View Issue Details

IDProjectCategoryView StatusLast Update
0002470ardourbugspublic2010-04-24 10:32
Reporterigyn Assigned To 
PrioritynormalSeveritycrashReproducibilityalways
Status acknowledgedResolutionopen 
Product Version2.5 
Summary0002470: opening existing session results in segmentation fault in libart memset
DescriptionI've saved my ardour session and now whenever I open it it crashes with segfault.
I can see that GUI is being drawn but when ardour log is displayed it crashes.

Here's gdb session and the backtrace I got from debugger:

igyn@sound:~/sources/ardour-2.5/gtk2_ardour$ ./ardbg
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(gdb) run
Starting program: /home/igyn/sources/ardour-2.5/gtk2_ardour/ardour-2.5
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
Ardour/GTK 2.5
   (built using 3525 and GCC version 4.3.2)
Copyright (C) 1999-2008 Paul Davis
Some portions Copyright (C) Steve Harris, Ari Johnson, Brett Viren, Joel Baker

Ardour comes with ABSOLUTELY NO WARRANTY
not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
This is free software, and you are welcome to redistribute it
under certain conditions; see the source for copying conditions.
[New Thread 0x2acc1a07de10 (LWP 4409)]
loading default ui configuration file gtk2_ardour/ardour2_ui_default.conf
loading user ui configuration file /home/igyn/.ardour2/ardour2_ui.conf
Loading ui configuration file gtk2_ardour/ardour2_ui_dark.rc
theme_init() called from internal clearlooks engine
ardour: [INFO]: Ardour will be limited to 1024 open files
loading system configuration file ./ardour_system.rc
loading user configuration file /home/igyn/.ardour2/ardour.rc
ardour: [INFO]: Using SSE optimized routines
[New Thread 0x40800950 (LWP 4416)]
[New Thread 0x41001950 (LWP 4417)]
[New Thread 0x41802950 (LWP 4418)]
ardour: [INFO]: looking for control protocols in /home/igyn/.ardour2/surfaces/:/usr/local/lib64/ardour2/surfaces/
powermate: Opening of powermate failed - No such file or directory
ardour: [INFO]: Control protocol powermate not usable
ardour: [INFO]: Control surface protocol discovered: "Mackie"
ardour: [INFO]: Control surface protocol discovered: "Generic MIDI"
SSE2 detected
Gtk-Message: (for origin information, set GTK_DEBUG): failed to retrieve property `GtkWidget::cursor-color' of type `GdkColor' from rc file value "((GString*) 0x13d2520)" of type `GString'
SSE2 detected
loading bindings from /home/igyn/.ardour2/ardour.bindings
[New Thread 0x42003950 (LWP 4424)]
Copyright (C) 1999-2008 Paul Davis
Some portions Copyright (C) Steve Harris, Ari Johnson, Brett Viren, Joel Baker

Ardour comes with ABSOLUTELY NO WARRANTY
not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
This is free software, and you are welcome to redistribute it
under certain conditions; see the source for copying conditions.
[New Thread 0x2acc1a07de10 (LWP 4409)]
loading default ui configuration file gtk2_ardour/ardour2_ui_default.conf
loading user ui configuration file /home/igyn/.ardour2/ardour2_ui.conf
Loading ui configuration file gtk2_ardour/ardour2_ui_dark.rc
theme_init() called from internal clearlooks engine
ardour: [INFO]: Ardour will be limited to 1024 open files
loading system configuration file ./ardour_system.rc
loading user configuration file /home/igyn/.ardour2/ardour.rc
ardour: [INFO]: Using SSE optimized routines
[New Thread 0x40800950 (LWP 4416)]
[New Thread 0x41001950 (LWP 4417)]
[New Thread 0x41802950 (LWP 4418)]
ardour: [INFO]: looking for control protocols in /home/igyn/.ardour2/surfaces/:/usr/local/lib64/ardour2/surfaces/
powermate: Opening of powermate failed - No such file or directory
ardour: [INFO]: Control protocol powermate not usable
ardour: [INFO]: Control surface protocol discovered: "Mackie"
ardour: [INFO]: Control surface protocol discovered: "Generic MIDI"
SSE2 detected
Gtk-Message: (for origin information, set GTK_DEBUG): failed to retrieve property `GtkWidget::cursor-color' of type `GdkColor' from rc file value "((GString*) 0x13d2520)" of type `GString'
SSE2 detected
loading bindings from /home/igyn/.ardour2/ardour.bindings
[New Thread 0x42003950 (LWP 4424)]
[New Thread 0x4207da70 (LWP 4425)]
Loading session /home/igyn/mjusic/feedback/nahravanie-demo2008/again6 using snapshot again6 (1)
[New Thread 0x420f8a70 (LWP 4427)]
[New Thread 0x42173a70 (LWP 4428)]
Loading history from '/home/igyn/mjusic/feedback/nahravanie-demo2008/again6/again6.history'.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x2acc1a07de10 (LWP 4409)]
0x00002acc13d57520 in memset () from /lib/libc.so.6
(gdb) bt
#0 0x00002acc13d57520 in memset () from /lib/libc.so.6
0000001 0x00002acc112bddba in art_uta_new () from /usr/lib/libart_lgpl_2.so.2
#2 0x00002acc112bec50 in art_uta_from_vpath () from /usr/lib/libart_lgpl_2.so.2
#3 0x00002acc112bedce in art_uta_from_svp () from /usr/lib/libart_lgpl_2.so.2
0000004 0x00002acc1109600d in gnome_canvas_update_svp () from /usr/lib/libgnomecanvas-2.so.0
0000005 0x00002acc11096095 in gnome_canvas_item_update_svp () from /usr/lib/libgnomecanvas-2.so.0
#6 0x00002acc1108b87a in ?? () from /usr/lib/libgnomecanvas-2.so.0
#7 0x00002acc11504888 in Gnome::Canvas::Item::update_vfunc (this=0x366fd10, affine=0x7fff9e760830, clip_path=0x0, flags=3) at libs/libgnomecanvasmm/libgnomecanvasmm/item.cc:804
0000008 0x00002acc11506151 in Gnome::Canvas::Item_Class::update_vfunc_callback (self=0x365ba00, affine=0x7fff9e760830, clip_path=0x0, flags=3) at libs/libgnomecanvasmm/libgnomecanvasmm/item.cc:255
0000009 0x00002acc110980f8 in ?? () from /usr/lib/libgnomecanvas-2.so.0
0000010 0x00002acc1109ca5e in ?? () from /usr/lib/libgnomecanvas-2.so.0
0000011 0x00002acc11504888 in Gnome::Canvas::Item::update_vfunc (this=0x366fcd0, affine=0x7fff9e7609b0, clip_path=0x0, flags=3) at libs/libgnomecanvasmm/libgnomecanvasmm/item.cc:804
0000012 0x00002acc11506151 in Gnome::Canvas::Item_Class::update_vfunc_callback (self=0x3660f40, affine=0x7fff9e7609b0, clip_path=0x0, flags=3) at libs/libgnomecanvasmm/libgnomecanvasmm/item.cc:255
0000013 0x00002acc110980f8 in ?? () from /usr/lib/libgnomecanvas-2.so.0
0000014 0x00002acc1109ca5e in ?? () from /usr/lib/libgnomecanvas-2.so.0
#15 0x00002acc11504888 in Gnome::Canvas::Item::update_vfunc (this=0x366d000, affine=0x7fff9e760b30, clip_path=0x0, flags=3) at libs/libgnomecanvasmm/libgnomecanvasmm/item.cc:804
0000016 0x00002acc11506151 in Gnome::Canvas::Item_Class::update_vfunc_callback (self=0x3660df0, affine=0x7fff9e760b30, clip_path=0x0, flags=3) at libs/libgnomecanvasmm/libgnomecanvasmm/item.cc:255
#17 0x00002acc110980f8 in ?? () from /usr/lib/libgnomecanvas-2.so.0
0000018 0x00002acc1109ca5e in ?? () from /usr/lib/libgnomecanvas-2.so.0
0000019 0x00002acc11504888 in Gnome::Canvas::Item::update_vfunc (this=0x2b85490, affine=0x7fff9e760cb0, clip_path=0x0, flags=1) at libs/libgnomecanvasmm/libgnomecanvasmm/item.cc:804
0000020 0x00002acc11506151 in Gnome::Canvas::Item_Class::update_vfunc_callback (self=0x2b84a30, affine=0x7fff9e760cb0, clip_path=0x0, flags=1) at libs/libgnomecanvasmm/libgnomecanvasmm/item.cc:255
0000021 0x00002acc110980f8 in ?? () from /usr/lib/libgnomecanvas-2.so.0
0000022 0x00002acc1109ca5e in ?? () from /usr/lib/libgnomecanvas-2.so.0
0000023 0x00002acc11504888 in Gnome::Canvas::Item::update_vfunc (this=0x2b87ef0, affine=0x7fff9e760e30, clip_path=0x0, flags=1) at libs/libgnomecanvasmm/libgnomecanvasmm/item.cc:804
#24 0x00002acc11506151 in Gnome::Canvas::Item_Class::update_vfunc_callback (self=0x2b84870, affine=0x7fff9e760e30, clip_path=0x0, flags=1) at libs/libgnomecanvasmm/libgnomecanvasmm/item.cc:255
0000025 0x00002acc110980f8 in ?? () from /usr/lib/libgnomecanvas-2.so.0
0000026 0x00002acc1109ca5e in ?? () from /usr/lib/libgnomecanvas-2.so.0
0000027 0x00002acc110980f8 in ?? () from /usr/lib/libgnomecanvas-2.so.0
0000028 0x00002acc11099192 in ?? () from /usr/lib/libgnomecanvas-2.so.0
0000029 0x00002acc1109a0b0 in ?? () from /usr/lib/libgnomecanvas-2.so.0
0000030 0x00002acc0ea7778b in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
0000031 0x00002acc0ea7af5d in ?? () from /usr/lib/libglib-2.0.so.0
0000032 0x00002acc0ea7b11b in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
0000033 0x00002acc0f0ca511 in gtk_main_iteration () from /usr/lib/libgtk-x11-2.0.so.0
0000034 0x00002acc109e77fd in Gtkmm2ext::UI::flush_pending (this=0x1104670) at libs/gtkmm2ext/gtk_ui.cc:608
0000035 0x000000000083c41d in ARDOUR_UI::goto_editor_window (this=0x1104670) at gtk2_ardour/ardour_ui_dependents.cc:102
0000036 0x0000000000810c3b in ARDOUR_UI::load_session (this=0x1104670, path=@0x7fff9e761510, snap_name=@0x7fff9e761520, mix_template=
          {static npos = 18446744073709551615, string_ = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x7fff9e761600 "\030 ?\023?"}}}) at gtk2_ardour/ardour_ui.cc:2493
0000037 0x0000000000822f19 in ARDOUR_UI::get_session_parameters (this=0x1104670, backend_audio_is_running=true, should_be_new=false) at gtk2_ardour/ardour_ui.cc:2361
0000038 0x00000000008232d0 in ARDOUR_UI::startup (this=0x1104670) at gtk2_ardour/ardour_ui.cc:640
0000039 0x0000000000804809 in sigc::bound_mem_functor0<void, ARDOUR_UI>::operator() (this=0x13a5188) at libs/sigc++2/sigc++/functors/mem_fun.h:1787
0000040 0x0000000000804825 in sigc::adaptor_functor<sigc::bound_mem_functor0<void, ARDOUR_UI> >::operator() (this=0x13a5180) at libs/sigc++2/sigc++/adaptors/adaptor_trait.h:251
0000041 0x0000000000804848 in sigc::internal::slot_call0<sigc::bound_mem_functor0<void, ARDOUR_UI>, void>::call_it (rep=0x13a5150) at libs/sigc++2/sigc++/functors/slot.h:103
0000042 0x0000000000830fa3 in sigc::internal::signal_emit0<void, sigc::nil>::emit (impl=0x139ebe0) at libs/sigc++2/sigc++/signal.h:772
0000043 0x0000000000831087 in sigc::signal0<void, sigc::nil>::emit (this=0x11046f8) at libs/sigc++2/sigc++/signal.h:2667


Thanks for any help!
Guys, you make great software!! (I'm not ironic)
Additional InformationUsing real-time kernel, but for debugging I switched off the RT with same result. I've tried to use ardour_ui_light GUI configuration file, too, but that did not help. I assume that something wrong goes on when allocating new libart object (not sure of version of libart I have on my debian system but from source code I can see following):

art_uta_new (int x0, int y0, int x1, int y1)
{
  ArtUta *uta;
 
  uta = art_new (ArtUta, 1);
  uta->x0 = x0;
  uta->y0 = y0;
  uta->width = x1 - x0;
  uta->height = y1 - y0;
 
  uta->utiles = art_new (ArtUtaBbox, uta->width * uta->height);
 
  memset (uta->utiles, 0, uta->width * uta->height * sizeof(ArtUtaBbox));
  return uta;
}

... there's no check that uta->utiles has been succesfully allocated ... art_new is just malloc() wrapper ...

So probably this is not ardour bug, but libart's ...

I also think that this could be related to maximum memory allocatable to ardour's process (threads). Some limit or similar ... Should I check that area, too (how)?
TagsNo tags attached.

Activities

igyn

2008-11-27 10:31

reporter   ~0005386

Hello again!
I've done some steps that helped me to find out what actually has happened.

My assumption was correct - segfault came out from not handling the (probably) NULL pointer returned from art_uta_new() call. I've patched libart's source that it checks if uta->utiles != NULL and memset() when it's not NULL.

With this I could launch ardour and examine further. What I've seen was quite terrible (seems that my session.ardour file was corrupted somehow i.e. i've lost all effects configuration on every track and I could not see any ins/outs of everyt track in track/bus inspector - i guess due to some crash before). More relevant to our problem was the fact, that 'end' mark was really REALLY far at the 'infinity' ... this could cause that when allocating memory for graphical object that represents time line was way too big and system refused to allocate that much thus returned NULL.

So, it's obvious that's not an ardour's bug. This bug's in libart_lgpl. Question is - do they think that not checking result of memory allocation speeds up their library or what? Don't know whether they assume 'every-time-success' allocation in the rest of theirs code.

Anyway thanks for acknowledging this bug and hope this helps other's when seeing same behaviour. You can close this bug and probably 'blame' libart's people for this :-)

Wish you success with Ardour!

paul

2008-11-30 21:00

administrator   ~0005401

Its not a bug in libart_lgpl. Its a bug in ardour. Certainly, libart's behaviour here is not ideal, but its not actually responsible for the crash.

It has probably been fixed in either 2.6 or 2.7. I suggest you upgrade. Please let us know if it persists.

Issue History

Date Modified Username Field Change
2008-11-25 12:31 igyn New Issue
2008-11-25 16:28 seablade Status new => acknowledged
2008-11-27 10:31 igyn Note Added: 0005386
2008-11-30 21:00 paul Note Added: 0005401
2010-04-24 10:28 cth103 Category bugs => bugs2
2010-04-24 10:32 cth103 Category bugs2 => bugs