Strange assert in debug mode (and segfault in release)

#1

I have an application which have a FileBrowser in a tabbed component, and the FileBrowser is browsing a directory with lots of files and so there is a scrollbar shown. If i maximise the window and then resize the internal layout of the tabbed component (thus resizing the FileBrowserComponent) i’m getting this assert from time to time:

JUCE Assertion failure in …/…/src/juce_appframework/gui/graphics/contexts/juce_EdgeTable.h, line 165

here is the back trace:

#0  0xa7f0f410 in ?? ()
#1  0xaf8ab058 in ?? ()
#2  0x00000015 in ?? ()
#3  0x081cac4e in juce::LowLevelGraphicsSoftwareRenderer::clippedFillPathWithGradient (this=0xaf8abaa4, clipX=536, clipY=22, clipW=10, clipH=514, 
    path=@0xaf8ab444, t=@0x829debc, gradient=@0xa7106e1c, quality=juce::EdgeTable::Oversampling_4times)
    at ../../src/juce_appframework/gui/graphics/contexts/juce_LowLevelGraphicsSoftwareRenderer.cpp:1332
#4  0x081cae17 in juce::LowLevelGraphicsSoftwareRenderer::fillPathWithGradient (this=0xaf8abaa4, path=@0xaf8ab444, t=@0x829debc, gradient=@0xa7106e1c, 
    quality=juce::EdgeTable::Oversampling_4times) at ../../src/juce_appframework/gui/graphics/contexts/juce_LowLevelGraphicsSoftwareRenderer.cpp:1250
#5  0x080fbd34 in juce::GradientBrush::paintPath (this=0xa7106e18, context=@0xaf8abaa4, path=@0xaf8ab444, transform=@0x829debc)
    at ../../src/juce_appframework/gui/graphics/brushes/juce_GradientBrush.cpp:88
#6  0x08103475 in juce::Graphics::fillPath (this=0xaf8aba20, path=@0xaf8ab444, transform=@0x829debc)
    at ../../src/juce_appframework/gui/graphics/contexts/juce_Graphics.cpp:423
#7  0x081886e7 in juce::LookAndFeel::drawScrollbar (this=0x82baff0, g=@0xaf8aba20, scrollbar=@0x82e3a10, x=0, y=12, width=10, height=490, 
    isScrollbarVertical=true, thumbStartPosition=12, thumbSize=274) at ../../src/juce_appframework/gui/components/lookandfeel/juce_LookAndFeel.cpp:632
#8  0x081fbfa9 in juce::ScrollBar::paint (this=0x82e3a10, g=@0xaf8aba20) at ../../src/juce_appframework/gui/components/layout/juce_ScrollBar.cpp:303
#9  0x0814301f in juce::Component::paintEntireComponent (this=0x82e3a10, originalContext=@0xaf8aba20)
    at ../../src/juce_appframework/gui/components/juce_Component.cpp:1735
#10 0x081431df in juce::Component::paintEntireComponent (this=0x82e3960, originalContext=@0xaf8aba20)
    at ../../src/juce_appframework/gui/components/juce_Component.cpp:1767
#11 0x081431df in juce::Component::paintEntireComponent (this=0x82e38a4, originalContext=@0xaf8aba20)
    at ../../src/juce_appframework/gui/components/juce_Component.cpp:1767
#12 0x081431df in juce::Component::paintEntireComponent (this=0x82e3580, originalContext=@0xaf8aba20)
    at ../../src/juce_appframework/gui/components/juce_Component.cpp:1767
#13 0x081431df in juce::Component::paintEntireComponent (this=0x82df1b8, originalContext=@0xaf8aba20)
    at ../../src/juce_appframework/gui/components/juce_Component.cpp:1767
#14 0x081431df in juce::Component::paintEntireComponent (this=0x82baf40, originalContext=@0xaf8aba20)
    at ../../src/juce_appframework/gui/components/juce_Component.cpp:1767
#15 0x081431df in juce::Component::paintEntireComponent (this=0x82b6f60, originalContext=@0xaf8aba20)
    at ../../src/juce_appframework/gui/components/juce_Component.cpp:1767
#16 0x081a37d8 in juce::ComponentPeer::handlePaint (this=0x82b7070, contextToPaintTo=@0xaf8abaa4)
    at ../../src/juce_appframework/gui/components/windows/juce_ComponentPeer.cpp:392
#17 0x081ad207 in juce::LinuxComponentPeer::LinuxRepaintManager::performAnyPendingRepaintsNow (this=0x82b8ba0)
    at platform_specific_code/juce_linux_Windowing.cpp:1762
#18 0x081ae4de in juce::LinuxComponentPeer::LinuxRepaintManager::timerCallback (this=0x82b8ba0) at platform_specific_code/juce_linux_Windowing.cpp:1713
#19 0x080f9430 in juce::InternalTimerThread::handleMessage (this=0x82a6378) at ../../src/juce_appframework/events/juce_Timer.cpp:267
#20 0x080f9fed in juce::MessageManager::deliverMessage (this=0x82a1840, message=0x8343448) at ../../src/juce_appframework/events/juce_MessageManager.cpp:111
#21 0x081b2811 in juce::juce_dispatchNextMessageOnSystemQueue (returnIfNoPendingMessages=false) at platform_specific_code/juce_linux_Messaging.cpp:362
#22 0x080fa34e in juce::MessageManager::dispatchNextMessage (this=0x82a1840, returnImmediatelyIfNoMessages=false, wasAMessageDispatched=0x0)
    at ../../src/juce_appframework/events/juce_MessageManager.cpp:150
#23 0x080fa42a in juce::MessageManager::runDispatchLoop (this=0x82a1840) at ../../src/juce_appframework/events/juce_MessageManager.cpp:194
#24 0x080e75f9 in juce::JUCEApplication::main (commandLine=@0xaf8abd18, app=0x82a15e8) at ../../src/juce_appframework/application/juce_Application.cpp:206
#25 0x080e76fe in juce::JUCEApplication::main (argc=1, argv=0xaf8abdf4, newApp=0x82a15e8)
    at ../../src/juce_appframework/application/juce_Application.cpp:289
#26 0x0808de0b in main (argc=1, argv=0xaf8abdf4) at ../../src/HostMain.cpp:217

Ah the problem arise also in Release mode, where i get a segmentation fault in EdgeTable::iterate, just some lines below i think.

#2

Very strange - never seen that one. I can’t see any obvious way that it could happen - you’ve not got any code that reproduces this, have you? I’d really have to get a look at what’s happening to cause this.

#3

i see if i can reproduce it here at work. at my home pc it is happening from time to time, and always getting problems into EdgeTable.

#4

I believe I have a user having the same issue (on Linux). I cannot reproduce it , but his backtrace shows

#0 0x08257d38 in juce::LowLevelGraphicsSoftwareRenderer::clippedFillPathWithColour () #1 0x0825821c in juce::LowLevelGraphicsSoftwareRenderer::fillPathWithColour () #2 0x081e3e73 in juce::SolidColourBrush::paintPath () #3 0x08218247 in juce::Graphics::fillPath () #4 0x08292dec in juce::Graphics::fillRoundedRectangle () etc..

This issue also looks similar to http://www.rawmaterialsoftware.com/juceforum/viewtopic.php?t=2447 ?

#5

Maybe the clipping rectange has managed to get some crazy co-ordinates, e.g. by going negative somehow or by having a component with such huge co-ords that they overflow when converted to a float?

#6

I just received a better backtrace from my user:

#0 0x0821d24c in juce::EdgeTable::remapTableForNumEdges (this=0xbfeef384, newNumEdgesPerLine=20) at juce/juce_amalgamated.cpp:74264 74264 *dstLine++ = *srcLine++; (gdb) where #0 0x0821d24c in juce::EdgeTable::remapTableForNumEdges (this=0xbfeef384, newNumEdgesPerLine=20) at juce/juce_amalgamated.cpp:74264 #1 0x0823b678 in juce::EdgeTable::addEdgePoint (this=0xbfeef384, x=129664, y=1776, winding=-64) at juce/juce_amalgamated.cpp:74293 #2 0x0823b913 in juce::EdgeTable::addPath (this=0xbfeef384, path=@0xbfeef4d0, transform=@0xbfeef3c4) at juce/juce_amalgamated.cpp:74366 #3 0x082be996 in juce::LowLevelGraphicsSoftwareRenderer::clippedFillPathWithColour (this=0xbfeef9f4, clipX=43, clipY=93, clipW=507, clipH=506, path=@0xbfeef4d0, t=@0x8c4eab4, colour=@0xbfeef494, quality=juce::EdgeTable::Oversampling_4times) at juce/juce_amalgamated.cpp:77121 #4 0x082bec32 in juce::LowLevelGraphicsSoftwareRenderer::fillPathWithColour (this=0xbfeef9f4, path=@0xbfeef4d0, t=@0x8c4eab4, colour=@0xbfeef494, quality=juce::EdgeTable::Oversampling_4times) at juce/juce_amalgamated.cpp:77107 #5 0x081e794b in juce::SolidColourBrush::paintPath (this=0xbfeef490, context=@0xbfeef9f4, path=@0xbfeef4d0, transform=@0x8c4eab4) at juce/juce_amalgamated.cpp:73207 #6 0x0821005c in juce::Graphics::fillPath (this=0xbfeef974, path=@0xbfeef4d0, transform=@0x8c4eab4) at juce/juce_amalgamated.cpp:74778 #7 0x08244329 in juce::Graphics::fillRoundedRectangle (this=0xbfeef974, x=0.5, y=0.5, width=506, height=505, cornerSize=8) at juce/juce_amalgamated.cpp:74905

The full backtrace is:

#0 0x0821d24c in juce::EdgeTable::remapTableForNumEdges (this=0xbfeef384, newNumEdgesPerLine=20) at juce/juce_amalgamated.cpp:74264 srcLine = (const int *) 0xa7b44c38 dstLine = (int *) 0xa7b91000 num = 248862 i = 1778 newLineStrideElements = 41 newTable = (int * const) 0xa7b3f970 #1 0x0823b678 in juce::EdgeTable::addEdgePoint (this=0xbfeef384, x=129664, y=1776, winding=-64) at juce/juce_amalgamated.cpp:74293 lineStart = (int *) 0xa7b3a808 n = 77 line = (int * const) 0xa7b3a7b8 __PRETTY_FUNCTION__ = "void juce::EdgeTable::addEdgePoint(int, int, int)" #2 0x0823b913 in juce::EdgeTable::addPath (this=0xbfeef384, path=@0xbfeef4d0, transform=@0xbfeef3c4) at juce/juce_amalgamated.cpp:74366 x2 = 129664 oldY1 = 34 x1 = 129664 multiplier = 0 winding = -64 y1 = 1776 y2 = 1990 windingAmount = 64 timesOversampling = 4 bottomLimit = 2024 iter = { x1 = 506.5, y1 = 8.5, x2 = 506.5, y2 = 497.5, closesSubPath = false, subPathIndex = 4, path = @0xbfeef4d0, transform = { static identity = { static identity = <same as static member of an already seen type>, mat00 = 1, mat01 = 0, mat02 = 0, mat10 = 0, mat11 = 1, mat12 = 0 }, mat00 = 1, mat01 = 0, mat02 = 0, mat10 = 0, mat11 = 1, mat12 = 0 }, points = 0xa7af2ff8, tolerence = 81, subPathCloseX = 8.5, subPathCloseY = 0.5, isIdentityTransform = true, stackBase = 0xa7ac29f8, stackPos = 0xa7ac29f8, index = 16, stackSize = 32 } __PRETTY_FUNCTION__ = "void juce::EdgeTable::addPath(const juce::Path&, const juce::AffineTransform&)" #3 0x082be996 in juce::LowLevelGraphicsSoftwareRenderer::clippedFillPathWithColour (this=0xbfeef9f4, clipX=43, clipY=93, clipW=507, clipH=506, path=@0xbfeef4d0, t=@0x8c4eab4, ---Type <return> to continue, or q <return> to quit--- colour=@0xbfeef494, quality=juce::EdgeTable::Oversampling_4times) at juce/juce_amalgamated.cpp:77121 edgeTable = { table = 0xa7b16148, top = 0, height = 506, maxEdgesPerLine = 20, lineStrideElements = 21, oversampling = juce::EdgeTable::Oversampling_4times } stride = -1074858548 pixelStride = -1482686464 pixels = (uint8 * const) 0xa7b13c60 "¼E¬§\001" transform = { static identity = { static identity = <same as static member of an already seen type>, mat00 = 1, mat01 = 0, mat02 = 0, mat10 = 0, mat11 = 1, mat12 = 0 }, mat00 = 1, mat01 = 0, mat02 = 43, mat10 = 0, mat11 = 1, mat12 = 93 } cx = 43 cy = 93 cw = 507 ch = 506 #4 0x082bec32 in juce::LowLevelGraphicsSoftwareRenderer::fillPathWithColour (this=0xbfeef9f4, path=@0xbfeef4d0, t=@0x8c4eab4, colour=@0xbfeef494, quality=juce::EdgeTable::Oversampling_4times) at juce/juce_amalgamated.cpp:77107 r = (const juce::Rectangle &) @0xa7ac45bc: { x = 43, y = 93, w = 507, h = 506 } i = { current = 0xa7ac45bc, owner = @0xa7b13c60, index = 0 } #5 0x081e794b in juce::SolidColourBrush::paintPath (this=0xbfeef490, context=@0xbfeef9f4, path=@0xbfeef4d0, transform=@0x8c4eab4) at juce/juce_amalgamated.cpp:73207 No locals. #6 0x0821005c in juce::Graphics::fillPath (this=0xbfeef974, path=@0xbfeef4d0, transform=@0x8c4eab4) at juce/juce_amalgamated.cpp:74778 colourBrush = (juce::SolidColourBrush) { <juce::Brush> = { _vptr.Brush = 0x8c46c48 }, members of juce::SolidColourBrush: colour = { argb = { { argb = 1291845631, components = { b = 255 'ÿ', g = 255 'ÿ', r = 255 'ÿ', a = 76 'L' } } } } } #7 0x08244329 in juce::Graphics::fillRoundedRectangle (this=0xbfeef974, x=0.5, y=0.5, width=506, height=505, cornerSize=8) at juce/juce_amalgamated.cpp:74905 p = { <juce::ArrayAllocationBase<float>> = { elements = 0xa7af2ff8, numAllocated = 64, granularity = 32 }, members of juce::Path: numElements = 44, pathXMin = 0.5, pathXMax = 506.5, pathYMin = 0.5, pathYMax = 505.5, useNonZeroWinding = true, static lineMarker = <optimized out>, static moveMarker = <optimized out>, static quadMarker = <optimized out>, static cubicMarker = <optimized out>, static closeSubPathMarker = <optimized out> }

code p this
$10 = (juce::EdgeTable * const) 0xbfeef384
(gdb) p *this
$11 = {
table = 0xa7b16148,
top = 0,
height = 506,
maxEdgesPerLine = 20,
lineStrideElements = 21,
oversampling = juce::EdgeTable::Oversampling_4times
}
[/code]

I have a core dump so I should be able to exact some more data from it.

#7

very odd - there’s a lot of detail there but I can’t see what’s making it crash… all the numbers look ok!

#8

Hi Jules,

What do you think of this line in EdgeTable::addEdgePoint:

if (n >= maxEdgesPerLine) { remapTableForNumEdges (maxEdgesPerLine + juce_edgeTableDefaultEdgesPerLine); lineStart = table + lineStrideElements * y; }

Shouldn’t it be remapTableForNumEdges (n + juce_edgeTableDefaultEdgesPerLine); ? or is n always expected to be equal to maxEdgesPerLine when that “if (n>=maxEdgesPerLine)” condition is true ?

If I could make it crash myself that would be very so much simpler, but I only have a core dump…
According to that core dump, n was set to 77 while maxEdgesPerLine was 10 . But maybe it is just the lineStart pointer that was wrong

#9

Hmm… addEdgePoint only adds one point at a time, so I can’t see any way that n could suddenly jump to a value greater than maxEdgesPerLine… But if you’re getting n=77 when maxEdgesPerLine=10, then something is certainly going wrong!

The weird thing is that this is a fillRoundedRectangle call - the edge table should only need 2 points per line, so it should never get as far as calling remapTableForNumEdges. Very very odd. Something’s becoming corrupted, but I’m pretty much stuck for ideas about how it could be happening…

#10

Yes I have been staring at that core dump all the afternoon and cannot figure how that did happen. Probably it was just a coincidence that the crash happens in EdgeTable stuff. It looks like the last third of the “table” array has been smashed by another thread. Sorry for the noise

#11

Don’t apologise - it’s a completely valid bug to raise! Just wish I could think of something else to suggest…

#12

I finally got it… I was in fact the calloc() calls that were very rarely returning memory not initialized to zero. This is a glibc 2.7 bug that happens only when mlockall() has been called ( JACK calls mlockall). Debian Lenny 5.0.4, and ubuntu LTS 8.04 are affected.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473812

#13