[mythtv-commits] Ticket #2735: glibc "free(): invalid pointer" during tuning in mythtv-setup (mythtv-setup crashes)
MythTV
mythtv at cvs.mythtv.org
Thu Mar 1 15:33:10 UTC 2007
#2735: glibc "free(): invalid pointer" during tuning in mythtv-setup (mythtv-setup
crashes)
------------------------------+---------------------------------------------
Reporter: linux at bohmer.net | Owner: danielk
Type: defect | Status: reopened
Priority: minor | Milestone: unknown
Component: mythtv | Version: head
Severity: medium | Resolution:
------------------------------+---------------------------------------------
Changes (by celston at katalix.com):
* status: closed => reopened
* version: 0.20 => head
* resolution: invalid =>
Comment:
I have also encountered this bug on a Core 2 Duo system, Fedora Core 6,
latest svn myth. So I built myself a debug copy of qt 3.3.7 and
reproduced the crash with gdb attached. Backtrace is:
{{{
(gdb) bt
#0 0x00000035aee301b5 in raise () from /lib64/libc.so.6
#1 0x00000035aee31b20 in abort () from /lib64/libc.so.6
#2 0x00000035aee6766b in __libc_message () from /lib64/libc.so.6
#3 0x00000035aee72276 in free () from /lib64/libc.so.6
#4 0x00002aaaadc47ad8 in ~QGArray (this=0x2aaab4001978) at
tools/qgarray.cpp:174
#5 0x00002aaaaaece9db in ~QMemArray (this=0x2aaab4001978) at
/usr/lib64/qt-3.3/include/qmemarray.h:61
#6 0x00002aaaadc30da6 in ~QBuffer (this=0x2aaab4001960) at
tools/qbuffer.cpp:131
#7 0x00002aaaadc3b4bd in ~QDataStream (this=0x40a84810) at
tools/qdatastream.cpp:324
#8 0x00002aaaad8a4fdd in QTranslator::findMessage (this=0x901a80,
context=0x2aaaaddf3943 "QObject", sourceText=0x2aaaab3f3f18 "Timeout
Scanning %1 -- no tables", comment=0x2aaaadd47100 "") at
kernel/qtranslator.cpp:1021
#9 0x00002aaaad84cfc8 in QApplication::translate (this=0x7fff143e1310,
context=0x2aaaaddf3943 "QObject", sourceText=0x2aaaab3f3f18 "Timeout
Scanning %1 -- no tables", comment=0x0,
encoding=QApplication::DefaultCodec) at kernel/qapplication.cpp:3056
#10 0x00002aaaadceb216 in QObject::tr (s=0x2aaaab3f3f18 "Timeout Scanning
%1 -- no tables", c=0x0) at .moc/debug-shared-mt/moc_qobject.cpp:35
#11 0x00002aaaab202569 in SIScan::HasTimedOut (this=0x1634640) at
siscan.cpp:611
#12 0x00002aaaab2060a3 in SIScan::HandleActiveScan (this=0x1634640) at
siscan.cpp:646
#13 0x00002aaaab206538 in SIScan::RunScanner (this=0x1634640) at
siscan.cpp:593
#14 0x00002aaaab20658d in SIScan::SpawnScanner (param=0x1634640) at
siscan.cpp:568
#15 0x00000035b1e06305 in start_thread () from /lib64/libpthread.so.0
#16 0x00000035aeecd50d in clone () from /lib64/libc.so.6
#17 0x0000000000000000 in ?? ()
(gdb)
}}}
Having stepped up and down through the stack in GDB trying to work out
what's going on here, I'm pretty convinced that this is down to the
QShared struct/class in QT not being reentrant. Please check out
src/tools/qshared.h from the QT 3.3.7 distribution, I think there's a race
on the reference count in the QShared structure, which is causing a
repeated attempt to delete the shared data in QGArray::~QGArray. Note
that in QT4, qshared.h has been replaced with qshareddata.cpp, in which
the "count" member of QShared (which used to be an int in QT3) has been
replaced with the memeber "ref" of type QAtomic - suggesting that race
conditions on shared data was a problem, but has been fixed in QT4.
There's not a lot we can do about this from Myth, except looking at how we
are using the translation functions and seeing if we can avoid reentrancy.
Any hints in that direction?
--
Ticket URL: <http://svn.mythtv.org/trac/ticket/2735#comment:5>
MythTV <http://www.mythtv.org/>
MythTV
More information about the mythtv-commits
mailing list