[mythtv-commits] Ticket #2735: glibc "free(): invalid pointer" during tuning in mythtv-setup (mythtv-setup crashes)

MythTV mythtv at cvs.mythtv.org
Thu Mar 1 15:33:10 UTC 2007


#2735: glibc "free(): invalid pointer" during tuning in mythtv-setup (mythtv-setup
crashes)
------------------------------+---------------------------------------------
 Reporter:  linux at bohmer.net  |        Owner:  danielk 
     Type:  defect            |       Status:  reopened
 Priority:  minor             |    Milestone:  unknown 
Component:  mythtv            |      Version:  head    
 Severity:  medium            |   Resolution:          
------------------------------+---------------------------------------------
Changes (by celston at katalix.com):

  * status:  closed => reopened
  * version:  0.20 => head
  * resolution:  invalid =>

Comment:

 I have also encountered this bug on a Core 2 Duo system, Fedora Core 6,
 latest svn myth.  So I built myself a debug copy of qt 3.3.7 and
 reproduced the crash with gdb attached.  Backtrace is:


 {{{
 (gdb) bt
 #0  0x00000035aee301b5 in raise () from /lib64/libc.so.6
 #1  0x00000035aee31b20 in abort () from /lib64/libc.so.6
 #2  0x00000035aee6766b in __libc_message () from /lib64/libc.so.6
 #3  0x00000035aee72276 in free () from /lib64/libc.so.6
 #4  0x00002aaaadc47ad8 in ~QGArray (this=0x2aaab4001978) at
 tools/qgarray.cpp:174
 #5  0x00002aaaaaece9db in ~QMemArray (this=0x2aaab4001978) at
 /usr/lib64/qt-3.3/include/qmemarray.h:61
 #6  0x00002aaaadc30da6 in ~QBuffer (this=0x2aaab4001960) at
 tools/qbuffer.cpp:131
 #7  0x00002aaaadc3b4bd in ~QDataStream (this=0x40a84810) at
 tools/qdatastream.cpp:324
 #8  0x00002aaaad8a4fdd in QTranslator::findMessage (this=0x901a80,
 context=0x2aaaaddf3943 "QObject", sourceText=0x2aaaab3f3f18 "Timeout
 Scanning %1 -- no tables", comment=0x2aaaadd47100 "") at
 kernel/qtranslator.cpp:1021
 #9  0x00002aaaad84cfc8 in QApplication::translate (this=0x7fff143e1310,
 context=0x2aaaaddf3943 "QObject", sourceText=0x2aaaab3f3f18 "Timeout
 Scanning %1 -- no tables", comment=0x0,
 encoding=QApplication::DefaultCodec) at kernel/qapplication.cpp:3056
 #10 0x00002aaaadceb216 in QObject::tr (s=0x2aaaab3f3f18 "Timeout Scanning
 %1 -- no tables", c=0x0) at .moc/debug-shared-mt/moc_qobject.cpp:35
 #11 0x00002aaaab202569 in SIScan::HasTimedOut (this=0x1634640) at
 siscan.cpp:611
 #12 0x00002aaaab2060a3 in SIScan::HandleActiveScan (this=0x1634640) at
 siscan.cpp:646
 #13 0x00002aaaab206538 in SIScan::RunScanner (this=0x1634640) at
 siscan.cpp:593
 #14 0x00002aaaab20658d in SIScan::SpawnScanner (param=0x1634640) at
 siscan.cpp:568
 #15 0x00000035b1e06305 in start_thread () from /lib64/libpthread.so.0
 #16 0x00000035aeecd50d in clone () from /lib64/libc.so.6
 #17 0x0000000000000000 in ?? ()
 (gdb)
 }}}


 Having stepped up and down through the stack in GDB trying to work out
 what's going on here, I'm pretty convinced that this is down to the
 QShared struct/class in QT not being reentrant.  Please check out
 src/tools/qshared.h from the QT 3.3.7 distribution, I think there's a race
 on the reference count in the QShared structure, which is causing a
 repeated attempt to delete the shared data in QGArray::~QGArray.  Note
 that in QT4, qshared.h has been replaced with qshareddata.cpp, in which
 the "count" member of QShared (which used to be an int in QT3) has been
 replaced with the memeber "ref" of type QAtomic - suggesting that race
 conditions on shared data was a problem, but has been fixed in QT4.

 There's not a lot we can do about this from Myth, except looking at how we
 are using the translation functions and seeing if we can avoid reentrancy.
 Any hints in that direction?

-- 
Ticket URL: <http://svn.mythtv.org/trac/ticket/2735#comment:5>
MythTV <http://www.mythtv.org/>
MythTV


More information about the mythtv-commits mailing list