Invalid write of size 1 in releaseImage #175
Comments
|
Also seeing some invalid reads ==17== Invalid read of size 8
==17== at 0x19AED72F: releaseImage (view-backend-exportable-fdo-egl.cpp:252)
==17== by 0x19AED72F: wpe_view_backend_exportable_fdo_egl_dispatch_release_exported_image (view-backend-exportable-fdo-egl.cpp:334)
==17== by 0x1B5D769E: render (in /app/webkit/WebKitBuild/Debug/Tools/cog-prefix/src/cog-build/modules/libcogplatform-gtk4.so)
==17== by 0x1B69DB90: _gtk_marshal_BOOLEAN__OBJECTv (gtkmarshalers.c:876)
==17== by 0x15F18228: _g_closure_invoke_va (gclosure.c:893)
==17== by 0x15F30E4A: g_signal_emit_valist (gsignal.c:3406)
==17== by 0x15F31D62: g_signal_emit (gsignal.c:3553)
==17== by 0x1B7865F8: gtk_gl_area_snapshot (gtkglarea.c:729)
==17== by 0x1B8F38BE: gtk_widget_create_render_node (gtkwidget.c:11587)
==17== by 0x1B8F6783: gtk_widget_do_snapshot (gtkwidget.c:11622)
==17== by 0x1B903452: gtk_widget_snapshot_child (gtkwidget.c:12043)
==17== by 0x1B9034DD: gtk_widget_real_snapshot (gtkwidget.c:734)
==17== by 0x1B8F38BE: gtk_widget_create_render_node (gtkwidget.c:11587)
==17== by 0x1B8F6783: gtk_widget_do_snapshot (gtkwidget.c:11622)
==17== by 0x1B903452: gtk_widget_snapshot_child (gtkwidget.c:12043)
==17== by 0x1B9034DD: gtk_widget_real_snapshot (gtkwidget.c:734)
==17== by 0x1B8F3C95: gtk_widget_create_render_node (gtkwidget.c:11582)
==17== by 0x1B8F6783: gtk_widget_do_snapshot (gtkwidget.c:11622)
==17== by 0x1B902C72: gtk_widget_snapshot (gtkwidget.c:11644)
==17== by 0x1B902C72: gtk_widget_render (gtkwidget.c:11676)
==17== by 0x1B90A118: surface_render (gtkwindow.c:4733)
==17== by 0x1BA02E57: _gdk_marshal_BOOLEAN__BOXEDv (gdkmarshalers.c:130)
==17== by 0x15F18228: _g_closure_invoke_va (gclosure.c:893)
==17== by 0x15F30E4A: g_signal_emit_valist (gsignal.c:3406)
==17== by 0x15F31D62: g_signal_emit (gsignal.c:3553)
==17== by 0x1BA2D942: gdk_surface_process_updates_internal (gdksurface.c:1348)
==17== by 0x1BA2D942: gdk_surface_paint_on_clock (gdksurface.c:1436)
==17== by 0x15F18228: _g_closure_invoke_va (gclosure.c:893)
==17== by 0x15F31B47: g_signal_emit_valist (gsignal.c:3406)
==17== by 0x15F31D62: g_signal_emit (gsignal.c:3553)
==17== by 0x1BA1E72D: gdk_frame_clock_paint_idle (gdkframeclockidle.c:605)
==17== by 0x15FB7E27: g_timeout_dispatch (gmain.c:4933)
==17== by 0x15FB7293: g_main_dispatch (gmain.c:3381)
==17== by 0x15FB7293: g_main_context_dispatch (gmain.c:4099)
==17== by 0x15FB7637: g_main_context_iterate.constprop.0 (gmain.c:4175)
==17== by 0x15FB7702: g_main_context_iteration (gmain.c:4240)
==17== by 0x15DFD7C4: g_application_run (gapplication.c:2569)
==17== by 0x10DDE2: main (in /app/webkit/WebKitBuild/Debug/Tools/cog-prefix/src/cog-build/cog)
==17== Address 0x1fac1fe8 is 24 bytes inside a block of size 56 free'd
==17== at 0x48438AF: operator delete(void*) (vg_replace_malloc.c:923)
==17== by 0x1A8674F5: wl_priv_signal_final_emit (wayland-server.c:2221)
==17== by 0x1A8674F5: destroy_resource (wayland-server.c:724)
==17== by 0x1A867C24: wl_resource_destroy (wayland-server.c:744)
==17== by 0x1A099FE4: ffi_call_unix64 (unix64.S:101)
==17== by 0x1A0993F5: ffi_call_int (ffi64.c:669)
==17== by 0x1A86D2A1: wl_closure_invoke (connection.c:1025)
==17== by 0x1A868216: wl_client_connection_data (wayland-server.c:437)
==17== by 0x1A86B019: wl_event_loop_dispatch (event-loop.c:1027)
==17== by 0x19AEE772: operator() (ws.cpp:77)
==17== by 0x19AEE772: WS::ServerSource::{lambda(_GSource*, int (*)(void*), void*)#3}::_FUN(_GSource*, int (*)(void*), void*) (ws.cpp:86)
==17== by 0x15FB738A: g_main_dispatch (gmain.c:3381)
==17== by 0x15FB738A: g_main_context_dispatch (gmain.c:4099)
==17== by 0x15FB7637: g_main_context_iterate.constprop.0 (gmain.c:4175)
==17== by 0x15FB7702: g_main_context_iteration (gmain.c:4240)
==17== by 0x15DFD7C4: g_application_run (gapplication.c:2569)
==17== by 0x10DDE2: main (in /app/webkit/WebKitBuild/Debug/Tools/cog-prefix/src/cog-build/cog)
==17== Block was alloc'd at
==17== at 0x4841013: operator new(unsigned long) (vg_replace_malloc.c:422)
==17== by 0x19AED3AA: exportBuffer (view-backend-exportable-fdo-egl.cpp:212)
==17== by 0x19AED3AA: (anonymous namespace)::ClientBundleEGL::exportBuffer(linux_dmabuf_buffer const*) (view-backend-exportable-fdo-egl.cpp:201)
==17== by 0x1A099FE4: ffi_call_unix64 (unix64.S:101)
==17== by 0x1A0993F5: ffi_call_int (ffi64.c:669)
==17== by 0x1A86D2A1: wl_closure_invoke (connection.c:1025)
==17== by 0x1A868216: wl_client_connection_data (wayland-server.c:437)
==17== by 0x1A86B019: wl_event_loop_dispatch (event-loop.c:1027)
==17== by 0x19AEE772: operator() (ws.cpp:77)
==17== by 0x19AEE772: WS::ServerSource::{lambda(_GSource*, int (*)(void*), void*)#3}::_FUN(_GSource*, int (*)(void*), void*) (ws.cpp:86)
==17== by 0x15FB738A: g_main_dispatch (gmain.c:3381)
==17== by 0x15FB738A: g_main_context_dispatch (gmain.c:4099)
==17== by 0x15FB7637: g_main_context_iterate.constprop.0 (gmain.c:4175)
==17== by 0x15FB7702: g_main_context_iteration (gmain.c:4240)
==17== by 0x15DFD7C4: g_application_run (gapplication.c:2569)
==17== by 0x10DDE2: main (in /app/webkit/WebKitBuild/Debug/Tools/cog-prefix/src/cog-build/cog)
==17== ==17== Invalid read of size 8
==17== at 0x19AED755: deleteImage (view-backend-exportable-fdo-egl.cpp:287)
==17== by 0x19AED755: releaseImage (view-backend-exportable-fdo-egl.cpp:255)
==17== by 0x19AED755: wpe_view_backend_exportable_fdo_egl_dispatch_release_exported_image (view-backend-exportable-fdo-egl.cpp:334)
==17== by 0x1B5D769E: render (in /app/webkit/WebKitBuild/Debug/Tools/cog-prefix/src/cog-build/modules/libcogplatform-gtk4.so)
==17== by 0x1B69DB90: _gtk_marshal_BOOLEAN__OBJECTv (gtkmarshalers.c:876)
==17== by 0x15F18228: _g_closure_invoke_va (gclosure.c:893)
==17== by 0x15F30E4A: g_signal_emit_valist (gsignal.c:3406)
==17== by 0x15F31D62: g_signal_emit (gsignal.c:3553)
==17== by 0x1B7865F8: gtk_gl_area_snapshot (gtkglarea.c:729)
==17== by 0x1B8F38BE: gtk_widget_create_render_node (gtkwidget.c:11587)
==17== by 0x1B8F6783: gtk_widget_do_snapshot (gtkwidget.c:11622)
==17== by 0x1B903452: gtk_widget_snapshot_child (gtkwidget.c:12043)
==17== by 0x1B9034DD: gtk_widget_real_snapshot (gtkwidget.c:734)
==17== by 0x1B8F38BE: gtk_widget_create_render_node (gtkwidget.c:11587)
==17== by 0x1B8F6783: gtk_widget_do_snapshot (gtkwidget.c:11622)
==17== by 0x1B903452: gtk_widget_snapshot_child (gtkwidget.c:12043)
==17== by 0x1B9034DD: gtk_widget_real_snapshot (gtkwidget.c:734)
==17== by 0x1B8F3C95: gtk_widget_create_render_node (gtkwidget.c:11582)
==17== by 0x1B8F6783: gtk_widget_do_snapshot (gtkwidget.c:11622)
==17== by 0x1B902C72: gtk_widget_snapshot (gtkwidget.c:11644)
==17== by 0x1B902C72: gtk_widget_render (gtkwidget.c:11676)
==17== by 0x1B90A118: surface_render (gtkwindow.c:4733)
==17== by 0x1BA02E57: _gdk_marshal_BOOLEAN__BOXEDv (gdkmarshalers.c:130)
==17== by 0x15F18228: _g_closure_invoke_va (gclosure.c:893)
==17== by 0x15F30E4A: g_signal_emit_valist (gsignal.c:3406)
==17== by 0x15F31D62: g_signal_emit (gsignal.c:3553)
==17== by 0x1BA2D942: gdk_surface_process_updates_internal (gdksurface.c:1348)
==17== by 0x1BA2D942: gdk_surface_paint_on_clock (gdksurface.c:1436)
==17== by 0x15F18228: _g_closure_invoke_va (gclosure.c:893)
==17== by 0x15F31B47: g_signal_emit_valist (gsignal.c:3406)
==17== by 0x15F31D62: g_signal_emit (gsignal.c:3553)
==17== by 0x1BA1E72D: gdk_frame_clock_paint_idle (gdkframeclockidle.c:605)
==17== by 0x15FB7E27: g_timeout_dispatch (gmain.c:4933)
==17== by 0x15FB7293: g_main_dispatch (gmain.c:3381)
==17== by 0x15FB7293: g_main_context_dispatch (gmain.c:4099)
==17== by 0x15FB7637: g_main_context_iterate.constprop.0 (gmain.c:4175)
==17== by 0x15FB7702: g_main_context_iteration (gmain.c:4240)
==17== by 0x15DFD7C4: g_application_run (gapplication.c:2569)
==17== by 0x10DDE2: main (in /app/webkit/WebKitBuild/Debug/Tools/cog-prefix/src/cog-build/cog)
==17== Address 0x1fac1fd0 is 0 bytes inside a block of size 56 free'd
==17== at 0x48438AF: operator delete(void*) (vg_replace_malloc.c:923)
==17== by 0x1A8674F5: wl_priv_signal_final_emit (wayland-server.c:2221)
==17== by 0x1A8674F5: destroy_resource (wayland-server.c:724)
==17== by 0x1A867C24: wl_resource_destroy (wayland-server.c:744)
==17== by 0x1A099FE4: ffi_call_unix64 (unix64.S:101)
==17== by 0x1A0993F5: ffi_call_int (ffi64.c:669)
==17== by 0x1A86D2A1: wl_closure_invoke (connection.c:1025)
==17== by 0x1A868216: wl_client_connection_data (wayland-server.c:437)
==17== by 0x1A86B019: wl_event_loop_dispatch (event-loop.c:1027)
==17== by 0x19AEE772: operator() (ws.cpp:77)
==17== by 0x19AEE772: WS::ServerSource::{lambda(_GSource*, int (*)(void*), void*)#3}::_FUN(_GSource*, int (*)(void*), void*) (ws.cpp:86)
==17== by 0x15FB738A: g_main_dispatch (gmain.c:3381)
==17== by 0x15FB738A: g_main_context_dispatch (gmain.c:4099)
==17== by 0x15FB7637: g_main_context_iterate.constprop.0 (gmain.c:4175)
==17== by 0x15FB7702: g_main_context_iteration (gmain.c:4240)
==17== by 0x15DFD7C4: g_application_run (gapplication.c:2569)
==17== by 0x10DDE2: main (in /app/webkit/WebKitBuild/Debug/Tools/cog-prefix/src/cog-build/cog)
==17== Block was alloc'd at
==17== at 0x4841013: operator new(unsigned long) (vg_replace_malloc.c:422)
==17== by 0x19AED3AA: exportBuffer (view-backend-exportable-fdo-egl.cpp:212)
==17== by 0x19AED3AA: (anonymous namespace)::ClientBundleEGL::exportBuffer(linux_dmabuf_buffer const*) (view-backend-exportable-fdo-egl.cpp:201)
==17== by 0x1A099FE4: ffi_call_unix64 (unix64.S:101)
==17== by 0x1A0993F5: ffi_call_int (ffi64.c:669)
==17== by 0x1A86D2A1: wl_closure_invoke (connection.c:1025)
==17== by 0x1A868216: wl_client_connection_data (wayland-server.c:437)
==17== by 0x1A86B019: wl_event_loop_dispatch (event-loop.c:1027)
==17== by 0x19AEE772: operator() (ws.cpp:77)
==17== by 0x19AEE772: WS::ServerSource::{lambda(_GSource*, int (*)(void*), void*)#3}::_FUN(_GSource*, int (*)(void*), void*) (ws.cpp:86)
==17== by 0x15FB738A: g_main_dispatch (gmain.c:3381)
==17== by 0x15FB738A: g_main_context_dispatch (gmain.c:4099)
==17== by 0x15FB7637: g_main_context_iterate.constprop.0 (gmain.c:4175)
==17== by 0x15FB7702: g_main_context_iteration (gmain.c:4240)
==17== by 0x15DFD7C4: g_application_run (gapplication.c:2569)
==17== by 0x10DDE2: main (in /app/webkit/WebKitBuild/Debug/Tools/cog-prefix/src/cog-build/cog)
==17== |
|
And an invalid free ==17== Invalid free() / delete / delete[] / realloc()
==17== at 0x48438AF: operator delete(void*) (vg_replace_malloc.c:923)
==17== by 0x1B5D769E: render (in /app/webkit/WebKitBuild/Debug/Tools/cog-prefix/src/cog-build/modules/libcogplatform-gtk4.so)
==17== by 0x1B69DB90: _gtk_marshal_BOOLEAN__OBJECTv (gtkmarshalers.c:876)
==17== by 0x15F18228: _g_closure_invoke_va (gclosure.c:893)
==17== by 0x15F30E4A: g_signal_emit_valist (gsignal.c:3406)
==17== by 0x15F31D62: g_signal_emit (gsignal.c:3553)
==17== by 0x1B7865F8: gtk_gl_area_snapshot (gtkglarea.c:729)
==17== by 0x1B8F38BE: gtk_widget_create_render_node (gtkwidget.c:11587)
==17== by 0x1B8F6783: gtk_widget_do_snapshot (gtkwidget.c:11622)
==17== by 0x1B903452: gtk_widget_snapshot_child (gtkwidget.c:12043)
==17== by 0x1B9034DD: gtk_widget_real_snapshot (gtkwidget.c:734)
==17== by 0x1B8F38BE: gtk_widget_create_render_node (gtkwidget.c:11587)
==17== by 0x1B8F6783: gtk_widget_do_snapshot (gtkwidget.c:11622)
==17== by 0x1B903452: gtk_widget_snapshot_child (gtkwidget.c:12043)
==17== by 0x1B9034DD: gtk_widget_real_snapshot (gtkwidget.c:734)
==17== by 0x1B8F3C95: gtk_widget_create_render_node (gtkwidget.c:11582)
==17== by 0x1B8F6783: gtk_widget_do_snapshot (gtkwidget.c:11622)
==17== by 0x1B902C72: gtk_widget_snapshot (gtkwidget.c:11644)
==17== by 0x1B902C72: gtk_widget_render (gtkwidget.c:11676)
==17== by 0x1B90A118: surface_render (gtkwindow.c:4733)
==17== by 0x1BA02E57: _gdk_marshal_BOOLEAN__BOXEDv (gdkmarshalers.c:130)
==17== by 0x15F18228: _g_closure_invoke_va (gclosure.c:893)
==17== by 0x15F30E4A: g_signal_emit_valist (gsignal.c:3406)
==17== by 0x15F31D62: g_signal_emit (gsignal.c:3553)
==17== by 0x1BA2D942: gdk_surface_process_updates_internal (gdksurface.c:1348)
==17== by 0x1BA2D942: gdk_surface_paint_on_clock (gdksurface.c:1436)
==17== by 0x15F18228: _g_closure_invoke_va (gclosure.c:893)
==17== by 0x15F31B47: g_signal_emit_valist (gsignal.c:3406)
==17== by 0x15F31D62: g_signal_emit (gsignal.c:3553)
==17== by 0x1BA1E72D: gdk_frame_clock_paint_idle (gdkframeclockidle.c:605)
==17== by 0x15FB7E27: g_timeout_dispatch (gmain.c:4933)
==17== by 0x15FB7293: g_main_dispatch (gmain.c:3381)
==17== by 0x15FB7293: g_main_context_dispatch (gmain.c:4099)
==17== by 0x15FB7637: g_main_context_iterate.constprop.0 (gmain.c:4175)
==17== by 0x15FB7702: g_main_context_iteration (gmain.c:4240)
==17== by 0x15DFD7C4: g_application_run (gapplication.c:2569)
==17== by 0x10DDE2: main (in /app/webkit/WebKitBuild/Debug/Tools/cog-prefix/src/cog-build/cog)
==17== Address 0x1fac1fd0 is 0 bytes inside a block of size 56 free'd
==17== at 0x48438AF: operator delete(void*) (vg_replace_malloc.c:923)
==17== by 0x1A8674F5: wl_priv_signal_final_emit (wayland-server.c:2221)
==17== by 0x1A8674F5: destroy_resource (wayland-server.c:724)
==17== by 0x1A867C24: wl_resource_destroy (wayland-server.c:744)
==17== by 0x1A099FE4: ffi_call_unix64 (unix64.S:101)
==17== by 0x1A0993F5: ffi_call_int (ffi64.c:669)
==17== by 0x1A86D2A1: wl_closure_invoke (connection.c:1025)
==17== by 0x1A868216: wl_client_connection_data (wayland-server.c:437)
==17== by 0x1A86B019: wl_event_loop_dispatch (event-loop.c:1027)
==17== by 0x19AEE772: operator() (ws.cpp:77)
==17== by 0x19AEE772: WS::ServerSource::{lambda(_GSource*, int (*)(void*), void*)#3}::_FUN(_GSource*, int (*)(void*), void*) (ws.cpp:86)
==17== by 0x15FB738A: g_main_dispatch (gmain.c:3381)
==17== by 0x15FB738A: g_main_context_dispatch (gmain.c:4099)
==17== by 0x15FB7637: g_main_context_iterate.constprop.0 (gmain.c:4175)
==17== by 0x15FB7702: g_main_context_iteration (gmain.c:4240)
==17== by 0x15DFD7C4: g_application_run (gapplication.c:2569)
==17== by 0x10DDE2: main (in /app/webkit/WebKitBuild/Debug/Tools/cog-prefix/src/cog-build/cog)
==17== Block was alloc'd at
==17== at 0x4841013: operator new(unsigned long) (vg_replace_malloc.c:422)
==17== by 0x19AED3AA: exportBuffer (view-backend-exportable-fdo-egl.cpp:212)
==17== by 0x19AED3AA: (anonymous namespace)::ClientBundleEGL::exportBuffer(linux_dmabuf_buffer const*) (view-backend-exportable-fdo-egl.cpp:201)
==17== by 0x1A099FE4: ffi_call_unix64 (unix64.S:101)
==17== by 0x1A0993F5: ffi_call_int (ffi64.c:669)
==17== by 0x1A86D2A1: wl_closure_invoke (connection.c:1025)
==17== by 0x1A868216: wl_client_connection_data (wayland-server.c:437)
==17== by 0x1A86B019: wl_event_loop_dispatch (event-loop.c:1027)
==17== by 0x19AEE772: operator() (ws.cpp:77)
==17== by 0x19AEE772: WS::ServerSource::{lambda(_GSource*, int (*)(void*), void*)#3}::_FUN(_GSource*, int (*)(void*), void*) (ws.cpp:86)
==17== by 0x15FB738A: g_main_dispatch (gmain.c:3381)
==17== by 0x15FB738A: g_main_context_dispatch (gmain.c:4099)
==17== by 0x15FB7637: g_main_context_iterate.constprop.0 (gmain.c:4175)
==17== by 0x15FB7702: g_main_context_iteration (gmain.c:4240)
==17== by 0x15DFD7C4: g_application_run (gapplication.c:2569)
==17== by 0x10DDE2: main (in /app/webkit/WebKitBuild/Debug/Tools/cog-prefix/src/cog-build/cog)
==17== |
|
Can you retest with #176 ? |
|
Tested 8302451 seems to work as well. |
clopez
added a commit
to clopez/WPEBackend-fdo
that referenced
this issue
Jun 25, 2024
…view-backend-exportable-fdo-egl Since commit b51f539 there is a memory leak each time the wl_resource is destroyed. This can be easily reproduced by repeteadly switching full-screen on/off (pressing F11 key) with Cog on Weston. The memory leak is caused because since b51f539 the wpe_fdo_egl_exported_image object is not cleaned anymore on the bufferDestroyListenerCallback callback. Commit cb6b86a fixed the leak but introduced crashes on some cases, so it was reverted. This is a new attempt at fixing this leak, this adds safeguards to ensure that the image object is not cleaned twice or with the wrong exported status. Related-to: Igalia#73 Igalia#175 Igalia#176 Igalia#178 #538
clopez
added a commit
to clopez/WPEBackend-fdo
that referenced
this issue
Jun 25, 2024
…view-backend-exportable-fdo-egl Since commit b51f539 there is a memory leak each time the wl_resource is destroyed. This can be easily reproduced by repeteadly switching full-screen on/off (pressing F11 key) with Cog on Weston. The memory leak is caused because since b51f539 the wpe_fdo_egl_exported_image object is not cleaned anymore on the bufferDestroyListenerCallback callback. Commit cb6b86a fixed the leak but introduced crashes on some cases, so it was reverted. This is a new attempt at fixing this leak, this adds safeguards to ensure that the image object is not cleaned twice or with the wrong exported status. Related-to: Igalia#73 Igalia#175 Igalia#176 Igalia#178 Related-to: Igalia/cog#538
clopez
added a commit
that referenced
this issue
Sep 11, 2024
…view-backend-exportable-fdo-egl Since commit b51f539 there is a memory leak each time the wl_resource is destroyed. This can be easily reproduced by repeteadly switching full-screen on/off (pressing F11 key) with Cog on Weston. The memory leak is caused because since b51f539 the wpe_fdo_egl_exported_image object is not cleaned anymore on the bufferDestroyListenerCallback callback. Commit cb6b86a fixed the leak but introduced crashes on some cases, so it was reverted. This is a new attempt at fixing this leak, this adds safeguards to ensure that the image object is not cleaned twice or with the wrong exported status. Related-to: #73 #175 #176 #178 Related-to: Igalia/cog#538
aperezdc
pushed a commit
that referenced
this issue
Sep 11, 2024
…view-backend-exportable-fdo-egl Since commit b51f539 there is a memory leak each time the wl_resource is destroyed. This can be easily reproduced by repeteadly switching full-screen on/off (pressing F11 key) with Cog on Weston. The memory leak is caused because since b51f539 the wpe_fdo_egl_exported_image object is not cleaned anymore on the bufferDestroyListenerCallback callback. Commit cb6b86a fixed the leak but introduced crashes on some cases, so it was reverted. This is a new attempt at fixing this leak, this adds safeguards to ensure that the image object is not cleaned twice or with the wrong exported status. Related-to: #73 #175 #176 #178 Related-to: Igalia/cog#538 (cherry picked from commit 5b1c5e4)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm seeing this get flagged by valgrind
The text was updated successfully, but these errors were encountered: