Bugs item #3093811, was opened at 2010-10-23 17:42
Message generated for change (Comment added) made by waker
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3093811&group_id=976
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: libcurl
Group: crash
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: waker (waker)
Assigned to: Daniel Stenberg (bagder)
Summary: random segfault
Initial Comment:
curl/libcurl version 7.21.2
OS version: arch linux (latest)
random crash started to happen after upgrade to 7.21.2
there's seems to be a regression, downgrading to 7.21.1 fixes the problem
bracktrace reported by a user of my app (below)
there is only one thread running which uses libcurl.
#4-#6 seem weird, because my mutex_unlock function shouldn't call Curl_resolv_timeout
http_curl_control function is a callback for CURLOPT_PROGRESSFUNCTION
it only calls curl_easy_getinfo
if you need more info - please let me know.
Program received signal SIGSEGV, Segmentation fault.
0xb764602b in addbyter () from /usr/lib/libcurl.so.4
(gdb) bt
#0 0xb764602b in addbyter () from /usr/lib/libcurl.so.4
#1 0xb764528f in dprintf_formatf () from /usr/lib/libcurl.so.4
#2 0xb764609e in curl_mvsnprintf () from /usr/lib/libcurl.so.4
#3 0xb762f927 in Curl_failf () from /usr/lib/libcurl.so.4
#4 0xb7623e2f in Curl_resolv_timeout () from /usr/lib/libcurl.so.4
#5 0x08058271 in mutex_unlock (_mtx=136059256) at threading_pthread.c:152
#6 0xb557cbb9 in http_curl_control (stream=0xbb8, dltotal=5.0893833312885161e-270, dlnow=1.9354898159419373e-317,
ultotal=-1.0003725070461691e-51, ulnow=0) at vfs_curl.c:470
#7 0xb557bce7 in http_curl_write_wrapper (fp=0x833e800, ptr=0x838a2e0, size=15361) at vfs_curl.c:129
#8 0xb557c499 in http_curl_write (ptr=0x8388108, size=1, nmemb=16384, stream=0x833e800) at vfs_curl.c:295
#9 0xb762ff61 in Curl_client_write () from /usr/lib/libcurl.so.4
#10 0xb764a611 in readwrite_data () from /usr/lib/libcurl.so.4
#11 0xb764adf5 in Curl_readwrite () from /usr/lib/libcurl.so.4
#12 0xb764b89d in Transfer () from /usr/lib/libcurl.so.4
#13 0xb764c653 in Curl_do_perform () from /usr/lib/libcurl.so.4
#14 0xb764c8db in Curl_perform () from /usr/lib/libcurl.so.4
#15 0xb764d10e in curl_easy_perform () from /usr/lib/libcurl.so.4
#16 0xb557d0cf in http_thread_func (ctx=0x833e800) at vfs_curl.c:556
#17 0xb7e12e60 in start_thread () from /lib/libpthread.so.0
#18 0xb7d8ffbe in clone () from /lib/libc.so.6
----------------------------------------------------------------------
>Comment By: waker (waker)
Date: 2010-10-23 18:15
Message:
i asked the user to run it through valgrind, and here's what we get
please notice invalid reads and writes caused by libcurl. usually that
means memtrash bugs.
==29393== Memcheck, a memory error detector
==29393== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==29393== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright
info
==29393== Command: deadbeef
==29393==
starting deadbeef devel
plug: mutex_create
loading plugins from /usr/lib/deadbeef
loading plugin aac.so
loading plugin adplug.so
loading plugin alsa.so
loading plugin ao.so
loading plugin artwork.so
loading plugin cdda.so
loading plugin dca.so
loading plugin dumb.so
loading plugin ffap.so
loading plugin ffmpeg.so
loading plugin flac.so
loading plugin gme.so
loading plugin gtkui.so
loading plugin hotkeys.so
loading plugin lastfm.so
loading plugin mms.so
loading plugin mpgmad.so
loading plugin musepack.so
loading plugin notify.so
loading plugin nullout.so
loading plugin oss.so
loading plugin shellexec.so
loading plugin shn.so
loading plugin sid.so
loading plugin sndfile.so
loading plugin supereq.so
loading plugin tta.so
dlopen error: /usr/lib/deadbeef/tta.so: undefined symbol: hybrid_filter
loading plugin vfs_curl.so
loading plugin vorbis.so
loading plugin vtx.so
loading plugin wavpack.so
loading plugin wildmidi.so
dlopen error: /usr/lib/deadbeef/wildmidi.so: undefined symbol: WM_Lock
loading plugins from /home/thesame/.local/lib/deadbeef
Gtk-Message: Failed to load module "globalmenu-gnome":
libglobalmenu-gnome.so: cannot open shared object file: No such file or
directory
hotkeys: Unknown command <open> while parsing hotkeys.key8 Ctrl Alt o:
open
==29393== Thread 3:
==29393== Conditional jump or move depends on uninitialised value(s)
==29393== at 0x69F70AF: pango_layout_set_width (in
/usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x635F3D7: draw_text (gdkdrawing.c:165)
==29393== by 0x6364F7B: tabstrip_render (ddbtabstrip.c:547)
==29393== by 0x6365FE8: on_tabstrip_expose_event (ddbtabstrip.c:973)
==29393== by 0x64AF1C3: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2200.0)
==29393== by 0x6AD83C6: ??? (in /usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x6AD9A71: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x6AEC0A4: ??? (in /usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x6AF4A8A: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x6AF4EB1: g_signal_emit (in
/usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x65E28E5: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2200.0)
==29393== by 0x64ADA10: gtk_main_do_event (in
/usr/lib/libgtk-x11-2.0.so.0.2200.0)
==29393==
==29393== Conditional jump or move depends on uninitialised value(s)
==29393== at 0x69F4E93: ??? (in /usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x69F8C83: ??? (in /usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x69FA56E: ??? (in /usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x69FBAD0: pango_layout_get_iter (in
/usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x6A0180B: pango_renderer_draw_layout (in
/usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x67692E7: gdk_draw_layout_with_colors (in
/usr/lib/libgdk-x11-2.0.so.0.2200.0)
==29393== by 0x6769550: gdk_draw_layout (in
/usr/lib/libgdk-x11-2.0.so.0.2200.0)
==29393== by 0x635F46D: draw_text (gdkdrawing.c:168)
==29393== by 0x6364F7B: tabstrip_render (ddbtabstrip.c:547)
==29393== by 0x6365FE8: on_tabstrip_expose_event (ddbtabstrip.c:973)
==29393== by 0x64AF1C3: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2200.0)
==29393== by 0x6AD83C6: ??? (in /usr/lib/libgobject-2.0.so.0.2600.0)
==29393==
==29393== Conditional jump or move depends on uninitialised value(s)
==29393== at 0x69FA63E: ??? (in /usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x69FBAD0: pango_layout_get_iter (in
/usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x6A0180B: pango_renderer_draw_layout (in
/usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x67692E7: gdk_draw_layout_with_colors (in
/usr/lib/libgdk-x11-2.0.so.0.2200.0)
==29393== by 0x6769550: gdk_draw_layout (in
/usr/lib/libgdk-x11-2.0.so.0.2200.0)
==29393== by 0x635F46D: draw_text (gdkdrawing.c:168)
==29393== by 0x6364F7B: tabstrip_render (ddbtabstrip.c:547)
==29393== by 0x6365FE8: on_tabstrip_expose_event (ddbtabstrip.c:973)
==29393== by 0x64AF1C3: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2200.0)
==29393== by 0x6AD83C6: ??? (in /usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x6AD9A71: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.2600.0)
==29393== by 0x6AEC0A4: ??? (in /usr/lib/libgobject-2.0.so.0.2600.0)
==29393==
selected output plugin: ALSA output plugin
INFO: loading playlist New Playlist
INFO: from file /home/thesame/.config/deadbeef/playlists/0.dbpl
INFO: loading playlist Radio
INFO: from file /home/thesame/.config/deadbeef/playlists/1.dbpl
INFO: loading playlist temp
INFO: from file /home/thesame/.config/deadbeef/playlists/2.dbpl
==29393== Conditional jump or move depends on uninitialised value(s)
==29393== at 0x69F70AF: pango_layout_set_width (in
/usr/lib/libpango-1.0.so.0.2800.3)
==29393== by 0x635F3D7: draw_text (gdkdrawing.c:165)
==29393== by 0x635B7CE: ddb_listview_header_render
(ddblistview.c:2150)
==29393== by 0x635DC9E: ddb_listview_clear_sort (ddblistview.c:2962)
==29393== by 0x633CC05: playlistswitch_cb (gtkui.c:522)
==29393== by 0x6B52A80: ??? (in /usr/lib/libglib-2.0.so.0.2600.0)
==29393== by 0x6B56B71: g_main_context_dispatch (in
/usr/lib/libglib-2.0.so.0.2600.0)
==29393== by 0x6B5734F: ??? (in /usr/lib/libglib-2.0.so.0.2600.0)
==29393== by 0x6B57A1A: g_main_loop_run (in
/usr/lib/libglib-2.0.so.0.2600.0)
==29393== by 0x64AC408: gtk_main (in
/usr/lib/libgtk-x11-2.0.so.0.2200.0)
==29393== by 0x633E549: gtkui_thread (gtkui.c:997)
==29393== by 0x41E8E5F: start_thread (in /lib/libpthread-2.12.1.so)
==29393==
server_start
==29393== Thread 7:
==29393== Syscall param ioctl(arg) contains uninitialised byte(s)
==29393== at 0x42C3E89: ioctl (in /lib/libc-2.12.1.so)
==29393== by 0x4B6BF60: snd_pcm_prepare (in
/usr/lib/libasound.so.2.0.0)
==29393== by 0x4B815B4: ??? (in /usr/lib/libasound.so.2.0.0)
==29393== by 0x4B6BF60: snd_pcm_prepare (in
/usr/lib/libasound.so.2.0.0)
==29393== by 0x4B6C00C: snd_pcm_hw_params (in
/usr/lib/libasound.so.2.0.0)
==29393== by 0x40383E9: palsa_set_hw_params (alsa.c:200)
==29393== by 0x403856A: palsa_init (alsa.c:239)
==29393== by 0x4038A26: palsa_play (alsa.c:381)
==29393== by 0x8055711: streamer_start_new_song (streamer.c:814)
==29393== by 0x805587E: streamer_thread (streamer.c:850)
==29393== by 0x41E8E5F: start_thread (in /lib/libpthread-2.12.1.so)
==29393== by 0x42CBFBD: clone (in /lib/libc-2.12.1.so)
==29393==
alsa avail_min: 1024 frames
==29393== Syscall param ioctl(arg) contains uninitialised byte(s)
==29393== at 0x42C3E89: ioctl (in /lib/libc-2.12.1.so)
==29393== by 0x4B6C120: snd_pcm_start (in /usr/lib/libasound.so.2.0.0)
==29393== by 0x4B81714: ??? (in /usr/lib/libasound.so.2.0.0)
==29393== by 0x4B6C120: snd_pcm_start (in /usr/lib/libasound.so.2.0.0)
==29393== by 0x4038ABE: palsa_play (alsa.c:401)
==29393== by 0x8055711: streamer_start_new_song (streamer.c:814)
==29393== by 0x805587E: streamer_thread (streamer.c:850)
==29393== by 0x41E8E5F: start_thread (in /lib/libpthread-2.12.1.so)
==29393== by 0x42CBFBD: clone (in /lib/libc-2.12.1.so)
==29393==
==29393== Thread 1:
==29393== Invalid write of size 4
==29393== at 0x4D7BE20: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd54 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D7BE24: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdea8 is on thread 1's stack
==29393==
==29393== Invalid write of size 4
==29393== at 0x4D7BE27: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd50 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D87903: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd50 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D87910: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd54 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D87927: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd50 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D8792A: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdfdc is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D87934: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd50 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D87945: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd50 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D8794E: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdd50 is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x4D87951: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdfdc is on thread 1's stack
==29393==
==29393== Invalid write of size 1
==29393== at 0x4D9E02B: addbyter (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9DA2E: dprintf_formatf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9E09D: curl_mvsnprintf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9E103: curl_msnprintf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D87974: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0x21c is not stack'd, malloc'd or (recently) free'd
==29393==
Segmentation Fault
==29393== Invalid read of size 4
==29393== at 0x42DF867: backtrace (in /lib/libc-2.12.1.so)
==29393== by 0x804AE42: sigsegv_handler (main.c:461)
==29393== by 0x4227E87: ??? (in /lib/libc-2.12.1.so)
==29393== by 0x4D9DA2E: dprintf_formatf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9E09D: curl_mvsnprintf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9E103: curl_msnprintf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D87974: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdecc is on thread 1's stack
==29393==
==29393== Invalid read of size 4
==29393== at 0x42DF86A: backtrace (in /lib/libc-2.12.1.so)
==29393== by 0x804AE42: sigsegv_handler (main.c:461)
==29393== by 0x4227E87: ??? (in /lib/libc-2.12.1.so)
==29393== by 0x4D9DA2E: dprintf_formatf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9E09D: curl_mvsnprintf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D9E103: curl_msnprintf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D87974: Curl_failf (in /usr/lib/libcurl.so.4.2.0)
==29393== by 0x4D7BE2E: Curl_resolv_timeout (in
/usr/lib/libcurl.so.4.2.0)
==29393== by 0x3D0EFF: ???
==29393== by 0xE5F6CFB: ???
==29393== Address 0xe1fdec8 is on thread 1's stack
==29393==
atexit_handler
handling atexit.
==29393==
==29393== HEAP SUMMARY:
==29393== in use at exit: 3,406,850 bytes in 24,186 blocks
==29393== total heap usage: 90,620 allocs, 66,434 frees, 10,791,403
bytes allocated
==29393==
==29393== LEAK SUMMARY:
==29393== definitely lost: 4,756 bytes in 24 blocks
==29393== indirectly lost: 6,400 bytes in 317 blocks
==29393== possibly lost: 1,442,604 bytes in 11,291 blocks
==29393== still reachable: 1,953,090 bytes in 12,554 blocks
==29393== suppressed: 0 bytes in 0 blocks
==29393== Rerun with --leak-check=full to see details of leaked memory
==29393==
==29393== For counts of detected and suppressed errors, rerun with: -v
==29393== Use --track-origins=yes to see where uninitialised values come
from
==29393== ERROR SUMMARY: 93 errors from 20 contexts (suppressed: 570 from
14)
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3093811&group_id=976
Received on 2010-10-23
Mailing List 
Page updated November 12, 2010.