Re: Crashes in connection with annotations from Irene Vatton on 2008-02-07 (www-amaya-dev@w3.org from February 2008)

From: Irene Vatton <vatton@inrialpes.fr>
Date: Thu, 7 Feb 2008 11:57:02 +0100
To: Urs Holzer <urs@andonyar.com>
Cc: www-amaya-dev@w3.org
Message-Id: <200802071157.02594.vatton@inrialpes.fr>

On Thursday 31 January 2008 22:30, Urs Holzer wrote:
> Hi
>
> Long ago I reported this bug, however nobody took care of it. Also, the
> bug itself is quite old. It was introduced somewhere around version
> 8.5. I investigated the problem a little bit. I found out more than I
> reported last time. I ask myself why no-one else complains about this
> problem. Does nobody use the annotations functionality anymore?

I only use local annotations.
I guess the ctx->remoteAnnotIndex is already freed in 
LINK_LoadAnnotationIndex.
I hope the patch will fix the problem.
Thanks for the complete report.

>
> I observe the following:
>
> 1. When I load annotations of a page which actually has no annotations
> at all, Amaya crashes with
> *** glibc detected *** double free or corruption (!prev):
> 0x000000000427d000 ***
>
> 2. When I load annotations of a page which has at least one annotation,
> everything works well. But as soon as this page gets cleaned away,
> Amaya crashes with a segmentation fault.
> With "cleaned away" I mean the following:
> - I close the tab or window
> - I enter another URI and laod it in the same tab
> - I follow a link and load its target in the same tab
> - I close Amaya
>
> I used a debugger to make backtraces for both cases. They are attached,
> bt_1.txt and bt_2.txt
>
> Looking at the backtrace of situation 2, I see that the crash really
> happens while closing a document. I guess that something gets freed
> twice. However, Backtrace 2 does not indicate where to look for the
> problem. But backtrace 1 is interesting. There we find that
> RemoteLoad_callback at annotlib/ANNOTevent.c:591 calls TtaFreeMemory.
> This line is:
>   TtaFreeMemory (ctx->remoteAnnotIndex);
>
> I simply have commented out this line and looked what happens. And
> indeed, both crashes described above are gone. Of course this might have
> introduced a memory leak ...
>
> I give up at this point. I hope that the Amaya developers will be able
> to eliminate this bug this time.
>
> For the sake of completeness:
> I tested it on Debian Linux Etch x86 as well as x86_64.
>
> Greetings
> Urs

-- 
Irène Vatton @ INRIA Rhône-Alpes

Received on Thursday, 7 February 2008 11:00:58 UTC