我的应用程序崩溃非常罕见(每10-15天一次)。基于核心转储回溯,它在函数cairo_pattern_destroy期间重绘UI时崩溃。
wxWidgets版本2.95 开罗版本1.8.0 Fedora核心10 LXDE窗口管理器
以下是其中一次崩溃的完整回溯。我有3个,它们都在cairo_pattern_destroy的__libc_free结束。如果有人有任何建议,将不胜感激。
#0 __libc_free (mem=0x7) at malloc.c:3599
3599 if (chunk_is_mmapped(p)) /* release mmapped memory. */
(gdb) bt
#0 __libc_free (mem=0x7) at malloc.c:3599
#1 0x00ff76d6 in cairo_pattern_destroy (pattern=0xc7b5088)
at cairo-pattern.c:738
#2 0x00fe7a5d in _cairo_gstate_fini (gstate=0xd20bc00) at cairo-gstate.c:204
#3 0x00fe7a98 in _cairo_gstate_restore (gstate=0x0, freelist=0xdb2e1f4)
at cairo-gstate.c:260
#4 0x00fe1ffd in cairo_restore (cr=0xdb2e070) at cairo.c:363
#5 0x07881fe2 in gdk_pango_renderer_draw_glyphs (renderer=0xc50d800,
font=0xa29d808, glyphs=0xceed960, x=129024, y=91136) at gdkpango.c:247
#6 0x07d345ea in pango_renderer_draw_glyphs (renderer=0xc50d800,
font=0xa29d808, glyphs=0xceed960, x=129024, y=91136)
at pango-renderer.c:639
#7 0x07d3466e in pango_renderer_default_draw_glyph_item (renderer=0xc50d800,
text=0xd411b00 "Pause", glyph_item=0xb2e11d80, x=129024, y=91136)
at pango-renderer.c:715
#8 0x07d3455a in pango_renderer_draw_glyph_item (renderer=0xc50d800,
text=0xd411b00 "Pause", glyph_item=0xb2e11d80, x=129024, y=91136)
at pango-renderer.c:703
#9 0x07d34dd3 in pango_renderer_draw_layout_line (renderer=0xc50d800,
line=0xd242648, x=129024, y=91136) at pango-renderer.c:568
#10 0x07d350e1 in pango_renderer_draw_layout (renderer=0xc50d800,
layout=0xd5a5e10, x=129024, y=77824) at pango-renderer.c:192
#11 0x07880f11 in IA__gdk_draw_layout_with_colors (drawable=0xc690580,
---Type <return> to continue, or q <return> to quit---
gc=0xa26f050, x=126, y=76, layout=0xd5a5e10, foreground=0x0,
background=0x0) at gdkpango.c:951
#12 0x078810c1 in IA__gdk_draw_layout (drawable=0xc690580, gc=0xa26f050,
x=126, y=76, layout=0xd5a5e10) at gdkpango.c:1013
#13 0x07a96e92 in gtk_default_draw_layout (style=0xa360500, window=0xc690580,
state_type=GTK_STATE_INSENSITIVE, use_text=0, area=0xcdf165c,
widget=0xd7afa60, detail=0x7c42081 "label", x=126, y=76, layout=0xda63110)
at gtkstyle.c:5084
#14 0x07a92fa2 in IA__gtk_paint_layout (style=0xa360500, window=0xc690580,
state_type=GTK_STATE_INSENSITIVE, use_text=0, area=0xcdf165c,
widget=0xd7afa60, detail=0x7c42081 "label", x=126, y=76, layout=0xda63110)
at gtkstyle.c:6401
#15 0x07a0ea9c in gtk_label_expose (widget=0xd7afa60, event=0xcdf1650)
at gtklabel.c:2848
#16 0x07a1e116 in _gtk_marshal_BOOLEAN__BOXED (closure=0xa1daae8,
return_value=0xbfae5910, n_param_values=2, param_values=0xdb00740,
invocation_hint=0xbfae58fc, marshal_data=0x7a0e990) at gtkmarshalers.c:84
#17 0x05a80959 in g_type_class_meta_marshal (closure=0xa1daae8,
return_value=0xbfae5910, n_param_values=2, param_values=0xdb00740,
invocation_hint=0xbfae58fc, marshal_data=0xc8) at gclosure.c:878
#18 0x05a82108 in IA__g_closure_invoke (closure=0xa1daae8,
return_value=0xbfae5910, n_param_values=2, param_values=0xdb00740,
invocation_hint=0xbfae58fc) at gclosure.c:767
---Type <return> to continue, or q <return> to quit---
#19 0x05a982cd in signal_emit_unlocked_R (node=0xa1dabe0, detail=0,
instance=0xd7afa60, emission_return=0xbfae5a48,
instance_and_params=0xdb00740) at gsignal.c:3282
#20 0x05a99bbb in IA__g_signal_emit_valist (instance=0xd7afa60, signal_id=38,
detail=0, var_args=0xbfae5aa0 "�Z��P\026�\f`�z\r�\225�\a`�z\rho\035\n")
at gsignal.c:2987
#21 0x05a9a1b6 in IA__g_signal_emit (instance=0xd7afa60, signal_id=38,
detail=0) at gsignal.c:3034
#22 0x07b333ae in gtk_widget_event_internal (widget=0xd7afa60, event=0xcdf1650)
at gtkwidget.c:4745
#23 0x079941a3 in IA__gtk_container_propagate_expose (container=0xc050930,
child=0xd7afa60, event=0xda6fdf8) at gtkcontainer.c:2687
#24 0x079941d1 in gtk_container_expose_child (child=0xd7afa60,
client_data=0xbfae5b68) at gtkcontainer.c:2575
#25 0x0795e61d in gtk_bin_forall (container=0xc050930, include_internals=1,
callback=0x79941b0 <gtk_container_expose_child>, callback_data=0xbfae5b68)
at gtkbin.c:128
#26 0x07994d66 in IA__gtk_container_forall (container=0xc050930,
callback=0x79941b0 <gtk_container_expose_child>, callback_data=0xbfae5b68)
at gtkcontainer.c:1455
#27 0x07996450 in gtk_container_expose (widget=0xc050930, event=0xda6fdf8)
at gtkcontainer.c:2598
#28 0x079689b1 in gtk_button_expose (widget=0xc050930, event=0xda6fdf8)
---Type <return> to continue, or q <return> to quit---
at gtkbutton.c:1348
#29 0x07a1e116 in _gtk_marshal_BOOLEAN__BOXED (closure=0xa1daae8,
return_value=0xbfae5d70, n_param_values=2, param_values=0xd6b2140,
invocation_hint=0xbfae5d5c, marshal_data=0x7968930) at gtkmarshalers.c:84
#30 0x05a80959 in g_type_class_meta_marshal (closure=0xa1daae8,
return_value=0xbfae5d70, n_param_values=2, param_values=0xd6b2140,
invocation_hint=0xbfae5d5c, marshal_data=0xc8) at gclosure.c:878
#31 0x05a82108 in IA__g_closure_invoke (closure=0xa1daae8,
return_value=0xbfae5d70, n_param_values=2, param_values=0xd6b2140,
invocation_hint=0xbfae5d5c) at gclosure.c:767
#32 0x05a982cd in signal_emit_unlocked_R (node=0xa1dabe0, detail=0,
instance=0xc050930, emission_return=0xbfae5ea8,
instance_and_params=0xd6b2140) at gsignal.c:3282
#33 0x05a99bbb in IA__g_signal_emit_valist (instance=0xc050930, signal_id=38,
detail=0,
var_args=0xbfae5f00 "\030_�����\r0\t\005\f�\225�\a0\t\005\fho\035\n")
at gsignal.c:2987
#34 0x05a9a1b6 in IA__g_signal_emit (instance=0xc050930, signal_id=38,
detail=0) at gsignal.c:3034
#35 0x07b333ae in gtk_widget_event_internal (widget=0xc050930, event=0xda6fdf8)
at gtkwidget.c:4745
#36 0x079941a3 in IA__gtk_container_propagate_expose (container=0xc010228,
child=0xc050930, event=0xbfae63f4) at gtkcontainer.c:2687
---Type <return> to continue, or q <return> to quit---
#37 0x079941d1 in gtk_container_expose_child (child=0xc050930,
client_data=0xbfae5fd8) at gtkcontainer.c:2575
#38 0x079d2f79 in gtk_fixed_forall (container=0xc010228, include_internals=1,
callback=0x79941b0 <gtk_container_expose_child>, callback_data=0xbfae5fd8)
at gtkfixed.c:449
#39 0x07994d66 in IA__gtk_container_forall (container=0xc010228,
callback=0x79941b0 <gtk_container_expose_child>, callback_data=0xbfae5fd8)
at gtkcontainer.c:1455
#40 0x07996450 in gtk_container_expose (widget=0xc010228, event=0xbfae63f4)
at gtkcontainer.c:2598
#41 0x07a1e116 in _gtk_marshal_BOOLEAN__BOXED (closure=0xa1daae8,
return_value=0xbfae61b0, n_param_values=2, param_values=0xd1e88c8,
invocation_hint=0xbfae619c, marshal_data=0x79963b0) at gtkmarshalers.c:84
#42 0x05a80959 in g_type_class_meta_marshal (closure=0xa1daae8,
return_value=0xbfae61b0, n_param_values=2, param_values=0xd1e88c8,
invocation_hint=0xbfae619c, marshal_data=0xc8) at gclosure.c:878
#43 0x05a821db in IA__g_closure_invoke (closure=0xa1daae8,
return_value=0xbfae61b0, n_param_values=2, param_values=0xd1e88c8,
invocation_hint=0xbfae619c) at gclosure.c:767
#44 0x05a982cd in signal_emit_unlocked_R (node=0xa1dabe0, detail=0,
instance=0xc010228, emission_return=0xbfae62e8,
instance_and_params=0xd1e88c8) at gsignal.c:3282
#45 0x05a99bbb in IA__g_signal_emit_valist (instance=0xc010228, signal_id=38,
---Type <return> to continue, or q <return> to quit---
detail=0,
var_args=0xbfae6340 "Xc���c��(\002\001\f�\225�\a(\002\001\fho\035\n")
at gsignal.c:2987
#46 0x05a9a1b6 in IA__g_signal_emit (instance=0xc010228, signal_id=38,
detail=0) at gsignal.c:3034
#47 0x07b333ae in gtk_widget_event_internal (widget=0xc010228,
event=0xbfae63f4) at gtkwidget.c:4745
#48 0x07a1821d in IA__gtk_main_do_event (event=0xbfae63f4) at gtkmain.c:1553
#49 0x07892625 in gdk_window_process_updates_internal (window=0xc690580)
at gdkwindow.c:2598
#50 0x07892c3f in IA__gdk_window_process_all_updates () at gdkwindow.c:2664
#51 0x07994eff in gtk_container_idle_sizer (data=0x0) at gtkcontainer.c:1309
#52 0x078760cb in gdk_threads_dispatch (data=0xc935530) at gdk.c:473
#53 0x066122d1 in g_idle_dispatch (source=0xd663908, callback=0xffffffff,
user_data=0xc935530) at gmain.c:4235
#54 0x06614208 in g_main_dispatch () at gmain.c:2144
#55 IA__g_main_context_dispatch (context=0xa1d5508) at gmain.c:2697
#56 0x066178b3 in g_main_context_iterate (context=0xa1d5508, block=1,
dispatch=1, self=0xa1ba5e0) at gmain.c:2778
#57 0x06617dd2 in IA__g_main_loop_run (loop=0xbb03cc0) at gmain.c:2986
#58 0x07a18489 in IA__gtk_main () at gtkmain.c:1200
#59 0x006b333d in wxGUIEventLoop::DoRun ()
from /usr/local/lib/libwx_gtk2u_core-2.9.so.5
答案 0 :(得分:1)
这是一个古老的问题,因此实际上没有人会对答案感兴趣。我在较旧版本的Fedora 10 LXDE上遇到了这个问题,它具有非常相似的堆栈跟踪,并且在同一位置发生了崩溃。原来这是开罗1.8.0的设计问题。
以我的情况来看第一个框架,我看到以下代码:
734 i = solid_pattern_cache.size++ %
735 ARRAY_LENGTH (solid_pattern_cache.patterns);
736 /* swap an old pattern for this 'cache-hot' pattern */
737 if (solid_pattern_cache.patterns[i])
738 free (solid_pattern_cache.patterns[i]);
739
740 solid_pattern_cache.patterns[i] = (cairo_solid_pattern_t *) pattern;
他们正在使用具有模块化算法的计数器来将索引形成为固定大小的缓存。计数器被声明为有符号整数:
(gdb) ptype solid_pattern_cache
type = struct {
cairo_solid_pattern_t *patterns[4];
int size;
}
在我的情况下,计数器已溢出,导致高速缓存中的索引为负数。这导致尝试释放随机地址。
(gdb) p solid_pattern_cache
$2 = {patterns = {0xb441b5e0, 0xb4983688, 0xb495bf58, 0xb3978388},
size = -2147483644}
(gdb) p /x solid_pattern_cache.size
$4 = 0x80000004
我不清楚为什么不使用未签名的计数器。