[PD] Crasher bug
Roman Haefeli
reduzent at gmail.com
Sun Oct 1 22:16:36 CEST 2017
Hey all
Attached patch crashes Pd, at least on Ubuntu 16.04 amd64. Pd 0.48 and
0.47-1 seems affected, but not 0.46-7. Also, I cannot make it crash
with the current 0.48 release for Windows under Wine. I couldn't test
it on macOS, but the original patch (not this reduced one) crashes on
macOS 10.11 with Pd 0.48.
The patch doesn't do anything meaningful anymore more, since I tried to
remove anything that was not needed for the crash.
With current git master, I get the following backtrace printed to the
console, as soon as I click the bang:
$ pd -stderr -nosound -open crashtest.pd
*** Error in `pd': corrupted size vs. prev_size: 0x0000000000b5e0a0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f8f72df17e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x80dfb)[0x7f8f72dfadfb]
/lib/x86_64-linux-gnu/libc.so.6(+0x83409)[0x7f8f72dfd409]
/lib/x86_64-linux-gnu/libc.so.6(realloc+0x179)[0x7f8f72dfe839]
pd(resizebytes+0x23)[0x47d183]
pd(binbuf_text+0xf6)[0x47d3d6]
pd[0x48d561]
pd(socketreceiver_read+0x288)[0x48e6e8]
pd[0x48d8c5]
pd(m_mainloop+0x82f)[0x48a21f]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f8f72d9a830]
pd(_start+0x29)[0x4138e9]
======= Memory map: ========
... skipped ...
gdb backtrace:
(gdb) backtrace
#0 0x00007ffff6dcf428 in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff6dd102a in __GI_abort () at abort.c:89
#2 0x00007ffff6e117ea in __libc_message (do_abort=2, fmt=fmt at entry=0x7ffff6f2ae98 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff6e1adfb in malloc_printerr (ar_ptr=0x7ffff715eb20 <main_arena>, ptr=0x827c20, str=0x7ffff6f27c35 "corrupted size vs. prev_size", action=3) at malloc.c:5006
#4 _int_free (av=0x7ffff715eb20 <main_arena>, p=<optimized out>, have_lock=1) at malloc.c:4014
#5 0x00007ffff6e1d409 in _int_realloc (av=av at entry=0x7ffff715eb20 <main_arena>, oldp=oldp at entry=0x827b00, oldsize=oldsize at entry=288, nb=nb at entry=112) at malloc.c:4384
#6 0x00007ffff6e1e839 in __GI___libc_realloc (oldmem=0x827b10, bytes=96) at malloc.c:3045
#7 0x00000000004b5783 in resizebytes (old=<optimized out>, oldsize=256, newsize=<optimized out>) at m_memory.c:55
#8 0x00000000004a7ae6 in binbuf_text (x=0x7d3ba0, text=text at entry=0x7fffffffcce0 "\r\n.x7e8880 motion 39.0 78.0 0;", size=size at entry=30) at m_binbuf.c:199
#9 0x00000000004c0b15 in socketreceiver_doread (x=x at entry=0x7ef580) at s_inter.c:494
#10 0x00000000004c214c in socketreceiver_read (x=0x7ef580, fd=12) at s_inter.c:597
#11 0x00000000004c0e8e in sys_domicrosleep (microsec=<optimized out>, pollem=1) at s_inter.c:230
#12 0x00000000004c1585 in sys_microsleep (microsec=<optimized out>) at s_inter.c:254
#13 0x00000000004b9fda in m_pollingscheduler () at m_sched.c:541
#14 m_mainloop () at m_sched.c:596
#15 0x00007ffff6dba830 in __libc_start_main (main=0x414aa0 <main>, argc=6, argv=0x7fffffffe048, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe038)
at ../csu/libc-start.c:291
#16 0x0000000000414ad9 in _start ()
Roman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crashtest.zip
Type: application/zip
Size: 1377 bytes
Desc: not available
URL: <http://lists.puredata.info/pipermail/pd-list/attachments/20171001/1fc18ee0/attachment.zip>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://lists.puredata.info/pipermail/pd-list/attachments/20171001/1fc18ee0/attachment.sig>
More information about the Pd-list
mailing list