invalid read in Context::properties

lilypond-devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
invalid read in Context::properties_dict()

From:	Dan Eble
Subject:	invalid read in Context::properties_dict()
Date:	Mon, 31 Dec 2012 15:29:34 -0500
I have a reproducible segfault, but not a tiny example.  (If anyone wants to 
reproduce this, ask me to prepare a tgz for you to download from my web site.)  
Is there an expert here who can tell me how likely it is that the Context 
properties actually referred to the object released in Skyline::Skyline, or if 
something more obscure happened?

This is with the latest source built in LilyDev, but the same input causes a 
bus error with 2.16 on OS X.  Valgrind and gdb output follow.

Thanks,
-- 
Dan  

VALGRIND OUTPUT (ABRIDGED)

==13752== Invalid read of size 4
==13752==    at 0x80CA0E9: Context::properties_dict() const (context.cc:68)
==13752==    by 0x80CBC53: Context::internal_get_property(scm_unused_struct*) 
const (context.cc:445)
==13752==    by 0x80CBC91: Context::internal_get_property(scm_unused_struct*) 
const (context.cc:449)
==13752==    by 0x80CBC91: Context::internal_get_property(scm_unused_struct*) 
const (context.cc:449)
==13752==    by 0x80CBC91: Context::internal_get_property(scm_unused_struct*) 
const (context.cc:449)
==13752==    by 0x80C5DF3: ly_context_property(scm_unused_struct*, 
scm_unused_struct*, scm_unused_struct*) (context-scheme.cc:104)
==13752==    by 0x4094759: scm_gsubr_apply (in /usr/lib/libguile.so.17.3.1)
==13752==    by 0x407DB73: scm_dapply (in /usr/lib/libguile.so.17.3.1)
==13752==    by 0x407E726: ??? (in /usr/lib/libguile.so.17.3.1)
==13752==    by 0x407F02C: ??? (in /usr/lib/libguile.so.17.3.1)
==13752==    by 0x407DBEA: scm_dapply (in /usr/lib/libguile.so.17.3.1)
==13752==    by 0x407C507: scm_apply (in /usr/lib/libguile.so.17.3.1)
==13752==  Address 0xcc33d90 is 32 bytes inside a block of size 40 free'd
==13752==    at 0x4024851: operator delete(void*) (vg_replace_malloc.c:387)
==13752==    by 0x824F921: Skyline::Skyline(std::vector<Skyline_pair, 
std::allocator<Skyline_pair> > const&, Direction) (new_allocator.h:95)
==13752==    by 0x824881C: Skyline_pair::Skyline_pair(std::vector<Skyline_pair, 
std::allocator<Skyline_pair> > const&) (skyline-pair.cc:42)
==13752==    by 0x807292E: Axis_group_interface::skyline_spacing(Grob*, 
std::vector<Grob*, std::allocator<Grob*> >) (axis-group-interface.cc:884)
==13752==    by 0x807351D: 
Axis_group_interface::calc_skylines(scm_unused_struct*) 
(axis-group-interface.cc:396)
==13752==    by 0x407D63E: scm_dapply (in /usr/lib/libguile.so.17.3.1)
==13752==    by 0x407C507: scm_apply (in /usr/lib/libguile.so.17.3.1)
==13752==    by 0x4081A40: scm_call_1 (in /usr/lib/libguile.so.17.3.1)
==13752==    by 0x811C1BB: Grob::try_callback_on_alist(scm_unused_struct**, 
scm_unused_struct*, scm_unused_struct*) (grob-property.cc:231)
==13752==    by 0x811C392: Grob::internal_get_property(scm_unused_struct*) 
const (grob-property.cc:188)
==13752==    by 0x806F544: Axis_group_interface::generic_group_extent(Grob*, 
Axis) (axis-group-interface.cc:440)
==13752==    by 0x806F5B8: Axis_group_interface::height(scm_unused_struct*) 
(axis-group-interface.cc:365)

GDB OUTPUT (ABRIDGED)

Calculating page and line breaks (20 possible page 
breaks)...[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20]
Drawing systems...
Program received signal SIGSEGV, Segmentation fault.
0x080cd5be in Scheme_hash_table::unsmob (s=0x30) at 
/home/dan/lilypond-git/lily/include/scm-hash.hh:62
62        DECLARE_SMOBS (Scheme_hash_table);
(gdb) print *this
No symbol "this" in current context.
(gdb) up
#1  0x080ca0f4 in Context::properties_dict (this=0x8d4daa8) at 
/home/dan/lilypond-git/lily/context.cc:68
68        return Scheme_hash_table::unsmob (properties_scm_);
(gdb) print *this
$1 = {_vptr.Context = 0x38254fb6, static smob_name_ = 0x8329c00 "Context", 
static smob_tag_ = 10623, 
  self_scm_ = 0x400dabb6, protection_cons_ = 0x689174e, client_count_ = 
1074802671, infant_event_ = 0xdbbf9fb1, 
  daddy_context_ = 0x40104870, definition_ = 0x0, definition_mods_ = 0x0, 
properties_scm_ = 0x30, 
  context_list_ = 0x31, accepts_list_ = 0x8d4db00, aliases_ = 0x9239790, 
implementation_ = 0x0, id_string_ = {
    static npos = 4294967295, 
    _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = 
{<No data fields>}, <No data fields>}, 
      _M_p = 0x80000000 <Address 0x80000000 out of bounds>}}, event_source_ = 
0xa99b6f5c, events_below_ = 0x3ff50f10, 
  ancestor_lookup_ = 0x2ed35222}
(gdb) up
#2  0x080cbc54 in Context::internal_get_property (this=0x8d4daa8, 
sym=0xb7306af0)
    at /home/dan/lilypond-git/lily/context.cc:445
445       if (properties_dict ()->try_retrieve (sym, &val))
(gdb) print *this
$2 = {_vptr.Context = 0x38254fb6, static smob_name_ = 0x8329c00 "Context", 
static smob_tag_ = 10623, 
  self_scm_ = 0x400dabb6, protection_cons_ = 0x689174e, client_count_ = 
1074802671, infant_event_ = 0xdbbf9fb1, 
  daddy_context_ = 0x40104870, definition_ = 0x0, definition_mods_ = 0x0, 
properties_scm_ = 0x30, 
  context_list_ = 0x31, accepts_list_ = 0x8d4db00, aliases_ = 0x9239790, 
implementation_ = 0x0, id_string_ = {
    static npos = 4294967295, 
    _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = 
{<No data fields>}, <No data fields>}, 
      _M_p = 0x80000000 <Address 0x80000000 out of bounds>}}, event_source_ = 
0xa99b6f5c, events_below_ = 0x3ff50f10, 
  ancestor_lookup_ = 0x2ed35222}
(gdb) up 
#3  0x080cbc92 in Context::internal_get_property (this=0x8d43b20, 
sym=0xb7306af0)
    at /home/dan/lilypond-git/lily/context.cc:449
449         return daddy_context_->internal_get_property (sym);
(gdb) print *this
$3 = {_vptr.Context = 0x832a068, static smob_name_ = 0x8329c00 "Context", 
static smob_tag_ = 10623, 
  self_scm_ = 0xb2bc73d0, protection_cons_ = 0x404, client_count_ = 0, 
infant_event_ = 0x8e377b0, 
  daddy_context_ = 0x8d4daa8, definition_ = 0xb768fa70, definition_mods_ = 
0x404, properties_scm_ = 0xb2bc73b0, 
  context_list_ = 0xb2c1f0c0, accepts_list_ = 0xb2bc6888, aliases_ = 
0xb7b40d88, implementation_ = 0x8ce55a0, 
  id_string_ = {static npos = 4294967295, 
    _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = 
{<No data fields>}, <No data fields>}, 
      _M_p = 0x8d34524 "\\new"}}, event_source_ = 0x8d46f30, events_below_ = 
0x8d34560, ancestor_lookup_ = 0xb6ef61a0}
(gdb) bt
#0  0x080cd5be in Scheme_hash_table::unsmob (s=0x30) at 
/home/dan/lilypond-git/lily/include/scm-hash.hh:62
#1  0x080ca0f4 in Context::properties_dict (this=0x8d4daa8) at 
/home/dan/lilypond-git/lily/context.cc:68
#2  0x080cbc54 in Context::internal_get_property (this=0x8d4daa8, 
sym=0xb7306af0)
    at /home/dan/lilypond-git/lily/context.cc:445
#3  0x080cbc92 in Context::internal_get_property (this=0x8d43b20, 
sym=0xb7306af0)
    at /home/dan/lilypond-git/lily/context.cc:449
#4  0x080cbc92 in Context::internal_get_property (this=0x8d4b320, 
sym=0xb7306af0)
    at /home/dan/lilypond-git/lily/context.cc:449
#5  0x080cbc92 in Context::internal_get_property (this=0x8a8d780, 
sym=0xb7306af0)
    at /home/dan/lilypond-git/lily/context.cc:449
#6  0x080c5df4 in ly_context_property (context=0xb2bcca20, sym=0xb7306af0, 
def=0x204)
    at /home/dan/lilypond-git/lily/context-scheme.cc:104
#7  0x0018875a in scm_gsubr_apply () from /usr/lib/libguile.so.17
#8  0x00171b74 in scm_dapply () from /usr/lib/libguile.so.17
#9  0x00172727 in ?? () from /usr/lib/libguile.so.17
#10 0x0017302d in ?? () from /usr/lib/libguile.so.17
#11 0x00171beb in scm_dapply () from /usr/lib/libguile.so.17
#12 0x00170508 in scm_apply () from /usr/lib/libguile.so.17
#13 0x001711c2 in scm_apply_2 () from /usr/lib/libguile.so.17
#14 0x082bb84d in Text_interface::interpret_markup (layout_smob=0xb2ba53e8, 
props=0xb58bb780, markup=0xb58bb600)
    at /home/dan/lilypond-git/lily/text-interface.cc:150
#15 0x001729e9 in ?? () from /usr/lib/libguile.so.17
#16 0x00171beb in scm_dapply () from /usr/lib/libguile.so.17
#17 0x00170508 in scm_apply () from /usr/lib/libguile.so.17
#18 0x001711c2 in scm_apply_2 () from /usr/lib/libguile.so.17
#19 0x082bb84d in Text_interface::interpret_markup (layout_smob=0xb2ba53e8, 
props=0xb58bb780, markup=0xb5ce0518)
    at /home/dan/lilypond-git/lily/text-interface.cc:150
#20 0x001729e9 in ?? () from /usr/lib/libguile.so.17
#21 0x00171beb in scm_dapply () from /usr/lib/libguile.so.17
#22 0x00170508 in scm_apply () from /usr/lib/libguile.so.17
#23 0x00175a41 in scm_call_1 () from /usr/lib/libguile.so.17
#24 0x0811c1bc in Grob::try_callback_on_alist (this=0x9297a78, alist=0x9297aa8, 
sym=0xb6168cc0, proc=0xb7d6c298)
    at /home/dan/lilypond-git/lily/grob-property.cc:231
#25 0x0811c393 in Grob::internal_get_property (this=0x9297a78, sym=0xb6168cc0)
    at /home/dan/lilypond-git/lily/grob-property.cc:188
#26 0x08127703 in Grob::get_stencil (smob=0xb5ce05a8) at 
/home/dan/lilypond-git/lily/grob.cc:121
#27 grob_stencil_extent (smob=0xb5ce05a8) at 
/home/dan/lilypond-git/lily/grob.cc:839
---Type <return> to continue, or q <return> to quit---
#28 Grob::stencil_height (smob=0xb5ce05a8) at 
/home/dan/lilypond-git/lily/grob.cc:851
#29 0x0017163f in scm_dapply () from /usr/lib/libguile.so.17
#30 0x00170508 in scm_apply () from /usr/lib/libguile.so.17
#31 0x00175a41 in scm_call_1 () from /usr/lib/libguile.so.17
#32 0x0811c1bc in Grob::try_callback_on_alist (this=0x9297a78, alist=0x9297aa8, 
sym=0xb6168fe0, proc=0xb7db5450)
    at /home/dan/lilypond-git/lily/grob-property.cc:231
#33 0x0811c393 in Grob::internal_get_property (this=0x9297a78, sym=0xb6168fe0)
    at /home/dan/lilypond-git/lily/grob-property.cc:188
#34 0x0812a3c9 in Grob::extent (this=0x9297a78, refp=0x90b2ee8, a=Y_AXIS) at 
/home/dan/lilypond-git/lily/grob.cc:459
#35 0x0811e9a6 in ly_grob_extent (grob=0xb5ce05a8, refp=0xb5db80e0, axis=0x6)
    at /home/dan/lilypond-git/lily/grob-scheme.cc:237
#36 0x001729e9 in ?? () from /usr/lib/libguile.so.17
#37 0x00172502 in ?? () from /usr/lib/libguile.so.17
#38 0x0017336b in ?? () from /usr/lib/libguile.so.17
#39 0x00172812 in ?? () from /usr/lib/libguile.so.17
#40 0x00171beb in scm_dapply () from /usr/lib/libguile.so.17
#41 0x00170508 in scm_apply () from /usr/lib/libguile.so.17
#42 0x00175a41 in scm_call_1 () from /usr/lib/libguile.so.17
#43 0x0811c1bc in Grob::try_callback_on_alist (this=0x9297a78, alist=0x9297aa8, 
sym=0xb6168fc0, proc=0xb7d678a0)
    at /home/dan/lilypond-git/lily/grob-property.cc:231
#44 0x0811c393 in Grob::internal_get_property (this=0x9297a78, sym=0xb6168fc0)
    at /home/dan/lilypond-git/lily/grob-property.cc:188
#45 0x0812a559 in Grob::get_offset (this=0x9297a78, refp=0x90b2ee8, a=Y_AXIS)
    at /home/dan/lilypond-git/lily/grob.cc:399
#46 Grob::relative_coordinate (this=0x9297a78, refp=0x90b2ee8, a=Y_AXIS) at 
/home/dan/lilypond-git/lily/grob.cc:328
#47 Grob::extent (this=0x9297a78, refp=0x90b2ee8, a=Y_AXIS) at 
/home/dan/lilypond-git/lily/grob.cc:443
#48 0x0806f38d in Axis_group_interface::relative_maybe_bound_group_extent 
(elts=..., common=0x90b2ee8, a=Y_AXIS, 
    bound=false) at /home/dan/lilypond-git/lily/axis-group-interface.cc:106
#49 0x0806f4eb in Axis_group_interface::relative_group_extent (me=0x90b2ee8, 
a=Y_AXIS)
    at /home/dan/lilypond-git/lily/axis-group-interface.cc:91
#50 Axis_group_interface::generic_group_extent (me=0x90b2ee8, a=Y_AXIS)
    at /home/dan/lilypond-git/lily/axis-group-interface.cc:446
#51 0x0806f5b9 in Axis_group_interface::height (smob=0xb5db80e0)
    at /home/dan/lilypond-git/lily/axis-group-interface.cc:365
#52 0x0017163f in scm_dapply () from /usr/lib/libguile.so.17
#53 0x00170508 in scm_apply () from /usr/lib/libguile.so.17
#54 0x00175a41 in scm_call_1 () from /usr/lib/libguile.so.17
---Type <return> to continue, or q <return> to quit---
#55 0x0811c1bc in Grob::try_callback_on_alist (this=0x90b2ee8, alist=0x90b2f18, 
sym=0xb6168fe0, proc=0xb7de5998)
    at /home/dan/lilypond-git/lily/grob-property.cc:231
#56 0x0811c393 in Grob::internal_get_property (this=0x90b2ee8, sym=0xb6168fe0)
    at /home/dan/lilypond-git/lily/grob-property.cc:188
#57 0x0812a3c9 in Grob::extent (this=0x90b2ee8, refp=0x90b2ee8, a=Y_AXIS) at 
/home/dan/lilypond-git/lily/grob.cc:459
#58 0x082b1f07 in System::post_processing (this=0x90b2ee8) at 
/home/dan/lilypond-git/lily/system.cc:540
#59 0x082b217e in System::get_paper_system (this=0x90b2ee8) at 
/home/dan/lilypond-git/lily/system.cc:580
#60 0x081b4667 in Page_breaking::draw_page (this=0xbfffc270, 
systems=0xb5b415c8, configuration=0xb5abcdb0, page_num=4, 
    last=false) at /home/dan/lilypond-git/lily/page-breaking.cc:561
#61 0x081b4c0f in Page_breaking::make_pages (this=0xbfffc270, 
lines_per_page=..., systems=0x404)
    at /home/dan/lilypond-git/lily/page-breaking.cc:652
#62 0x081cfba4 in Page_turn_page_breaking::make_pages (this=0xbfffc270, 
soln=..., systems=0xb5c2a620)
    at /home/dan/lilypond-git/lily/page-turn-page-breaking.cc:290
#63 0x081d1895 in Page_turn_page_breaking::solve (this=0xbfffc270)
    at /home/dan/lilypond-git/lily/page-turn-page-breaking.cc:250
#64 0x081ae4fc in ly_page_turn_breaking (pb=0xb33cdd70) at 
/home/dan/lilypond-git/lily/page-breaking-scheme.cc:33
#65 0x0017163f in scm_dapply () from /usr/lib/libguile.so.17
#66 0x00170508 in scm_apply () from /usr/lib/libguile.so.17
#67 0x0017124c in scm_apply_0 () from /usr/lib/libguile.so.17
#68 0x081d8267 in Paper_book::pages (this=0x8d1e8d8) at 
/home/dan/lilypond-git/lily/paper-book.cc:654
#69 0x081d9d9c in Paper_book::output_aux (this=0x8d1e8d8, 
output_channel=0xb72963b0, is_last=true, 
    first_page_number=0xbfffc59c, first_performance_number=0xbfffc594) at 
/home/dan/lilypond-git/lily/paper-book.cc:162
#70 0x081d9e0e in Paper_book::output_aux (this=0x8e30ef0, 
output_channel=0xb72963b0, is_last=true, 
    first_page_number=0xbfffc59c, first_performance_number=0xbfffc594) at 
/home/dan/lilypond-git/lily/paper-book.cc:150
#71 0x081da9c5 in Paper_book::output (this=0x8e30ef0, output_channel=0xb72963b0)
    at /home/dan/lilypond-git/lily/paper-book.cc:185
#72 0x0809b5b8 in ly_book_process (book_smob=0xb30d5230, 
default_paper=0xb79036b8, default_layout=0xb77315b8, 
    output=0xb72963b0) at /home/dan/lilypond-git/lily/book-scheme.cc:79
#73 0x0018873b in scm_gsubr_apply () from /usr/lib/libguile.so.17
#74 0x00171b74 in scm_dapply () from /usr/lib/libguile.so.17
#75 0x00172727 in ?? () from /usr/lib/libguile.so.17
#76 0x00171beb in scm_dapply () from /usr/lib/libguile.so.17
#77 0x00170508 in scm_apply () from /usr/lib/libguile.so.17
#78 0x00171350 in scm_call_2 () from /usr/lib/libguile.so.17
#79 0x0830cf93 in yyparse (parser=0x84e2850, retval=0xbfffe29c) at 
/home/dan/lilypond-git/lily/parser.yy:426
#80 0x0830e9bf in Lily_parser::do_yyparse (this=0x84e2850) at 
/home/dan/lilypond-git/lily/parser.yy:3384
#81 0x08150230 in Lily_parser::parse_file (this=0x84e2850, init=..., name=..., 
out_name=...)
---Type <return> to continue, or q <return> to quit---
    at /home/dan/lilypond-git/lily/lily-parser.cc:125
#82 0x0814c7ed in ly_parse_file (name=0xb7249c00) at 
/home/dan/lilypond-git/lily/lily-parser-scheme.cc:121
#83 0x00173a50 in ?? () from /usr/lib/libguile.so.17
#84 0x00171beb in scm_dapply () from /usr/lib/libguile.so.17
#85 0x00170508 in scm_apply () from /usr/lib/libguile.so.17
#86 0x00175a7d in scm_call_0 () from /usr/lib/libguile.so.17
#87 0x001d3720 in scm_body_thunk () from /usr/lib/libguile.so.17
#88 0x001d3c43 in scm_c_catch () from /usr/lib/libguile.so.17
#89 0x001d3e8d in scm_catch_with_pre_unwind_handler () from 
/usr/lib/libguile.so.17
#90 0x0018873b in scm_gsubr_apply () from /usr/lib/libguile.so.17
#91 0x00171b74 in scm_dapply () from /usr/lib/libguile.so.17
#92 0x00172727 in ?? () from /usr/lib/libguile.so.17
#93 0x00172812 in ?? () from /usr/lib/libguile.so.17
#94 0x00171beb in scm_dapply () from /usr/lib/libguile.so.17
#95 0x00170508 in scm_apply () from /usr/lib/libguile.so.17
#96 0x00175a41 in scm_call_1 () from /usr/lib/libguile.so.17
#97 0x007f7b66 in scm_srfi1_for_each () from 
/usr/lib/libguile-srfi-srfi-1-v-3.so.3
#98 0x0017391f in ?? () from /usr/lib/libguile.so.17
#99 0x00172812 in ?? () from /usr/lib/libguile.so.17
#100 0x00172fa9 in ?? () from /usr/lib/libguile.so.17
#101 0x00171beb in scm_dapply () from /usr/lib/libguile.so.17
#102 0x00170508 in scm_apply () from /usr/lib/libguile.so.17
#103 0x00175a41 in scm_call_1 () from /usr/lib/libguile.so.17
#104 0x08162c37 in main_with_guile () at /home/dan/lilypond-git/lily/main.cc:404
#105 0x0018cf46 in ?? () from /usr/lib/libguile.so.17
#106 0x0015de02 in ?? () from /usr/lib/libguile.so.17
#107 0x001d3c43 in scm_c_catch () from /usr/lib/libguile.so.17
#108 0x0015e3e2 in scm_i_with_continuation_barrier () from 
/usr/lib/libguile.so.17
#109 0x0015e4c3 in scm_c_with_continuation_barrier () from 
/usr/lib/libguile.so.17
#110 0x001d27b9 in scm_i_with_guile_and_parent () from /usr/lib/libguile.so.17
#111 0x001d28ae in scm_with_guile () from /usr/lib/libguile.so.17
#112 0x0018cedf in scm_boot_guile () from /usr/lib/libguile.so.17
#113 0x08164156 in main (argc=10, argv=0xbffff394, envp=0xbffff3c0) at 
/home/dan/lilypond-git/lily/main.cc:604
[Prev in Thread]
Current Thread
[Next in Thread]
invalid read in Context::properties_dict(), Dan Eble <=
- Re: invalid read in Context::properties_dict(), Dan Eble, 2012/12/31
Prev by Date: Re: Introducing two new markup-commands: draw-dashed-line and draw-dotted-line. (issue 7029045)
Next by Date: Re: invalid read in Context::properties_dict()
Previous by thread: Re: Issue 3073: Context definitions and context mods ignore \unset (issue 7038044)
Next by thread: Re: invalid read in Context::properties_dict()
Index(es):
- Date
- Thread