Summary: | Cairo 1.3.14 deadlocks in cairo_scaled_font_glyph_extents or _cairo_ft_unscaled_font_lock_face | ||
---|---|---|---|
Product: | cairo | Reporter: | Jonathan Briggs <zlynx> |
Component: | freetype font backend | Assignee: | Carl Worth <cworth> |
Status: | RESOLVED FIXED | QA Contact: | cairo-bugs mailing list <cairo-bugs> |
Severity: | blocker | ||
Priority: | medium | CC: | ghepeu |
Version: | 1.3.14 | ||
Hardware: | x86-64 (AMD64) | ||
OS: | Linux (All) | ||
Whiteboard: | |||
i915 platform: | i915 features: | ||
Attachments: |
Add code to debug mutex deadlocks
strace output gdb backtrace patch FIX: Implement CAIRO_MUTEX_INIT with memcpy instead of pthread_mutex_init |
Description
Jonathan Briggs
2007-02-19 17:43:10 UTC
I'm experiencing the same problem here (I'm using Gentoo, too) but with gimp 2.3.14. When I simply launch "gimp" everything works, when I launch "gimp filename" it hangs when it loads the modules. Backtrace is pretty much the same. Created attachment 8847 [details] [review] Add code to debug mutex deadlocks I've failed to replicate this bug with either pinentry or gimp. Perhaps there's something gentoo- or AMD64-specific happening here? I've also audited all the scaled_font->mutex locks (there really aren't that many---see below) and I haven't found anywhere that allows a return from a cairo function with the lock held, (which would be required to cause a single-threaded application to deadlock as in the given stacktrace). So I'm a bit stumped on this one right now. But if you can still replicate it, perhaps you can provide some more information. I've attached a patch which attempts to print the filename and line of the original lock that is leading to the deadlock. Can you please recompile cairo 1.3.14 with this patch applied and report back what it prints? Thank you, -Carl $ grep 'MUTEX_.*LOCK.*font->mutex' src/*.c src/cairo-paginated-surface.c: CAIRO_MUTEX_UNLOCK (scaled_font->mutex); src/cairo-paginated-surface.c: CAIRO_MUTEX_LOCK (scaled_font->mutex); src/cairo-scaled-font.c: CAIRO_MUTEX_LOCK (scaled_font->mutex); src/cairo-scaled-font.c: CAIRO_MUTEX_UNLOCK (scaled_font->mutex); src/cairo-scaled-font.c: CAIRO_MUTEX_LOCK (scaled_font->mutex); src/cairo-scaled-font.c: CAIRO_MUTEX_UNLOCK (scaled_font->mutex); src/cairo-surface.c: CAIRO_MUTEX_LOCK (dev_scaled_font->mutex); src/cairo-surface.c: CAIRO_MUTEX_UNLOCK (dev_scaled_font->mutex); src/test-meta-surface.c: CAIRO_MUTEX_UNLOCK (scaled_font->mutex); src/test-meta-surface.c: CAIRO_MUTEX_LOCK (scaled_font->mutex); src/test-paginated-surface.c: CAIRO_MUTEX_UNLOCK (scaled_font->mutex); src/test-paginated-surface.c: CAIRO_MUTEX_LOCK (scaled_font->mutex); Created attachment 8849 [details]
strace output
I applied the patch but I'm not receiving any supplemental output on console. I attached to this comment the output of "strace gimp filename.jpg".
Some more informations: I'm using Gentoo 32 bit on a AMD Athlon64 cpu, so the amd64 architecture shouldn't be the problem. My system is pretty much updated (kernel 2.6.20, gcc 4.1.1, glibc 2.5, xorg 7.2) but I'm still using freetype 2.1.10; I'll try to upgrade it later to see if that is the problem.
Created attachment 8850 [details]
gdb backtrace
This is the gdb backtrace obtained with pango and cairo recompiled with CFLAGS="-D_GNU_SOURCE -march=athlon64 -O0 -ggdb -pipe
Ok, I've upgraded to freetype 2.3.1 and now I get this: ghepeu@KazeNoTani Desktop $ gimp altan.jpg This is a development version of GIMP. Debug messages may appear here. gimp: pthread_mutex_lock.c:82: __pthread_mutex_lock: Asserzione `mutex->__data.__owner == 0' fallita. gimp: terminated: Abortito "Asserzione fallita" means "Assertion failed" More interesting: when I launched gimp with LC_ALL="C" to get the English output, gimp started without problems. My default locale is it_IT.utf8, and with that locale the bug is always reproducible. If I use "en_US.utf8" gimp works again; I can't try other locales here. (In reply to comment #3) > I applied the patch but I'm not receiving any supplemental output on console. That makes sense, because according to the backtrace you're showing here, you are hitting a different deadlock. Could you follow the additions in that patch to instrument =_cairo_ft_unscaled_font_lock_face to add the same kind of printing-on-deadlock that I added to cairo_scaled_font_glyph_extents in the patch? And then let me know what you get? Thanks, -Carl Created attachment 8862 [details] [review] patch I still can't get any output. However, I don't really know C, so it is probable that I made a mistake when I adapted the patch. Attached there's what I managed to do. (In reply to comment #7) > I still can't get any output. However, I don't really know C, so it is probable > that I made a mistake when I adapted the patch. Attached there's what I managed > to do. The patch looks correct. But if you can't get the automatic printing to work, the patch should still let you get the information you need. Just replicate the deadlock with the patch applied with the program running under gdb, interrupt the program, then at the gdb prompt type: print CAIRO_MUTEX_LOCK_FILE print CAIRO_MUTEX_LOCK_LINE and give me the results of that, (correlated with a stack trace showing the deadlock---which could be just a pointer to a stack trace already posted). -Carl Ok, this works: (gdb) print CAIRO_MUTEX_LOCK_FILE $1 = 0xa79c424c "cairo-scaled-font.c" (gdb) print CAIRO_MUTEX_LOCK_LINE $2 = 195 Relevant lines of the backtrace: #5 0xa7970753 in _cairo_ft_unscaled_font_lock_face (unscaled=0x84aad08) at cairo-ft-font.c:524 err = 0 font_map = (cairo_ft_unscaled_font_map_t *) 0x2c face = (FT_Face) 0x0 __PRETTY_FUNCTION__ = "_cairo_ft_unscaled_font_lock_face" #6 0xa7973ae9 in *INT_cairo_ft_scaled_font_lock_face (abstract_font=0x84ae650) at cairo-ft-font.c:2463 scaled_font = (cairo_ft_scaled_font_t *) 0x84ae650 face = (FT_Face) 0x8484258 The rest is equal to the one in comment #24. Putting _cairo_ft_unscaled_font_lock_face into the bug description as well. -Carl Here's the valgrind log from the case I found to trigger this bug (sysprof, start collecting data, hit profile and then try to save the data) warning: Inode mismatch for /usr/lib/libcairo.so.2.10.4 (disk: 2046693, memory: 2047788) ==575== ==575== Conditional jump or move depends on uninitialised value(s) ==575== at 0x35F216: pthread_mutex_lock (pthread_mutex_lock.c:46) ==575== by 0x1DB755: pthread_mutex_lock (forward.c:182) ==575== by 0x4052B42: _cairo_ft_unscaled_font_lock_face (cairo-ft-font.c:522) ==575== by 0x405602A: cairo_ft_scaled_font_lock_face (cairo-ft-font.c:2453) ==575== by 0x3C1B5A: pango_cairo_fc_font_lock_face (pangocairo-fcfont.c:272) ==575== by 0x35626D0: pango_fc_font_lock_face (pangofc-font.c:593) ==575== by 0x358445B: basic_engine_shape (basic-fc.c:331) ==575== by 0x3631BD9: _pango_engine_shape_shape (pango-engine.c:71) ==575== by 0x3642E66: pango_shape (shape.c:51) ==575== by 0x3635B49: shape_run (pango-layout.c:3020) ==575== by 0x36387F4: process_item (pango-layout.c:3112) ==575== by 0x3638D5C: pango_layout_check_lines (pango-layout.c:3349) ==575== by 0x36396E6: pango_layout_get_extents_internal (pango-layout.c:2318) ==575== by 0x363A715: pango_layout_get_pixel_extents (pango-layout.c:2520) ==575== by 0x5A51730: get_size (gtkcellrenderertext.c:1528) ==575== by 0x5A4A6A3: gtk_cell_renderer_get_size (gtkcellrenderer.c:507) ==575== by 0x5C17BB6: gtk_tree_view_column_cell_get_size (gtktreeviewcolumn.c:2579) ==575== by 0x5BFC68F: validate_row (gtktreeview.c:5527) ==575== by 0x5C00B07: do_validate_rows (gtktreeview.c:6102) ==575== by 0x5C09BC9: gtk_tree_view_size_request (gtktreeview.c:1984) ==575== by 0x4F59768: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==575== by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567) ==575== by 0x4F4CE7C: g_closure_invoke (gclosure.c:490) ==575== by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370) ==575== by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199) ==575== by 0x4F60CED: g_signal_emit_by_name (gsignal.c:2267) ==575== by 0x5B76BE5: do_size_request (gtksizegroup.c:592) ==575== by 0x5B76E39: _gtk_size_group_compute_requisition (gtksizegroup.c:792) ==575== by 0x5C2BD8B: gtk_widget_size_request (gtkwidget.c:2880) ==575== by 0x5B6B75E: gtk_scrolled_window_size_request (gtkscrolledwindow.c:1165) ==575== ==575== Conditional jump or move depends on uninitialised value(s) ==575== at 0x360315: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:34) ==575== by 0x3606EF: pthread_mutex_unlock (pthread_mutex_unlock.c:261) ==575== by 0x1DB795: pthread_mutex_unlock (forward.c:184) ==575== by 0x4056080: cairo_ft_scaled_font_lock_face (cairo-ft-font.c:2468) ==575== by 0x3C1B5A: pango_cairo_fc_font_lock_face (pangocairo-fcfont.c:272) ==575== by 0x35626D0: pango_fc_font_lock_face (pangofc-font.c:593) ==575== by 0x358445B: basic_engine_shape (basic-fc.c:331) ==575== by 0x3631BD9: _pango_engine_shape_shape (pango-engine.c:71) ==575== by 0x3642E66: pango_shape (shape.c:51) ==575== by 0x3635B49: shape_run (pango-layout.c:3020) ==575== by 0x36387F4: process_item (pango-layout.c:3112) ==575== by 0x3638D5C: pango_layout_check_lines (pango-layout.c:3349) ==575== by 0x36396E6: pango_layout_get_extents_internal (pango-layout.c:2318) ==575== by 0x363A715: pango_layout_get_pixel_extents (pango-layout.c:2520) ==575== by 0x5A51730: get_size (gtkcellrenderertext.c:1528) ==575== by 0x5A4A6A3: gtk_cell_renderer_get_size (gtkcellrenderer.c:507) ==575== by 0x5C17BB6: gtk_tree_view_column_cell_get_size (gtktreeviewcolumn.c:2579) ==575== by 0x5BFC68F: validate_row (gtktreeview.c:5527) ==575== by 0x5C00B07: do_validate_rows (gtktreeview.c:6102) ==575== by 0x5C09BC9: gtk_tree_view_size_request (gtktreeview.c:1984) ==575== by 0x4F59768: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==575== by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567) ==575== by 0x4F4CE7C: g_closure_invoke (gclosure.c:490) ==575== by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370) ==575== by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199) ==575== by 0x4F60CED: g_signal_emit_by_name (gsignal.c:2267) ==575== by 0x5B76BE5: do_size_request (gtksizegroup.c:592) ==575== by 0x5B76E39: _gtk_size_group_compute_requisition (gtksizegroup.c:792) ==575== by 0x5C2BD8B: gtk_widget_size_request (gtkwidget.c:2880) ==575== by 0x5B6B75E: gtk_scrolled_window_size_request (gtkscrolledwindow.c:1165) ==575== ==575== Conditional jump or move depends on uninitialised value(s) ==575== at 0x360315: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:34) ==575== by 0x3606EF: pthread_mutex_unlock (pthread_mutex_unlock.c:261) ==575== by 0x1DB795: pthread_mutex_unlock (forward.c:184) ==575== by 0x40560C7: cairo_ft_scaled_font_unlock_face (cairo-ft-font.c:2494) ==575== by 0x3C1B28: pango_cairo_fc_font_unlock_face (pangocairo-fcfont.c:283) ==575== by 0x3562654: pango_fc_font_unlock_face (pangofc-font.c:610) ==575== by 0x3568F0C: pango_ot_buffer_new (pango-ot-buffer.c:60) ==575== by 0x35844D8: basic_engine_shape (basic-fc.c:350) ==575== by 0x3631BD9: _pango_engine_shape_shape (pango-engine.c:71) ==575== by 0x3642E66: pango_shape (shape.c:51) ==575== by 0x3635B49: shape_run (pango-layout.c:3020) ==575== by 0x36387F4: process_item (pango-layout.c:3112) ==575== by 0x3638D5C: pango_layout_check_lines (pango-layout.c:3349) ==575== by 0x36396E6: pango_layout_get_extents_internal (pango-layout.c:2318) ==575== by 0x363A715: pango_layout_get_pixel_extents (pango-layout.c:2520) ==575== by 0x5A51730: get_size (gtkcellrenderertext.c:1528) ==575== by 0x5A4A6A3: gtk_cell_renderer_get_size (gtkcellrenderer.c:507) ==575== by 0x5C17BB6: gtk_tree_view_column_cell_get_size (gtktreeviewcolumn.c:2579) ==575== by 0x5BFC68F: validate_row (gtktreeview.c:5527) ==575== by 0x5C00B07: do_validate_rows (gtktreeview.c:6102) ==575== by 0x5C09BC9: gtk_tree_view_size_request (gtktreeview.c:1984) ==575== by 0x4F59768: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==575== by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567) ==575== by 0x4F4CE7C: g_closure_invoke (gclosure.c:490) ==575== by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370) ==575== by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199) ==575== by 0x4F60CED: g_signal_emit_by_name (gsignal.c:2267) ==575== by 0x5B76BE5: do_size_request (gtksizegroup.c:592) ==575== by 0x5B76E39: _gtk_size_group_compute_requisition (gtksizegroup.c:792) ==575== by 0x5C2BD8B: gtk_widget_size_request (gtkwidget.c:2880) ==575== ==575== Conditional jump or move depends on uninitialised value(s) ==575== at 0x360315: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:34) ==575== by 0x3606EF: pthread_mutex_unlock (pthread_mutex_unlock.c:261) ==575== by 0x1DB795: pthread_mutex_unlock (forward.c:184) ==575== by 0x4052D1D: _cairo_ft_unscaled_font_unlock_face (cairo-ft-font.c:576) ==575== by 0x40560D8: cairo_ft_scaled_font_unlock_face (cairo-ft-font.c:2496) ==575== by 0x3C1B28: pango_cairo_fc_font_unlock_face (pangocairo-fcfont.c:283) ==575== by 0x3562654: pango_fc_font_unlock_face (pangofc-font.c:610) ==575== by 0x3568F0C: pango_ot_buffer_new (pango-ot-buffer.c:60) ==575== by 0x35844D8: basic_engine_shape (basic-fc.c:350) ==575== by 0x3631BD9: _pango_engine_shape_shape (pango-engine.c:71) ==575== by 0x3642E66: pango_shape (shape.c:51) ==575== by 0x3635B49: shape_run (pango-layout.c:3020) ==575== by 0x36387F4: process_item (pango-layout.c:3112) ==575== by 0x3638D5C: pango_layout_check_lines (pango-layout.c:3349) ==575== by 0x36396E6: pango_layout_get_extents_internal (pango-layout.c:2318) ==575== by 0x363A715: pango_layout_get_pixel_extents (pango-layout.c:2520) ==575== by 0x5A51730: get_size (gtkcellrenderertext.c:1528) ==575== by 0x5A4A6A3: gtk_cell_renderer_get_size (gtkcellrenderer.c:507) ==575== by 0x5C17BB6: gtk_tree_view_column_cell_get_size (gtktreeviewcolumn.c:2579) ==575== by 0x5BFC68F: validate_row (gtktreeview.c:5527) ==575== by 0x5C00B07: do_validate_rows (gtktreeview.c:6102) ==575== by 0x5C09BC9: gtk_tree_view_size_request (gtktreeview.c:1984) ==575== by 0x4F59768: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==575== by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567) ==575== by 0x4F4CE7C: g_closure_invoke (gclosure.c:490) ==575== by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370) ==575== by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199) ==575== by 0x4F60CED: g_signal_emit_by_name (gsignal.c:2267) ==575== by 0x5B76BE5: do_size_request (gtksizegroup.c:592) ==575== by 0x5B76E39: _gtk_size_group_compute_requisition (gtksizegroup.c:792) ==575== ==575== Syscall param write(buf) points to uninitialised byte(s) ==575== at 0x1BFA7B: (within /lib/libc-2.5.90.so) ==575== by 0x28E70E: _X11TransWrite (Xtrans.c:900) ==575== by 0x294656: _XFlushInt (XlibInt.c:665) ==575== by 0x29472A: _XReply (XlibInt.c:1694) ==575== by 0x27A5C1: XInternAtom (IntAtom.c:185) ==575== by 0x5DC9B22: gdk_x11_atom_to_xatom_for_display (gdkproperty-x11.c:206) ==575== by 0x5DC9CB7: gdk_x11_get_xatom_by_name_for_display (gdkproperty-x11.c:456) ==575== by 0x5DCF2AC: gdk_window_set_type_hint (gdkwindow-x11.c:2235) ==575== by 0x5C3CC69: gtk_window_realize (gtkwindow.c:4360) ==575== by 0x4F5A0F8: g_cclosure_marshal_VOID__VOID (gmarshal.c:77) ==575== by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567) ==575== by 0x4F4CD9A: g_closure_invoke (gclosure.c:490) ==575== by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370) ==575== by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199) ==575== by 0x4F5EB18: g_signal_emit (gsignal.c:2243) ==575== by 0x5C2D659: gtk_widget_realize (gtkwidget.c:2498) ==575== by 0x5C3D31F: gtk_window_show (gtkwindow.c:4045) ==575== by 0x4F5A0F8: g_cclosure_marshal_VOID__VOID (gmarshal.c:77) ==575== by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567) ==575== by 0x4F4CD9A: g_closure_invoke (gclosure.c:490) ==575== by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370) ==575== by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199) ==575== by 0x4F5EB18: g_signal_emit (gsignal.c:2243) ==575== by 0x5C2E057: gtk_widget_show (gtkwidget.c:2224) ==575== by 0x5A8CD37: gtk_dialog_run (gtkdialog.c:967) ==575== by 0x805D8C1: on_save_as_clicked (sysprof.c:786) ==575== by 0x4F5A0F8: g_cclosure_marshal_VOID__VOID (gmarshal.c:77) ==575== by 0x4F4CD9A: g_closure_invoke (gclosure.c:490) ==575== by 0x4F5D432: signal_emit_unlocked_R (gsignal.c:2440) ==575== by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199) ==575== Address 0x40fc488 is 368 bytes inside a block of size 16,384 alloc'd ==575== at 0x4004874: calloc (vg_replace_malloc.c:391) ==575== by 0x27F3F6: XOpenDisplay (OpenDis.c:262) ==575== by 0x5DB21F1: gdk_display_open (gdkdisplay-x11.c:145) ==575== by 0x5D8FD1E: gdk_display_open_default_libgtk_only (gdk.c:278) ==575== by 0x5B0CBCE: gtk_init_check (gtkmain.c:889) ==575== by 0x5B0CC03: gtk_init (gtkmain.c:924) ==575== by 0x805C471: main (sysprof.c:1653) ==575== ==575== Syscall param writev(vector[...]) points to uninitialised byte(s) ==575== at 0x1C761E: writev (writev.c:46) ==575== by 0x28E97D: _X11TransSocketWritev (Xtranssock.c:2192) ==575== by 0x28E76E: _X11TransWritev (Xtrans.c:914) ==575== by 0x294498: _XSend (XlibInt.c:1427) ==575== by 0x2841AC: PutSubImage (PutImage.c:804) ==575== by 0x28437E: XPutImage (PutImage.c:1027) ==575== by 0x4F3ABDD: XcursorImageLoadCursor (cursor.c:585) ==575== by 0x4F3B7ED: XcursorImagesLoadCursors (cursor.c:684) ==575== by 0x4F3B919: XcursorImagesLoadCursor (cursor.c:703) ==575== by 0x4F3EF59: XcursorTryShapeCursor (xlib.c:110) ==575== by 0x26DC61: XCreateGlyphCursor (CrGlCur.c:175) ==575== by 0x26E0EC: XCreateFontCursor (Cursor.c:52) ==575== by 0x5DB1261: gdk_cursor_new_for_display (gdkcursor-x11.c:132) ==575== by 0x5AAA92E: set_busy_cursor (gtkfilechooserdefault.c:5901) ==575== by 0x5AAB002: gtk_file_chooser_default_update_current_folder (gtkfilechooserdefault.c:6660) ==575== by 0x5AA086A: _gtk_file_chooser_set_current_folder_path (gtkfilechooser.c:1081) ==575== by 0x5AA108B: gtk_file_chooser_set_current_folder (gtkfilechooser.c:677) ==575== by 0x5AB01ED: gtk_file_chooser_default_map (gtkfilechooserdefault.c:5724) ==575== by 0x4F5A0F8: g_cclosure_marshal_VOID__VOID (gmarshal.c:77) ==575== by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567) ==575== by 0x4F4CE7C: g_closure_invoke (gclosure.c:490) ==575== by 0x4F5D8C9: signal_emit_unlocked_R (gsignal.c:2370) ==575== by 0x4F5E956: g_signal_emit_valist (gsignal.c:2199) ==575== by 0x4F5EB18: g_signal_emit (gsignal.c:2243) ==575== by 0x5C2D8E0: gtk_widget_map (gtkwidget.c:2417) ==575== by 0x5A7DB64: gtk_container_map_child (gtkcontainer.c:2387) ==575== by 0x5A3FD1F: gtk_box_forall (gtkbox.c:670) ==575== by 0x5A7B45A: gtk_container_forall (gtkcontainer.c:1261) ==575== by 0x5A7DB1A: gtk_container_map (gtkcontainer.c:2395) ==575== by 0x4F5A0F8: g_cclosure_marshal_VOID__VOID (gmarshal.c:77) ==575== Address 0x40fc35d is 69 bytes inside a block of size 16,384 alloc'd ==575== at 0x4004874: calloc (vg_replace_malloc.c:391) ==575== by 0x27F3F6: XOpenDisplay (OpenDis.c:262) ==575== by 0x5DB21F1: gdk_display_open (gdkdisplay-x11.c:145) ==575== by 0x5D8FD1E: gdk_display_open_default_libgtk_only (gdk.c:278) ==575== by 0x5B0CBCE: gtk_init_check (gtkmain.c:889) ==575== by 0x5B0CC03: gtk_init (gtkmain.c:924) ==575== by 0x805C471: main (sysprof.c:1653) ==575== ==575== Conditional jump or move depends on uninitialised value(s) ==575== at 0x35F216: pthread_mutex_lock (pthread_mutex_lock.c:46) ==575== by 0x1DB755: pthread_mutex_lock (forward.c:182) ==575== by 0x4045EA4: _cairo_surface_show_glyphs (cairo-surface.c:1787) ==575== by 0x4036CC5: _cairo_gstate_show_glyphs (cairo-gstate.c:1503) ==575== by 0x402E56C: cairo_show_glyphs (cairo.c:2699) ==575== by 0x3C14D7: pango_cairo_renderer_draw_glyphs (pangocairo-render.c:260) ==575== by 0x363EA69: pango_renderer_draw_glyphs (pango-renderer.c:613) ==575== by 0x3C0A43: _pango_cairo_do_glyph_string (pangocairo-render.c:498) ==575== by 0x5D9AD97: gdk_pango_renderer_draw_glyphs (gdkpango.c:243) ==575== by 0x363EA69: pango_renderer_draw_glyphs (pango-renderer.c:613) ==575== by 0x363F0A2: pango_renderer_draw_layout_line (pango-renderer.c:544) ==575== by 0x363F409: pango_renderer_draw_layout (pango-renderer.c:184) ==575== by 0x5D99BFC: gdk_draw_layout_with_colors (gdkpango.c:1053) ==575== by 0x5D99EB4: gdk_draw_layout (gdkpango.c:1115) ==575== by 0x5B85D2F: gtk_default_draw_layout (gtkstyle.c:5081) ==575== by 0x5B821F8: gtk_paint_layout (gtkstyle.c:6355) ==575== by 0x5AFD86B: gtk_label_expose (gtklabel.c:2474) ==575== by 0x5B11BAF: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84) ==575== by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567) ==575== by 0x4F4CE7C: g_closure_invoke (gclosure.c:490) ==575== by 0x4F5DA82: signal_emit_unlocked_R (gsignal.c:2478) ==575== by 0x4F5E71E: g_signal_emit_valist (gsignal.c:2209) ==575== by 0x4F5EB18: g_signal_emit (gsignal.c:2243) ==575== by 0x5C26837: gtk_widget_event_internal (gtkwidget.c:3915) ==575== by 0x5A7AA06: gtk_container_propagate_expose (gtkcontainer.c:2461) ==575== by 0x5A7AA70: gtk_container_expose_child (gtkcontainer.c:2349) ==575== by 0x5A3FD1F: gtk_box_forall (gtkbox.c:670) ==575== by 0x5A7B45A: gtk_container_forall (gtkcontainer.c:1261) ==575== by 0x5A7B54E: gtk_container_expose (gtkcontainer.c:2372) ==575== by 0x5B11BAF: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84) ==575== ==575== Conditional jump or move depends on uninitialised value(s) ==575== at 0x360315: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:34) ==575== by 0x3606EF: pthread_mutex_unlock (pthread_mutex_unlock.c:261) ==575== by 0x1DB795: pthread_mutex_unlock (forward.c:184) ==575== by 0x4045F5B: _cairo_surface_show_glyphs (cairo-surface.c:1801) ==575== by 0x4036CC5: _cairo_gstate_show_glyphs (cairo-gstate.c:1503) ==575== by 0x402E56C: cairo_show_glyphs (cairo.c:2699) ==575== by 0x3C14D7: pango_cairo_renderer_draw_glyphs (pangocairo-render.c:260) ==575== by 0x363EA69: pango_renderer_draw_glyphs (pango-renderer.c:613) ==575== by 0x3C0A43: _pango_cairo_do_glyph_string (pangocairo-render.c:498) ==575== by 0x5D9AD97: gdk_pango_renderer_draw_glyphs (gdkpango.c:243) ==575== by 0x363EA69: pango_renderer_draw_glyphs (pango-renderer.c:613) ==575== by 0x363F0A2: pango_renderer_draw_layout_line (pango-renderer.c:544) ==575== by 0x363F409: pango_renderer_draw_layout (pango-renderer.c:184) ==575== by 0x5D99BFC: gdk_draw_layout_with_colors (gdkpango.c:1053) ==575== by 0x5D99EB4: gdk_draw_layout (gdkpango.c:1115) ==575== by 0x5B85D2F: gtk_default_draw_layout (gtkstyle.c:5081) ==575== by 0x5B821F8: gtk_paint_layout (gtkstyle.c:6355) ==575== by 0x5AFD86B: gtk_label_expose (gtklabel.c:2474) ==575== by 0x5B11BAF: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84) ==575== by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567) ==575== by 0x4F4CE7C: g_closure_invoke (gclosure.c:490) ==575== by 0x4F5DA82: signal_emit_unlocked_R (gsignal.c:2478) ==575== by 0x4F5E71E: g_signal_emit_valist (gsignal.c:2209) ==575== by 0x4F5EB18: g_signal_emit (gsignal.c:2243) ==575== by 0x5C26837: gtk_widget_event_internal (gtkwidget.c:3915) ==575== by 0x5A7AA06: gtk_container_propagate_expose (gtkcontainer.c:2461) ==575== by 0x5A7AA70: gtk_container_expose_child (gtkcontainer.c:2349) ==575== by 0x5A3FD1F: gtk_box_forall (gtkbox.c:670) ==575== by 0x5A7B45A: gtk_container_forall (gtkcontainer.c:1261) ==575== by 0x5A7B54E: gtk_container_expose (gtkcontainer.c:2372) ==575== ==575== Conditional jump or move depends on uninitialised value(s) ==575== at 0x35F216: pthread_mutex_lock (pthread_mutex_lock.c:46) ==575== by 0x1DB755: pthread_mutex_lock (forward.c:182) ==575== by 0x4040EA2: cairo_scaled_font_glyph_extents (cairo-scaled-font.c:723) ==575== by 0x3C1D7B: pango_cairo_fc_font_get_glyph_extents (pangocairo-fcfont.c:332) ==575== by 0x3629D1D: pango_font_get_glyph_extents (fonts.c:1317) ==575== by 0x3568999: pango_ot_buffer_output (pango-ot-buffer.c:333) ==575== by 0x35846D6: basic_engine_shape (basic-fc.c:402) ==575== by 0x3631BD9: _pango_engine_shape_shape (pango-engine.c:71) ==575== by 0x3642E66: pango_shape (shape.c:51) ==575== by 0x3635B49: shape_run (pango-layout.c:3020) ==575== by 0x36387F4: process_item (pango-layout.c:3112) ==575== by 0x3638D5C: pango_layout_check_lines (pango-layout.c:3349) ==575== by 0x36396E6: pango_layout_get_extents_internal (pango-layout.c:2318) ==575== by 0x363A715: pango_layout_get_pixel_extents (pango-layout.c:2520) ==575== by 0x5A51730: get_size (gtkcellrenderertext.c:1528) ==575== by 0x5A51B13: gtk_cell_renderer_text_render (gtkcellrenderertext.c:1612) ==575== by 0x5A4A573: gtk_cell_renderer_render (gtkcellrenderer.c:563) ==575== by 0x5C16D44: gtk_tree_view_column_cell_process_action (gtktreeviewcolumn.c:2769) ==575== by 0x5C17A28: _gtk_tree_view_column_cell_render (gtktreeviewcolumn.c:3102) ==575== by 0x5C11009: gtk_tree_view_expose (gtktreeview.c:4575) ==575== by 0x5B11BAF: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84) ==575== by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567) ==575== by 0x4F4CD9A: g_closure_invoke (gclosure.c:490) ==575== by 0x4F5DA82: signal_emit_unlocked_R (gsignal.c:2478) ==575== by 0x4F5E71E: g_signal_emit_valist (gsignal.c:2209) ==575== by 0x4F5EB18: g_signal_emit (gsignal.c:2243) ==575== by 0x5C26837: gtk_widget_event_internal (gtkwidget.c:3915) ==575== by 0x5B0C3A3: gtk_main_do_event (gtkmain.c:1527) ==575== by 0x5DA961E: gdk_window_process_updates_internal (gdkwindow.c:2333) ==575== by 0x5DA9866: gdk_window_process_all_updates (gdkwindow.c:2396) ==575== ==575== Conditional jump or move depends on uninitialised value(s) ==575== at 0x360315: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:34) ==575== by 0x3606EF: pthread_mutex_unlock (pthread_mutex_unlock.c:261) ==575== by 0x1DB795: pthread_mutex_unlock (forward.c:184) ==575== by 0x4041170: cairo_scaled_font_glyph_extents (cairo-scaled-font.c:797) ==575== by 0x3C1D7B: pango_cairo_fc_font_get_glyph_extents (pangocairo-fcfont.c:332) ==575== by 0x3629D1D: pango_font_get_glyph_extents (fonts.c:1317) ==575== by 0x3568999: pango_ot_buffer_output (pango-ot-buffer.c:333) ==575== by 0x35846D6: basic_engine_shape (basic-fc.c:402) ==575== by 0x3631BD9: _pango_engine_shape_shape (pango-engine.c:71) ==575== by 0x3642E66: pango_shape (shape.c:51) ==575== by 0x3635B49: shape_run (pango-layout.c:3020) ==575== by 0x36387F4: process_item (pango-layout.c:3112) ==575== by 0x3638D5C: pango_layout_check_lines (pango-layout.c:3349) ==575== by 0x36396E6: pango_layout_get_extents_internal (pango-layout.c:2318) ==575== by 0x363A715: pango_layout_get_pixel_extents (pango-layout.c:2520) ==575== by 0x5A51730: get_size (gtkcellrenderertext.c:1528) ==575== by 0x5A51B13: gtk_cell_renderer_text_render (gtkcellrenderertext.c:1612) ==575== by 0x5A4A573: gtk_cell_renderer_render (gtkcellrenderer.c:563) ==575== by 0x5C16D44: gtk_tree_view_column_cell_process_action (gtktreeviewcolumn.c:2769) ==575== by 0x5C17A28: _gtk_tree_view_column_cell_render (gtktreeviewcolumn.c:3102) ==575== by 0x5C11009: gtk_tree_view_expose (gtktreeview.c:4575) ==575== by 0x5B11BAF: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84) ==575== by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567) ==575== by 0x4F4CD9A: g_closure_invoke (gclosure.c:490) ==575== by 0x4F5DA82: signal_emit_unlocked_R (gsignal.c:2478) ==575== by 0x4F5E71E: g_signal_emit_valist (gsignal.c:2209) ==575== by 0x4F5EB18: g_signal_emit (gsignal.c:2243) ==575== by 0x5C26837: gtk_widget_event_internal (gtkwidget.c:3915) ==575== by 0x5B0C3A3: gtk_main_do_event (gtkmain.c:1527) ==575== by 0x5DA961E: gdk_window_process_updates_internal (gdkwindow.c:2333) ==575== ==575== Conditional jump or move depends on uninitialised value(s) ==575== at 0x35F216: pthread_mutex_lock (pthread_mutex_lock.c:46) ==575== by 0x1DB755: pthread_mutex_lock (forward.c:182) ==575== by 0x4052B42: _cairo_ft_unscaled_font_lock_face (cairo-ft-font.c:522) ==575== by 0x40551D5: _cairo_ft_scaled_glyph_init (cairo-ft-font.c:1784) ==575== by 0x4042480: _cairo_scaled_glyph_lookup (cairo-scaled-font.c:1438) ==575== by 0x4071121: _cairo_xlib_surface_emit_glyphs (cairo-xlib-surface.c:2679) ==575== by 0x40717C3: _cairo_xlib_surface_show_glyphs (cairo-xlib-surface.c:2903) ==575== by 0x4045F0E: _cairo_surface_show_glyphs (cairo-surface.c:1792) ==575== by 0x4036CC5: _cairo_gstate_show_glyphs (cairo-gstate.c:1503) ==575== by 0x402E56C: cairo_show_glyphs (cairo.c:2699) ==575== by 0x3C14D7: pango_cairo_renderer_draw_glyphs (pangocairo-render.c:260) ==575== by 0x363EA69: pango_renderer_draw_glyphs (pango-renderer.c:613) ==575== by 0x3C0A43: _pango_cairo_do_glyph_string (pangocairo-render.c:498) ==575== by 0x5D9AD97: gdk_pango_renderer_draw_glyphs (gdkpango.c:243) ==575== by 0x363EA69: pango_renderer_draw_glyphs (pango-renderer.c:613) ==575== by 0x363F0A2: pango_renderer_draw_layout_line (pango-renderer.c:544) ==575== by 0x363F409: pango_renderer_draw_layout (pango-renderer.c:184) ==575== by 0x5D99BFC: gdk_draw_layout_with_colors (gdkpango.c:1053) ==575== by 0x5D99EB4: gdk_draw_layout (gdkpango.c:1115) ==575== by 0x5B85D2F: gtk_default_draw_layout (gtkstyle.c:5081) ==575== by 0x5B821F8: gtk_paint_layout (gtkstyle.c:6355) ==575== by 0x5AFD86B: gtk_label_expose (gtklabel.c:2474) ==575== by 0x5B11BAF: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84) ==575== by 0x4F4B588: g_type_class_meta_marshal (gclosure.c:567) ==575== by 0x4F4CE7C: g_closure_invoke (gclosure.c:490) ==575== by 0x4F5DA82: signal_emit_unlocked_R (gsignal.c:2478) ==575== by 0x4F5E71E: g_signal_emit_valist (gsignal.c:2209) ==575== by 0x4F5EB18: g_signal_emit (gsignal.c:2243) ==575== by 0x5C26837: gtk_widget_event_internal (gtkwidget.c:3915) ==575== by 0x5A7AA06: gtk_container_propagate_expose (gtkcontainer.c:2461) Created attachment 8941 [details] [review] FIX: Implement CAIRO_MUTEX_INIT with memcpy instead of pthread_mutex_init I'm happy to report that we've got a fix for this, (many thanks to Kjartan Maraas for giving me access to his machine so I could replicate the bug and confirm the fix). And thanks also to Ray Strode for confirming the diagnosis and providing a very elucidating test program demonstrating the problem with dynamic loading. For anyone's interest, the bug came about due to an optimized implementation of the pthread interface for non-threaded applications (implemented via weak symbols---in glibc I believe). The idea is that if the application does not link with -lpthread then you get implementations of the pthread mutex functions that do nothing, (since no locking is needed), allowing non-threaded functions to have no overhead. What was happening in this bug was that cairo would call pthread_mutex_init to intialize a mutex, (but this function would do nothing). Then, something would dynamically load a module which would cause pthread to be linked in, (note: someone should chase that down in GNOME to see if it's coming in needlessly). Finally, cairo would call a now-non-NOP version of pthread_mutex_lock with the uninitialized mutex object and things would go south. The fix is as simple as using memcpy of PTHREAD_MUTEX_INTIALIZER rather than using pthread_mutex_init() to initialize the mutex. I've attached a patch to implement the fix. I've also pushed this out to cairo's central repository so that it will be there for the (imminent!) cairo 1.4 release. See here: http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=d48bb4fbe876a93199ba48fcf5f32734fbe18ba9 Thanks again to everyone for the reports and the patience, -Carl |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.