Login
Username:

Password:

Remember me



Lost Password?

Register now!
Sections
Who's Online
56 user(s) are online (48 user(s) are browsing Forums)

Members: 1
Guests: 55

Rigo, more...
Support us!
Recent OS4 Files
OS4Depot.net



(1) 2 »


How detect and fix heap trashing ?
Home away from home
Joined:
2007/9/11 11:31
From Russia
Posts: 5540
While trying to deal with some code (its a game, which didn't writen by me, so i can't know what every line of code do), found that it crashes all the time when i navigate over menu. Just pressing up/down over menu items and bbah!

Crashlog always point out on some free(texdata) call. Of course first thing i tried to do is add check like if(textdata) free(texdata), but it still crashes. On other platforms (win32, linux), it didn't crashes there. So probabaly their OSes deal with overflows of this kind , dunno.

So, while stack trace always point out on free(texdata), that mean that probabaly some heap corruption happens somewhere because of some buffers overruns/overflow whatever which may have impact on the heap.

Now, how to detect which part cause issues, if there is lot of source code all over the place with mallocs , strcpy, and all kind of stuff which works with memory and can trash the heap (and, i not 100% sure its a heap trashing, but all looks like this).

For first i add -Wall and -O3 , so to catch all possible issues. And, that what i have in the menu.c (at least i hope it come from there):


menu.cIn function ‘menu_entry_set_settingtext’:
menu.c:269:28warning‘ ’ directive writing 3 bytes into a region of size between 1 and 256 [-Wformat-overflow=]
             
sprintf(str,"%s : %s",entry->text,entry->settingtext);
                            ^~~
menu.c:269:13note‘sprintf’ output between 4 and 514 bytes into a destination of size 256
             sprintf
(str,"%s : %s",entry->text,entry->settingtext);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
menu.cIn function ‘menu_create_textobj’:
menu.c:288:28warning‘ ’ directive writing 3 bytes into a region of size between 1 and 256 [-Wformat-overflow=]
             
sprintf(str,"%s : %s",entry->text,entry->settingtext);
                            ^~~
menu.c:288:13note‘sprintf’ output between 4 and 514 bytes into a destination of size 256
             sprintf
(str,"%s : %s",entry->text,entry->settingtext);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
menu.cIn function ‘menu_choose’:
menu.c:269:28warning‘ ’ directive writing 3 bytes into a region of size between 1 and 256 [-Wformat-overflow=]
             
sprintf(str,"%s : %s",entry->text,entry->settingtext);
                            ^~~
menu.c:269:13note‘sprintf’ output between 4 and 514 bytes into a destination of size 256
             sprintf
(str,"%s : %s",entry->text,entry->settingtext);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So by warning it already looks like something overwrite buffers (which probabaly in end cause heap corruption => crash).

That relevant parts are:

/***********************************************************************
 *            Set the text in a menu / submenu option                  *
 ***********************************************************************/

void menu_entry_set_settingtextmenuEntry entrychar text )
{
    
char str[256];
    
strcpyentry->settingtexttext );
    if( 
entry->text_obj != (textObj *)){
        if( 
entry->show_subsetting && entry->settingtext[0]!=){
/*line 269:*/             sprintf(str,"%s : %s",entry->text,entry->settingtext);
            
textObj_setTextentry->text_objstr );
        } else {
            
textObj_setTextentry->text_objtext );
        }
    }
}

/***********************************************************************
 *          Create the menu textobject for opengl displaying           *
 ***********************************************************************/

void menu_create_textobjmenuEntry entry )
{
    
char str[256];
    if( 
entry->text_obj == (textObj *)){


        if( 
entry->show_subsetting && entry->settingtext[0]!=){
/*line 288:*/            sprintf(str,"%s : %s",entry->text,entry->settingtext);
            
entry->text_obj textObj_newstrentry->fontnameentry->fontsize );
        } else {
            
entry->text_obj textObj_newentry->textentry->fontnameentry->fontsize );
        }
    }
}



Pure replaceing char str[256]; on char str[1024]; deal with warnings, but didn't deal with crash which mean heap still fuckedup.

Visually i even can see, when i go through menu, every switch can leave a little artefact of previous entry, which mean or it didn't clean correctly, or didn't filled correctly.


Now question is: how to found where. I mean some automatical way. Maybe undef all mallocs/free to something which will count how much and when allocatred and then freed and write it to console, so i can compare..

Any ideas ?

_________________
Join us to improve dopus5!
zerohero's mirror of os4/os3 crosscompiler suites
   Report Go to top

Re: How detect and fix heap trashing ?
Amigans Defender
Joined:
2006/12/2 13:27
From Taranto, Italy
Posts: 916
try:

char str[1024] = {0};

i remember well that if a variable is not initialized can cause bad stuff on os4.
Or try to create a pointer and use malloc/memset or calloc and see if something change

_________________
i'm really tired...
   Report Go to top

Re: How detect and fix heap trashing ?
Not too shy to talk
Joined:
2015/6/11 8:51
From Cologne
Posts: 282
Those warnings simply come from the size of the "text" and "settingtext" attributes of the entry-struct.
3 bytes -> the ' : ' part of the format string, if both text and settingtext are empty strings.
between 4 -> 3 byes from above plus 0 terminator if both strings are empty.
and 514 -> if both text and settingtext are filled to their maximum plus 4 bytes from abobe. Apparently both are defined like this:

struct Entry {
char text[256];
char settingtext[256];
}

So, while those warnings are all nice, they don't necessarily mean too much.
Especially in older code you often find such constructs with fixed length string buffers and it is all just fine, if the code which uses them is correct. And those warnings don't tell you anything about whether its used correctly or not, it simply gets fired on every such construct.

So the warning only tells you a theoretical cause of trouble, nothing more. It most likely doesn't actually point you to your problem in this case here. Most likely everything is just fine with that warned code. I'd ignore it.
You could silence them by changing str[256] to str[514]. Of course it may still overflow if e.g. the entry-struct points into invalid memory ;)

Concentrate on the use of "texdata" first. Where is it created? Where is it freed? Is it freed at more locations than the crash-site? Is it set to NULL after free?

_________________
[Facebook] [YouTube Channel]
   Report Go to top

Re: How detect and fix heap trashing ?
Home away from home
Joined:
2007/9/11 11:31
From Russia
Posts: 5540
@afxgroup
Thanks, tryied at moment {0} thing : didn't help much.

@Daniel
Thanks for worry !:)

Creation of texdata and its freed done in one function:

int create_string_quadchar strchar fontnameint hint quad_idint tex_idVMfloat quad_wVMfloat quad_h )
{
    
int    quad_obj;
    
GLuint texbind;
    
int    texw,texhwidth,height;
    
char texdata;
    
VMfloat fact;
#define MAX_TEXW 256
#define MAX_TEXH 256

    
getStringPixmapFTstrfontnameh, &texdata, &texw, &texh, &width, &height );
    
glGenTextures(1,&texbind);
    
glBindTexture(GL_TEXTURE_2D,texbind);
    
gluBuild2DMipmaps(GL_TEXTURE_2D1texwtexhGL_LUMINANCE,
                      
GL_UNSIGNED_BYTEtexdata);
    
glTexParameteri(GL_TEXTURE_2DGL_TEXTURE_MIN_FILTERoptions_tex_min_filter);
    
glTexParameteri(GL_TEXTURE_2DGL_TEXTURE_MAG_FILTERoptions_tex_mag_filter);
    
glTexEnvi(GL_TEXTURE_ENVGL_TEXTURE_ENV_MODEGL_MODULATE);

    
free(texdata);

    
fact=(VMfloat)h;
    
quad_obj glGenLists(1);
    
glNewList(quad_objGL_COMPILE);
    
glBindTexture(GL_TEXTURE_2D,texbind);
    
glBegin(GL_QUADS);

    
glNormal3s(0,0,1);

    
glTexCoord2s(0,0);
    
glVertex3f(0,1.0*fact,0);

    
glTexCoord2f((VMfloat)width/(VMfloat)texw,0);
    
glVertex3f((VMfloat)width/(VMfloat)height*fact,1.0*fact,0);

    
glTexCoord2f((VMfloat)width/(VMfloat)texw,(VMfloat)height/(VMfloat)texh);
    
glVertex3f((VMfloat)width/(VMfloat)height*fact,0,0);

    
glTexCoord2f(0,(VMfloat)height/(VMfloat)texh);
    
glVertex3s(0,0,0);

    
glEnd();
    
glEndList();

    *
quad_h=fact*1.0;
    *
quad_w=(VMfloat)width/(VMfloat)height*fact;

    if(
quad_id!=0) *quad_id=quad_obj;
    if(
tex_id!=0) *tex_id=texbind;

    return(
quad_obj);
}


That getStringPixmapFT take the font's letters via freetype (it take some dejavu.ttf from which got letters and build those textures showing in the menu)

void getStringPixmapFT(char *strchar *fontnameint font_heightchar ** dataint dwidthint dheightint widthint height)
/* data containes the pixmap */
{
    
FT_Face       face;      /* handle to face object */
    
int           pen_x,pen_y,i,w,h,j,error,w1,h1;
    
FT_ULong      realindexnewindexn;

    
w1=0h1=0;
    
//.. initialise library ..
    
if(init_me){
        
error FT_Init_FreeType( &library );
        if ( 
error ) {
            
fprintf(stderr,"FT_Init_FreeType errorn");
            
sys_exit(1);
        }
        
init_me=0;
    }
//.. create face object ..
    
error FT_New_Facelibraryfontname0, &face );
    if ( 
error == FT_Err_Unknown_File_Format ){
        
fprintf(stderr,"the font file could be opened and read, but it appears that its font format is unsupportedn");
        
sys_exit(1);
    } else if ( 
error ) {
        
fprintf(stderr,"another error code means that the font file could not e opened or read, or simply that it is brokenn");
        
sys_exit(1);
    } else {
//        fprintf(stderr,"FT_New_Face OK!n");
    
}
    
//.. set character size ..

    
error FT_Set_Pixel_Sizes(face,   /* handle to face object   */
                               
0,      /* pixel_width             */
                               
font_height );   /* pixel_height   */
    
pen_x 0;
    
pen_y 0;
    
//    fprintf(stderr,"getStringPixmapFT: num_glyphs=%dn",face->num_glyphs);
    
w=0;
    
h=font_height;
    for(
i=0;i<2;i++){
        if (
i==1){
            for(
w1=w,w=8;w<w1;w*=2);
            for(
h1=h,h=8;h<h1;h*=2);
//            fprintf(stderr,"getStringPixmapFT: allocing  w=%d h=%dn",w,h);
            
(*data)=malloc(w*h);
            for(
j=0;j<w*h;j++) {
               (*
data)[j]=0;
            }
        }
        for ( 
0str[n]!=0n++ ) {
            
FT_UInt  glyph_index;

            if(!(
realindex decode((uint8_t *)&str[n],&newindex))) {
              
realindex str[n]; //ugly, but in function
            
}
            
+= newindex;
            
// retrieve glyph index from character code
            
glyph_index FT_Get_Char_Indexfacerealindex );

            
// load glyph image into the slot (erase previous one)
            
error FT_Load_Glyphfaceglyph_indexFT_LOAD_DEFAULT );
            if (
error) { fprintf(stderr,"FT_Load_Glyph:error#%Xn",error); sys_exit(1); }

            
// convert to an anti-aliased bitmap
            
error FT_Render_Glyphface->glyphFT_RENDER_MODE_NORMAL );
            if (
error) { fprintf(stderr,"FT_Render_Glyph:error#%Xn",error); sys_exit(1); }
             
            if(
i!=0){
                
// now, draw to our target surface
                
my_draw_bitmap( (char *)face->glyph->bitmap.buffer,
                                
face->glyph->bitmap.widthface->glyph->bitmap.rows,
//                                pen_x, pen_y,
                                
pen_x face->glyph->bitmap_left,
                                
pen_y font_height*face->ascender/(face->ascender-face->descender) - face->glyph->bitmap_top,
                                *
data w);
                
pen_x += (face->glyph->advance.>> 6);
            } else {
//                fprintf(stderr,"getStringPixmapFT: w=%d h=%dn",w,h);
                
+= (face->glyph->advance.>> 6);
//                fprintf(stderr,"getStringPixmapFT: w=%d h=%dn",w,h);
            
}
        }
    }

    
error FT_Done_Face(face);
    if ( 
error ) {
        
fprintf(stderr,"FT_Done_Face error# %dn",error);
        
sys_exit(1);
    }
    
//fprintf(stderr,"FT_Done_FreeType readyn");

    
*dwidth=w;
    *
dheight=h;
    if( 
width  != NULL ) *width  w1;
    if( 
height != NULL ) *height h1;
}



I just put few prinfs around free(texdata), and run game, and it doing about 100-200 or more free(texdata) before crashes. And crashes always on some particular entry to which i switch second time (first time all ok).

I also note, that some menu entries have some trailed line over letters "p, g and y". And seems that once i second time come to the entry with such trailing line i crashes, see how it looks like visually:

(press open in new tab for fullsize)

Resized Image

What is interesting, in win32 version i have the same over those letters, but it didn't crash (but then, win32 probabaly catch all kind of illegal and bad memory accesses /frees and most of time you even didn't know that there is something bad happens).

Just in case there is crashlog as well:
Crashlog.txt

_________________
Join us to improve dopus5!
zerohero's mirror of os4/os3 crosscompiler suites
   Report Go to top

Re: How detect and fix heap trashing ?
Not too shy to talk
Joined:
2015/6/11 8:51
From Cologne
Posts: 282
@kas1e
Please try the following:
in create_string_quad change this
char * texdata;
to this
char * texdata=0;

EDIT:
Ah, no (although: keep the above anyway, doesn't hurt).
Try the following:

Change the line
(*data)=malloc(w*h);
to
(*data)=malloc(w*h+1);

_________________
[Facebook] [YouTube Channel]
   Report Go to top

Re: How detect and fix heap trashing ?
Quite a regular
Joined:
2007/2/27 10:47
From Gravity well
Posts: 654
I have had weird things happen with Freetype (OS4). As you said, something that works at first, stops working. And does work after a reboot. Although I recently updated it (latest .so from OS4Depot), not long enough ago to tell, if it is all good.

   Report Go to top

Re: How detect and fix heap trashing ?
Home away from home
Joined:
2007/9/11 11:31
From Russia
Posts: 5540
@Daniel
Nope, still the same :(

@Thematic
I build all statically, and also have all latest from os4depot. And basically never have problems with freetype, its for sure something bad in game's code.

_________________
Join us to improve dopus5!
zerohero's mirror of os4/os3 crosscompiler suites
   Report Go to top

Re: How detect and fix heap trashing ?
Not too shy to talk
Joined:
2015/6/11 8:51
From Cologne
Posts: 282
@kas1e

Does commenting out the line
my_draw_bitmap(...)
change anything in terms of crashes?

Hard to give you more hints here. I mean, e.g. the function "decode". Who knows what it does. Maybe it's buggy and makes n to become an out-of-bounds-index. Or str is invalid in the first place.
If you can rule this out then it's most likely some obscure side-effect of memory coruption somewhere else

_________________
[Facebook] [YouTube Channel]
   Report Go to top

Re: How detect and fix heap trashing ?
Home away from home
Joined:
2007/9/11 11:31
From Russia
Posts: 5540
@Daniel
With commenting out my_draw_bitmap() i can't see any text. Even if i press "Esc" for going to menu, there is none. Its even didn't looks like menu is here, game continues like nothing was pressed.

That "decode" thing are:

/***********************************************************************/

/*
  retrieve the information for a REAL index of possibly utf8 decoded strings
  returns the index of the char for ttf handling or 0 on error. The second Parameter has
  the new next index# for the string of parameter 1
  For better error handling inside the old program code, there is no error fired. Only success


  Char. number range  |        UTF-8 octet sequence
     (hexadecimal)    |              (binary)
  --------------------+---------------------------------------------
  0000 0000-0000 007F | 0xxxxxxx
  0000 0080-0000 07FF | 110xxxxx 10xxxxxx
  0000 0800-0000 FFFF | 1110xxxx 10xxxxxx 10xxxxxx
  0001 0000-0010 FFFF | 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx

*/

FT_ULong decode(uint8_tsFT_ULong *newindex) {
  
uint8_t databytestat 9;
  
uint32_t unic 0;
  *
newindex=0;

  while ((
byte = *s++)) {

#if ASCII_IN_TABLE
    
data utf8dbyte ];
    
stat utf8d256 + (stat << 4) + (data >> 4) ];
    
byte = (byte ^ (uint8_t)(data << 4));
#else
    
if (byte 0x80) {
      
stat utf8d128 + (stat << 4) ];
    } else {
      
data utf8dbyte ];
      
stat utf8d128 + (stat << 4) + (data >> 4) ];
      
byte = (byte ^ (uint8_t)(data << 4));
    }
#endif

    
unic = (unic << 6) | byte;

    if (!
stat) {
      
// unic is now a proper code point, we just print it out.
      //printf("U+%04Xn", unic);
      //printf("%i ",unic);
      
return (FT_ULong)unic;
      
unic 0;
    }
    if (
stat == 1) {
      
// the byte is not allowed here; the state would have to
      // be reset to continue meaningful reading of the string
      
return (FT_ULong)0;
    }
  *
newindex+=1;
  }
return (
FT_ULong)0;
}

/***********************************************************************/

//FT_ULong getrealindex(FT_ULong index, char *string, FT_ULong *newindex) {
// ###TODO###
//}

/***********************************************************************/

void my_draw_bitmapchar srcint w1int h1int x0int y0char dst int w )
{
    
int x,y;
    for(
y=0;y<h1;y++) {
      for(
x=0;x<w1;x++) {
          
dst[(y+y0)*w+x+x0]+=src[y*w1+x];
      }
    }
}


Will check if str is valid one as well..

I just thining before making the topic, maybe there is some general rule how to find those strange help corruption bugs. We on aos4 didn't have any normal stuff for checking in realtime, so maybe some static-analizators of C code can help .. Or adding of "dmalloc() kind" things which will count how many alloca/free done, how many each alloc/free, which pointers used to what addresses ,etc..

_________________
Join us to improve dopus5!
zerohero's mirror of os4/os3 crosscompiler suites
   Report Go to top

Re: How detect and fix heap trashing ?
Not too shy to talk
Joined:
2015/6/11 8:51
From Cologne
Posts: 282
@kas1e
Of course you dont see any text if you comment it out.
The question was whether this makes the crashs go away or not.

_________________
[Facebook] [YouTube Channel]
   Report Go to top

Re: How detect and fix heap trashing ?
Home away from home
Joined:
2007/9/11 11:31
From Russia
Posts: 5540
@Daniel
It crashes only when i navigate in the menu, when i just play game it never crash. So as i didnt have menu when comnenting out my_draw_bitmap(), i cant triger the crash..

_________________
Join us to improve dopus5!
zerohero's mirror of os4/os3 crosscompiler suites
   Report Go to top

Re: How detect and fix heap trashing ?
Quite a regular
Joined:
2007/7/14 20:30
From Lothric
Posts: 806
@kas1e

Please try DrMemory on Windows and Valgrind on Linux.

   Report Go to top

Re: How detect and fix heap trashing ?
Home away from home
Joined:
2007/9/11 11:31
From Russia
Posts: 5540
@Capehill
Tryed DrMemory, that one good! Through windows version builded without debug info, so all in ??? mostly, but just pure run and exit give me:

ERRORS FOUND:
     
62 unique,  2526 total unaddressable access(es)
      
7 unique,   112 total uninitialized access(es)
      
0 unique,     0 total invalid heap argument(s)
      
0 unique,     0 total GDI usage error(s)
      
0 unique,     0 total handle leak(s)
      
0 unique,     0 total warning(s)
    
205 unique,   249 total2326115 byte(sof leak(s)
     
63 unique,    80 total1346702 byte(sof possible leak(s)


POTENTIAL ERRORS FOUND:
     
39 unique,    71 total potential unaddressable access(es)
    
271 unique59317 total potential uninitialized access(es)
      
1 unique,     1 total potential invalid heap argument(s)
      
1 unique,     1 total potential GDI usage error(s)
     
77 unique,    88 total potential handle leak(s)
      
7 unique22095 total potential warning(s)
     
22 unique,    43 total,  44568 byte(sof potential leak(s)
     
15 unique,    24 total209242 byte(sof potential possible leak(s)


Need to build win32 version with debug symbols to be able to see at least where to look.


Edited by kas1e on 2019/1/23 10:47:11
Edited by kas1e on 2019/1/23 10:52:09
_________________
Join us to improve dopus5!
zerohero's mirror of os4/os3 crosscompiler suites
   Report Go to top

Re: How detect and fix heap trashing ?
Just popping in
Joined:
2011/7/20 19:01
Posts: 51
@kas1e

try this

/***********************************************************************
 *            Set the text in a menu / submenu option                  *
 ***********************************************************************/

void menu_entry_set_settingtextmenuEntry entrychar text )
{
    
char str[256];
    
    
/* this could overflow */
    
strcpyentry->settingtexttext );

    if( 
entry->text_obj != (textObj *)){
        if( 
entry->show_subsetting && entry->settingtext[0]!=){
            
int res snprintf(str256"%s : %s",entry->text,entry->settingtext);

            if (
res 256) {
              
printf ("string not large enough for "%s" and "%s"\n"entry->text,entry->settingtext);
            }

            
textObj_setTextentry->text_objstr );
        } else {
            
textObj_setTextentry->text_objtext );
        }
    }
}

/***********************************************************************
 *          Create the menu textobject for opengl displaying           *
 ***********************************************************************/

void menu_create_textobjmenuEntry entry )
{
    
char str[256];
    if( 
entry->text_obj == (textObj *)){


        if( 
entry->show_subsetting && entry->settingtext[0]!=){
            
int res snprintf(str256"%s : %s",entry->text,entry->settingtext);

            if (
res 256) {
              
printf ("string not large enough for "%s" and "%s"\n"entry->text,entry->settingtext);
            }


            
entry->text_obj textObj_newstrentry->fontnameentry->fontsize );
        } else {
            
entry->text_obj textObj_newentry->textentry->fontnameentry->fontsize );
        }
    }
}

   Report Go to top

Re: How detect and fix heap trashing ?
Home away from home
Joined:
2007/9/11 11:31
From Russia
Posts: 5540
@Daniel

I retested again with commented out my_draw_bitmap(), and sorry, was wrong, menu works indeed even if i don't see it. I can press 12 times "down" (so to be on entry "exit") and exit from the game.

So, i just tryied to reproduce crash when commented this my_draw_bitmap() out: and can't. With uncommenting it back, its enough for me to press "esc" for going to menu, then just press : 2 times down, 2 times up -> crash. With commented out my_draw_bitmap() i for sure have no crash, retested 10 times.

I can go up/down as much times as i want, and then go up, and press 12 times down to go to the "Exit", and exit fine, no crash.

So it something which want to be accessed from that function. *data ?

Whole my_draw_bitmap() are:

void my_draw_bitmapchar srcint w1int h1int x0int y0char dst int w )
{
    
int x,y;
    for(
y=0;y<h1;y++) {
      for(
x=0;x<w1;x++) {
          
dst[(y+y0)*w+x+x0]+=src[y*w1+x];
      }
    }
}



@Billyfish
Thanks, tried, that didn't help.

Through, should to note, its probabaly can be something around that, because i build win32 version with debug symbols, running DrMemory on it, and , it point out exactly on those lines like:

Error #70: UNINITIALIZED READ: reading register eax
# 0 menu_draw                         [D:msys64workfoobillardplus-3.42betasrc/menu.c:287]
# 1 DisplayFunc                       [D:msys64workfoobillardplus-3.42betasrc/billard3d.c:5319]
# 2 sys_main_loop                     [D:msys64workfoobillardplus-3.42betasrc/sys_stuff.c:738]
# 3 console_main                      [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/pseudo-reloc.c:374]
# 4 __tmainCRTStartup                 [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:339]
# 5 KERNEL32.dll!BaseThreadInitThunk +0x23     (0x743a62c4 <KERNEL32.dll+0x162c4>)
Note: @0:02:05.622 in thread 7724
Note
instructiontest   %eax %eax


And that 287 line, are
Quote:

if( entry->show_subsetting && entry->settingtext[0]!=0 ){


from the menu_create_textobj(). Same entry in the menu_entry_set_settingtext() didn't leak, only from menu_create_textobj().

Why i think its not false alarm, its because DrMemory found with the same "UNINITIALIZED READ: reading register eax" real bug which was fixed (but i do test on unfixed version, so to check if it will find it, and it is). So probabaly even if it will be in end not related to the crash, there sitll some issue in those functions. I will recheck if your replacement will bring no error by DrMemory


Edited by kas1e on 2019/1/23 19:09:27
_________________
Join us to improve dopus5!
zerohero's mirror of os4/os3 crosscompiler suites
   Report Go to top

Re: How detect and fix heap trashing ?
Home away from home
Joined:
2007/9/11 11:31
From Russia
Posts: 5540
@Daniel
And i also check in DrMemory win32's logs more , and found another possible issue which may very well related to the fact that we didn't crash when comment out draw_my_bitmap() stuff (which needs *data):

Error #82: LEAK 8192 direct bytes 0x036f3100-0x036f5100 + 0 indirect bytes
# 0 replace_malloc                     [d:drmemory_packagecommonalloc_replace.c:2576]
# 1 getStringPixmapFT                  [D:msys64workfoobillardplus-3.42betasrc/font.c:308]
# 2 create_balltex                     [D:msys64workfoobillardplus-3.42betasrc/ball.c:544]
# 3 create_pooltex_binds               [D:msys64workfoobillardplus-3.42betasrc/ball.c:763]
# 4 draw_balls                         [D:msys64workfoobillardplus-3.42betasrc/ball.c:901]
# 5 sys_main_loop                      [D:msys64workfoobillardplus-3.42betasrc/sys_stuff.c:738]
# 6 console_main                       [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/pseudo-reloc.c:374]
# 7 __tmainCRTStartup                  [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:339]
# 8 KERNEL32.dll!BaseThreadInitThunk  +0x23     (0x743a62c4 <KERNEL32.dll+0x162c4>)


And, line 308 of font.c , are in that getStringPixmapFT, and it's : (*data)=malloc(w*h) , which yes, we trying to swap on (*data)=malloc(w*h+1); before, but that didn't help to the crash as well :(

Also, it found a leak in texobj.c:

Error #90: LEAK 624 direct bytes 0x037d4c30-0x037d4ea0 + 0 indirect bytes
# 0 replace_malloc                    [d:drmemory_packagecommonalloc_replace.c:2576]
# 1 textObj_new                       [D:msys64workfoobillardplus-3.42betasrc/textobj.c:93]
# 2 console_main                      [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/pseudo-reloc.c:374]
# 3 __tmainCRTStartup                 [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:339]
# 4 KERNEL32.dll!BaseThreadInitThunk +0x23     (0x743a62c4 <KERNEL32.dll+0x162c4>)


In function:

textObj textObj_new(char strchar fontnameint height )
{
    
textObj obj;
    
obj=malloc(sizeof(textObj));
    
obj->height=height;
    
obj->depth3D=0.0;  /* for toggling to 3D */
    
obj->is_3D=0;
    
strcpy(obj->str,str);
    
strcpy(obj->fontname,fontname);
    
create_string_quadobj->strobj->fontnameobj->height, &(obj->quad_id), &(obj->tex_id), &(obj->quad_w), &(obj->quad_h) );
    return 
obj;
}


At line 93, which are obj=malloc(sizeof(textObj));

Not sure which one of those is guilty, but it 99% its all around of those functions



Edited by kas1e on 2019/1/23 19:28:30
_________________
Join us to improve dopus5!
zerohero's mirror of os4/os3 crosscompiler suites
   Report Go to top

Re: How detect and fix heap trashing ?
Home away from home
Joined:
2007/9/11 11:31
From Russia
Posts: 5540
@all
In short summary to avoid reading last two big posts, DrMemory found:

1. one UNINITIALIZED READ in the menu_create_textobj(), at line if( entry->show_subsetting && entry->settingtext[0]!=0 ){

2. Also one leak in the getStringPixmapFT() , on the line (*data)=malloc(w*h); (and data there, is that textdata, on which we crash later when do free(textdata).

3. And another leak in the textObj_new() function on the obj=malloc(sizeof(textObj)); . And that textObj_new() are called from menu_create_textobj(), on which previously we have a leak too.

So, from menu.c we do menu_create_textobj() which have unitiialized read on if( entry->show_subsetting && entry->settingtext[0]!=0 ){ , then from same function we call after that leak textObj_new() , which also continue to have leak in the obj=malloc(sizeof(textObj)); , and then , create_string_quad() called, which call getStringPixmapFT() in which we already on big leak when do (*data)=malloc(w*h);

In end of which it probabaly fuck the heap, and give us that crashes on free(). Only to understand from where it come :)


All code of functions posted in previous comments, so while i step by step trying to figure what happens, maybe anyone will have a clue already.

Thanks !


Edited by kas1e on 2019/1/23 19:53:06
Edited by kas1e on 2019/1/23 19:54:14
_________________
Join us to improve dopus5!
zerohero's mirror of os4/os3 crosscompiler suites
   Report Go to top

Re: How detect and fix heap trashing ?
Home away from home
Joined:
2006/11/20 16:26
From Norway
Posts: 2740
@kas1e

Run the same code snippet in Windows or Linux, maybe you get lucky, and tells you what happens.

_________________
(NutsAboutAmiga)

Basilisk II for AmigaOS4
AmigaInputAnywhere
Excalibur
and other tools and apps.
   Report Go to top

Re: How detect and fix heap trashing ?
Home away from home
Joined:
2007/9/11 11:31
From Russia
Posts: 5540
@Liveforit
Do you know who captain Picard is ? :) I do :)

_________________
Join us to improve dopus5!
zerohero's mirror of os4/os3 crosscompiler suites
   Report Go to top

Re: How detect and fix heap trashing ?
Home away from home
Joined:
2006/11/20 16:26
From Norway
Posts: 2740
@kas1e

I'm sci-fi nerd so yes. Always keeps my eyes open for good new series.

_________________
(NutsAboutAmiga)

Basilisk II for AmigaOS4
AmigaInputAnywhere
Excalibur
and other tools and apps.
   Report Go to top


(1) 2 »



[Advanced Search]


Powered by XOOPS 2.0 © 2001-2016 The XOOPS Project