[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running
From: |
Hartmut |
Subject: |
[Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos |
Date: |
Sat, 5 Jan 2019 08:27:04 -0500 (EST) |
User-agent: |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0 |
Follow-up Comment #33, bug #48519 (project octave):
I have (using gdb for the first time):
* used Pantxo's second patch (from comment #32)
* recompiled my Octave version (still hg id 31b0761cd641) with debug symbols
(configure FFLAGS=-g CFLAGS=-g CXXFLAGS=-g --enable-address-sanitizer-flags)
as explained in the wiki
* run Octave without GUI (I couldn't interact with the Octave GUI after
starting gdb any more): ./run-octave -g
* gdb> run
* octave> compare_plot_demos ("toolkits", "qt")
* moved most of the figure windows around
This resultet in the following "last words" (which might not be a stack trace
at all):
Printing "lighting_03.png" ... [0.920596 2.110584] done
Printing "lighting_04.png" ... [0.945274 2.411876] done
Printing "lighting_05.png" ...
=================================================================
==7195==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x62d00053ba00 at pc 0x7ffff436d548 bp 0x7fffffff6500 sp 0x7fffffff64f0
READ of size 8 at 0x62d00053ba00 thread T0
#0 0x7ffff436d547 in Array<double>::xelem(long) const
liboctave/array/Array.h:459
#1 0x7ffff4baac1d in Array<double>::xelem(long, long) const
liboctave/array/Array.h:464
#2 0x7ffff5438747 in Array<double>::xelem(long, long, long) const
liboctave/array/Array.h:469
#3 0x7ffff5436371 in Array<double>::elem(long, long, long) const
liboctave/array/Array.h:524
#4 0x7ffff54333c3 in Array<double>::operator()(long, long, long) const
liboctave/array/Array.h:534
#5 0x7ffff5418bf4 in octave::opengl_renderer::set_normal(int, NDArray
const&, int, int) libinterp/corefcn/gl-render.cc:4514
#6 0x7ffff53fe04d in
octave::opengl_renderer::draw_surface(surface::properties const&)
libinterp/corefcn/gl-render.cc:2792
#7 0x7ffff53d82c4 in octave::opengl_renderer::draw(graphics_object const&,
bool) libinterp/corefcn/gl-render.cc:667
#8 0x7ffff53f10c0 in
octave::opengl_renderer::draw_axes_children(axes::properties const&)
libinterp/corefcn/gl-render.cc:2127
#9 0x7ffff53f2346 in octave::opengl_renderer::draw_axes(axes::properties
const&) libinterp/corefcn/gl-render.cc:2215
#10 0x7ffff53d7ff6 in octave::opengl_renderer::draw(graphics_object
const&, bool) libinterp/corefcn/gl-render.cc:663
#11 0x7ffff542dab4 in octave::opengl_renderer::draw(Matrix const&, bool)
libinterp/corefcn/gl-render.h:63
#12 0x7ffff53da7f1 in
octave::opengl_renderer::draw_figure(figure::properties const&)
libinterp/corefcn/gl-render.cc:727
#13 0x7ffff53d7e8f in octave::opengl_renderer::draw(graphics_object
const&, bool) libinterp/corefcn/gl-render.cc:661
#14 0x7fffbfa0017d in QtHandles::GLCanvas::draw(octave_handle const&)
libgui/graphics/GLCanvas.cc:79
#15 0x7fffbf9cd93e in QtHandles::Canvas::canvasPaintEvent()
libgui/graphics/Canvas.cc:304
#16 0x7fffbfa02503 in QtHandles::GLCanvas::paintGL()
libgui/graphics/GLCanvas.cc:218
#17 0x7fffefb0a85c
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1b385c)
#18 0x7fffefaea037 in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x193037)
#19 0x7fffefaab82b in QApplicationPrivate::notify_helper(QObject*,
QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15482b)
#20 0x7fffefab30f3 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15c0f3)
#21 0x7ffff68255f9 in octave::octave_qapplication::notify(QObject*,
QEvent*) libgui/src/main-window.cc:2783
#22 0x7fffeed2d9a7 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28a9a7)
#23 0x7fffefae3189 in QWidgetPrivate::sendPaintEvent(QRegion const&)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x18c189)
#24 0x7fffefaba703
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x163703)
#25 0x7fffefabb094
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x164094)
#26 0x7fffefad266e in QWidgetPrivate::syncBackingStore()
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x17b66e)
#27 0x7fffefaea1a7 in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1931a7)
#28 0x7fffefbfdc4a in QMainWindow::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2a6c4a)
#29 0x7fffbf9ff5d2 in QtHandles::FigureWindowBase::event(QEvent*)
libgui/graphics/FigureWindow.h:33
#30 0x7fffefaab82b in QApplicationPrivate::notify_helper(QObject*,
QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15482b)
#31 0x7fffefab30f3 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15c0f3)
#32 0x7ffff68255f9 in octave::octave_qapplication::notify(QObject*,
QEvent*) libgui/src/main-window.cc:2783
#33 0x7fffeed2d9a7 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28a9a7)
#34 0x7fffeed3011c in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28d11c)
#35 0x7fffeed872c2 (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2e42c2)
#36 0x7fffe7ae7386 in g_main_context_dispatch
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c386)
#37 0x7fffe7ae75bf (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c5bf)
#38 0x7fffe7ae764b in g_main_context_iteration
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c64b)
#39 0x7fffeed868ee in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2e38ee)
#40 0x7fffeed2b9e9 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2889e9)
#41 0x7fffeed34a83 in QCoreApplication::exec()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x291a83)
#42 0x7ffff6826f1a in octave::octave_qt_app::exec()
libgui/src/main-window.cc:2921
#43 0x7ffff6853647 in octave::gui_application::execute()
libgui/src/octave-gui.cc:64
#44 0x555555556670 in main src/main-gui.cc:103
#45 0x7ffff13f5b96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#46 0x555555555e29 in _start
(/home/hartmut-nobackup/octave-repo/src/.libs/octave-gui+0x1e29)
0x62d00053ba00 is located 0 bytes to the right of 38400-byte region
[0x62d000532400,0x62d00053ba00)
allocated by thread T8 (QThread) here:
#0 0x7ffff6efa618 in operator new[](unsigned long)
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0618)
#1 0x7ffff436b55a in Array<double>::ArrayRep::ArrayRep(long)
liboctave/array/Array.h:158
#2 0x7ffff46a8ce7 in Array<double>::Array(dim_vector const&, double
const&) liboctave/array/Array.h:273
#3 0x7ffff46a8c28 in MArray<double>::MArray(dim_vector const&, double
const&) liboctave/array/MArray.h:76
#4 0x7ffff46a8a0b in NDArray::NDArray(dim_vector const&, double)
liboctave/array/dNDArray.h:46
#5 0x7ffff5702a6f in surface::properties::update_face_normals(bool, bool)
libinterp/corefcn/graphics.cc:9871
#6 0x7ffff5798243 in surface::properties::update_normals(bool, bool)
libinterp/corefcn/graphics.h:10259
#7 0x7ffff56ef774 in axes::properties::trigger_normals_calc()
libinterp/corefcn/graphics.cc:9026
#8 0x7ffff56f792e in light::initialize(graphics_object const&)
libinterp/corefcn/graphics.cc:9297
#9 0x7ffff575a333 in graphics_object::initialize()
libinterp/corefcn/graphics.h:3093
#10 0x7ffff547be5c in xinitialize libinterp/corefcn/graphics.cc:3057
#11 0x7ffff5731426 in make_graphics_object
libinterp/corefcn/graphics.cc:12545
#12 0x7ffff57350be in F__go_light__(octave_value_list const&, int)
libinterp/corefcn/graphics.cc:12760
#13 0x7ffff4bb466f in octave_builtin::call(octave::tree_evaluator&, int,
octave_value_list const&) libinterp/octave-value/ov-builtin.cc:65
#14 0x7ffff50508df in
octave::tree_evaluator::visit_index_expression(octave::tree_index_expression&)
libinterp/parse-tree/pt-eval.cc:2007
#15 0x7ffff508b60e in
octave::tree_index_expression::accept(octave::tree_walker&)
libinterp/parse-tree/pt-idx.h:102
#16 0x7ffff4c8861d in
octave::tree_evaluator::evaluate(octave::tree_expression*, int)
libinterp/parse-tree/pt-eval.h:312
#17 0x7ffff505795e in
octave::tree_evaluator::visit_simple_assignment(octave::tree_simple_assignment&)
libinterp/parse-tree/pt-eval.cc:2680
#18 0x7ffff502ee7e in
octave::tree_simple_assignment::accept(octave::tree_walker&)
libinterp/parse-tree/pt-assign.h:84
#19 0x7ffff4c8861d in
octave::tree_evaluator::evaluate(octave::tree_expression*, int)
libinterp/parse-tree/pt-eval.h:312
#20 0x7ffff5058c47 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
libinterp/parse-tree/pt-eval.cc:2775
#21 0x7ffff50a1d56 in octave::tree_statement::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:119
#22 0x7ffff505931f in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
libinterp/parse-tree/pt-eval.cc:2844
#23 0x7ffff4c891fc in
octave::tree_statement_list::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:194
#24 0x7ffff504da49 in
octave::tree_evaluator::execute_user_function(octave_user_function&, int,
octave_value_list const&) libinterp/parse-tree/pt-eval.cc:1694
#25 0x7ffff4e34a41 in octave_user_function::call(octave::tree_evaluator&,
int, octave_value_list const&) libinterp/octave-value/ov-usr-fcn.cc:455
#26 0x7ffff50508df in
octave::tree_evaluator::visit_index_expression(octave::tree_index_expression&)
libinterp/parse-tree/pt-eval.cc:2007
#27 0x7ffff508b60e in
octave::tree_index_expression::accept(octave::tree_walker&)
libinterp/parse-tree/pt-idx.h:102
#28 0x7ffff4c8861d in
octave::tree_evaluator::evaluate(octave::tree_expression*, int)
libinterp/parse-tree/pt-eval.h:312
#29 0x7ffff5058c47 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
libinterp/parse-tree/pt-eval.cc:2775
Thread T8 (QThread) created by T0 here:
#0 0x7ffff6e51d2f in __interceptor_pthread_create
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
#1 0x7fffeeb4e665 in QThread::start(QThread::Priority)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0xab665)
SUMMARY: AddressSanitizer: heap-buffer-overflow liboctave/array/Array.h:459 in
Array<double>::xelem(long) const
Shadow bytes around the buggy address:
0x0c5a8009f6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5a8009f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5a8009f710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5a8009f720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5a8009f730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c5a8009f740:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5a8009f750: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5a8009f760: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5a8009f770: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5a8009f780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5a8009f790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==7195==ABORTING
[Thread 0x7fffafa0a700 (LWP 7303) exited]
[Thread 0x7fffaf1f3700 (LWP 7304) exited]
[Thread 0x7fffb0219700 (LWP 7302) exited]
[Thread 0x7fffc241c700 (LWP 7223) exited]
[Thread 0x7fffc2fb1700 (LWP 7220) exited]
[Thread 0x7fffc382b700 (LWP 7218) exited]
[Thread 0x7fffc52c2700 (LWP 7217) exited]
[Thread 0x7fffc5ac3700 (LWP 7216) exited]
[Thread 0x7fffd4bfd700 (LWP 7214) exited]
[Thread 0x7fffd73fe700 (LWP 7213) exited]
[Thread 0x7fffd7bff700 (LWP 7212) exited]
[Thread 0x7ffff7f68940 (LWP 7195) exited]
[Inferior 1 (process 7195) exited with code 01]
(gdb) where
No stack.
(gdb)
Sorry if this is not too helpful. But this is probably as far as I can get
with gdb. Currently I don't have the time to dig further into this topic (i.e.
using gdb to produce stack traces), and I couldn't find a simple (and working)
description how to do this.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?48519>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Hartmut, 2019/01/01
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Pantxo Diribarne, 2019/01/02
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Hartmut, 2019/01/03
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Pantxo Diribarne, 2019/01/04
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Pantxo Diribarne, 2019/01/04
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos,
Hartmut <=
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Rik, 2019/01/05
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Markus Mützel, 2019/01/05
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Dmitri A. Sergatskov, 2019/01/05
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Dmitri A. Sergatskov, 2019/01/05
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Rik, 2019/01/05
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Dmitri A. Sergatskov, 2019/01/05
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Markus Mützel, 2019/01/06
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Dmitri A. Sergatskov, 2019/01/06
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Markus Mützel, 2019/01/06
- [Octave-bug-tracker] [bug #48519] Segfault with Qt plotting when running demos, Rik, 2019/01/06