gtk_tree_view_expose (gtktreeview.c:4575)
==575==    by 0x5B11BAF: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84)
==575==    by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567)
==575==    by 0x4F4CD9A: g_closure_invoke (gclosure.c:490)
==575==    by 0x4F5DA82: signal_emit_unlocked_R (gsignal.c:2478)
==575==    by 0x4F5E71E: g_signal_emit_valist (gsignal.c:2209)
==575==    by 0x4F5EB18: g_signal_emit (gsignal.c:2243)
==575==    by 0x5C26837: gtk_widget_event_internal (gtkwidget.c:3915)
==575==    by 0x5B0C3A3: gtk_main_do_event (gtkmain.c:1527)
==575==    by 0x5DA961E: gdk_window_process_updates_internal (gdkwindow.c:2333)
==575== 
==575== Conditional jump or move depends on uninitialised value(s)
==575==    at 0x35F216: pthread_mutex_lock (pthread_mutex_lock.c:46)
==575==    by 0x1DB755: pthread_mutex_lock (forward.c:182)
==575==    by 0x4052B42: _cairo_ft_unscaled_font_lock_face (cairo-ft-font.c:522)
==575==    by 0x40551D5: _cairo_ft_scaled_glyph_init (cairo-ft-font.c:1784)
==575==    by 0x4042480: _cairo_scaled_glyph_lookup (cairo-scaled-font.c:1438)
==575==    by 0x4071121: _cairo_xlib_surface_emit_glyphs (cairo-xlib-surface.c:2679)
==575==    by 0x40717C3: _cairo_xlib_surface_show_glyphs (cairo-xlib-surface.c:2903)
==575==    by 0x4045F0E: _cairo_surface_show_glyphs (cairo-surface.c:1792)
==575==    by 0x4036CC5: _cairo_gstate_show_glyphs (cairo-gstate.c:1503)
==575==    by 0x402E56C: cairo_show_glyphs (cairo.c:2699)
==575==    by 0x3C14D7: pango_cairo_renderer_draw_glyphs (pangocairo-render.c:260)
==575==    by 0x363EA69: pango_renderer_draw_glyphs (pango-renderer.c:613)
==575==    by 0x3C0A43: _pango_cairo_do_glyph_string (pangocairo-render.c:498)
==575==    by 0x5D9AD97: gdk_pango_renderer_draw_glyphs (gdkpango.c:243)
==575==    by 0x363EA69: pango_renderer_draw_glyphs (pango-renderer.c:613)
==575==    by 0x363F0A2: pango_renderer_draw_layout_line (pango-renderer.c:544)
==575==    by 0x363F409: pango_renderer_draw_layout (pango-renderer.c:184)
==575==    by 0x5D99BFC: gdk_draw_layout_with_colors (gdkpango.c:1053)
==575==    by 0x5D99EB4: gdk_draw_layout (gdkpango.c:1115)
==575==    by 0x5B85D2F: gtk_default_draw_layout (gtkstyle.c:5081)
==575==    by 0x5B821F8: gtk_paint_layout (gtkstyle.c:6355)
==575==    by 0x5AFD86B: gtk_label_expose (gtklabel.c:2474)
==575==    by 0x5B11BAF: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84)
==575==    by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567)
==575==    by 0x4F4CE7C: g_closure_invoke (gclosure.c:490)
==575==    by 0x4F5DA82: signal_emit_unlocked_R (gsignal.c:2478)
==575==    by 0x4F5E71E: g_signal_emit_valist (gsignal.c:2209)
==575==    by 0x4F5EB18: g_signal_emit (gsignal.c:2243)
==575==    by 0x5C26837: gtk_widget_event_internal (gtkwidget.c:3915)
==575==    by 0x5A7AA06: gtk_container_propagate_expose (gtkcontainer.c:2461)
Comment 12 Carl Worth 2007-03-02 00:00:32 UTC
Created attachment 8941 [details] [review]
FIX: Implement CAIRO_MUTEX_INIT with memcpy instead of pthread_mutex_init

I'm happy to report that we've got a fix for this, (many thanks to Kjartan Maraas  for giving me access to his machine so I could replicate the bug and confirm the fix). And thanks also to Ray Strode for confirming the diagnosis and providing a very elucidating test program demonstrating the problem with dynamic loading.

For anyone's interest, the bug came about due to an optimized implementation of the pthread interface for non-threaded applications (implemented via weak symbols---in glibc I believe). The idea is that if the application does not link with -lpthread then you get implementations of the pthread mutex functions that do nothing, (since no locking is needed), allowing non-threaded functions to have no overhead.

What was happening in this bug was that cairo would call pthread_mutex_init to intialize a mutex, (but this function would do nothing). Then, something would dynamically load a module which would cause pthread to be linked in, (note: someone should chase that down in GNOME to see if it's coming in needlessly). Finally, cairo would call a now-non-NOP version of pthread_mutex_lock with the uninitialized mutex object and things would go south.

The fix is as simple as using memcpy of PTHREAD_MUTEX_INTIALIZER rather than using pthread_mutex_init() to initialize the mutex.

I've attached a patch to implement the fix. I've also pushed this out to cairo's central repository so that it will be there for the (imminent!) cairo 1.4 release. See here:

http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=d48bb4fbe876a93199ba48fcf5f32734fbe18ba9

Thanks again to everyone for the reports and the patience,

-Carl

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.