Linux crash malloc(): memory corruption (picomodel problems)
Hello netradiant crashes and have undefined behaviour with lots of error messages about libpico. It is on linux mint 19 Cinnamon kernel 4.15.0-45-generic Loading certain maps fails loading for me using latest git revision. gdb reveals following:
gdb radiant
GNU gdb (Ubuntu 8.1-0ubuntu3) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from radiant...done.
(gdb) start
Temporary breakpoint 1 at 0x11b3ac: main. (2 locations)
Starting program: /home/myuser/annat/netradiant/build/radiant
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Temporary breakpoint 1, main (argc=1, argv=0x7fffffffde08)
at /home/myuser/annat/netradiant/radiant/main.cpp:554
554 {
(gdb) continue
Continuing.
[New Thread 0x7fffe31be700 (LWP 29795)]
[New Thread 0x7fffe29bd700 (LWP 29796)]
[New Thread 0x7fffe189a700 (LWP 29797)]
[New Thread 0x7fffe1099700 (LWP 29798)]
[New Thread 0x7fffe0898700 (LWP 29799)]
[New Thread 0x7fffcbfff700 (LWP 29800)]
[New Thread 0x7fffcb7fe700 (LWP 29801)]
[Thread 0x7fffe0898700 (LWP 29799) exited]
[Thread 0x7fffe1099700 (LWP 29798) exited]
[Thread 0x7fffcb7fe700 (LWP 29801) exited]
[Thread 0x7fffcbfff700 (LWP 29800) exited]
[New Thread 0x7fffcbfff700 (LWP 29802)]
[New Thread 0x7fffcb7fe700 (LWP 29803)]
[New Thread 0x7fffe1099700 (LWP 29804)]
[New Thread 0x7fffe0898700 (LWP 29805)]
[New Thread 0x7fffcaffd700 (LWP 29806)]
[New Thread 0x7fffca7fc700 (LWP 29807)]
[New Thread 0x7fffc9ffb700 (LWP 29808)]
[Thread 0x7fffc9ffb700 (LWP 29808) exited]
[Thread 0x7fffcb7fe700 (LWP 29803) exited]
[Thread 0x7fffcbfff700 (LWP 29802) exited]
[Thread 0x7fffe189a700 (LWP 29797) exited]
[Thread 0x7fffcaffd700 (LWP 29806) exited]
[Thread 0x7fffe0898700 (LWP 29805) exited]
[Thread 0x7fffca7fc700 (LWP 29807) exited]
[New Thread 0x7fffca7fc700 (LWP 29809)]
[Thread 0x7fffe1099700 (LWP 29804) exited]
[New Thread 0x7fffe1099700 (LWP 29810)]
[Thread 0x7fffe1099700 (LWP 29810) exited]
[New Thread 0x7fffe1099700 (LWP 29811)]
[Thread 0x7fffca7fc700 (LWP 29809) exited]
malloc(): memory corruption
Thread 1 "radiant" received signal SIGABRT, Aborted.
0x00007ffff4b0ee97 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) trace
Tracepoint 2 at 0x7ffff4b0ee97
(gdb) stack
Undefined command: "stack". Try "help".
(gdb) dump
"dump" must be followed by a subcommand.
List of dump subcommands:
dump binary -- Write target code/data to a raw binary file
dump ihex -- Write target code/data to an intel hex file
dump memory -- Write contents of memory to a raw binary file
dump srec -- Write target code/data to an srec file
dump tekhex -- Write target code/data to a tekhex file
dump value -- Write the value of an expression to a raw binary file
dump verilog -- Write target code/data to a verilog hex file
Type "help dump" followed by dump subcommand name for full documentation.
Type "apropos word" to search for commands related to "word".
Command name abbreviations are allowed if unambiguous.
(gdb) bt
#0 0x00007ffff4b0ee97 in raise () at /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff4b10801 in abort () at /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff4b59897 in () at /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007ffff4b6090a in () at /lib/x86_64-linux-gnu/libc.so.6
#4 0x00007ffff4b64994 in () at /lib/x86_64-linux-gnu/libc.so.6
#5 0x00007ffff4b672ed in malloc () at /lib/x86_64-linux-gnu/libc.so.6
#6 0x00007fffe88ee1a9 in _pico_alloc (size=12288)
at /home/myuser/annat/netradiant/libs/picomodel/picointernal.c:75
#7 0x00007fffe88ee2af in _pico_realloc (ptr=0x55555b2d04a0, oldSize=0, newSize=12288) at /home/myuser/annat/netradiant/libs/picomodel/picointernal.c:133
#8 0x00007fffe88d57fc in PicoAdjustSurface (surface=0x55555b2d0470, numVertexes=1, numSTArrays=1, numColorArrays=1, numIndexes=1, numFaceNormals=0)
at /home/myuser/annat/netradiant/libs/picomodel/picomodel.c:635
#9 0x00007fffe88d65e4 in PicoSetSurfaceIndex (surface=0x55555b2d0470, num=0, index=1038) at /home/myuser/annat/netradiant/libs/picomodel/picomodel.c:1013
#10 0x00007fffe88e07a7 in _md2_load (fileName=0x55555b2d00e0 "maps/meshes/urban/rioblue.md2", frameNum=0, buffer=0x55555af3a250, bufSize=140600)
at /home/myuser/annat/netradiant/libs/picomodel/pm_md2.c:564
#11 0x00007fffe88d4cc3 in PicoModuleLoadModel (pm=0x7fffe8b08940 <picoModuleMD2>, fileName=0x55555b2d00e0 "maps/meshes/urban/rioblue.md2", buffer=0x55555af3a250 "IDP2\b", bufSize=140600, frameNum=0)
at /home/myuser/annat/netradiant/libs/picomodel/picomodel.c:147
#12 0x00007fffe88d4f8b in PicoModuleLoadModelStream (module=0x7fffe8b08940 <pico---Type <return> to continue, or q <return> to quit---
ModuleMD2>, inputStream=0x55555aec7120, inputStreamRead=0x7fffe88b87da <picoInputStreamReam(void*, unsigned char*, unsigned long)>, streamLength=140600, frameNum=0, fileName=0x55555b2d00e0 "maps/meshes/urban/rioblue.md2")
at /home/myuser/annat/netradiant/libs/picomodel/picomodel.c:270
#13 0x00007fffe88b888b in loadPicoModel(picoModule_s const*, ArchiveFile&) (module=0x7fffe8b08940 <picoModuleMD2>, file=...)
at /home/myuser/annat/netradiant/plugins/model/model.cpp:1020
#14 0x00007fffe88cfb49 in PicoModelLoader::loadModel(ArchiveFile&) (this=0x555555beada0, file=...)
at /home/myuser/annat/netradiant/plugins/model/plugin.cpp:107
#15 0x00005555556f99e5 in ModelResource_load(ModelLoader*, char const*) (loader=0x555555beada0, name=0x55555aae6c90 "maps/meshes/urban/rioblue.md2")
at /home/myuser/annat/netradiant/radiant/referencecache.cpp:199
#16 0x00005555556f9d13 in Model_load(ModelLoader*, char const*, char const*, char const*) (loader=0x555555beada0, path=0x555555e1f4d0 "/home/myuser/annat/aa/data1/", name=0x55555aae6c90 "maps/meshes/urban/rioblue.md2", type=0x55555aebee20 "md2") at /home/myuser/annat/netradiant/radiant/referencecache.cpp:295
#17 0x00005555556fb58b in ModelResource::loadCached() (this=0x55555b2b0500)
at /home/myuser/annat/netradiant/radiant/referencecache.cpp:389
#18 0x00005555556fb6a4 in ModelResource::loadModel() (this=0x55555b2b0500)
at /home/myuser/annat/netradiant/radiant/referencecache.cpp:401
#19 0x00005555556fb75f in ModelResource::load() (this=0x55555b2b0500)
at /home/myuser/annat/netradiant/radiant/referencecache.cpp:410
---Type <return> to continue, or q <return> to quit---
#20 0x00007fffe72a4aa5 in EModel::realise() (this=0x555559d2f470)
at /home/myuser/annat/netradiant/plugins/entity/model.h:52
#21 0x00005555556fba6b in ModelResource::attach(ModuleObserver&) (this=0x55555b2b0500, observer=...)
at /home/myuser/annat/netradiant/radiant/referencecache.cpp:461
#22 0x00007fffe72a136a in ResourceReference::attach(ModuleObserver&) (this=0x555559d2f478, observer=...) at /home/myuser/annat/netradiant/libs/entitylib.h:658
#23 0x00007fffe72a4bfd in EModel::modelChanged(char const*) (this=0x555559d2f470, value=0x555559d2fb80 "maps/meshes/urban/rioblue.md2")
at /home/myuser/annat/netradiant/plugins/entity/model.h:72
#24 0x00007fffe72a4d35 in SingletonModel::modelChanged(char const*) (this=0x555559d2f458, value=0x555559d2fb80 "maps/meshes/urban/rioblue.md2")
at /home/myuser/annat/netradiant/plugins/entity/model.h:115
#25 0x00007fffe72fbf29 in detail::MemberN<SingletonModel, void (char const*)>::instance<&SingletonModel::modelChanged>::call(SingletonModel&, char const*) (object=..., args#0=0x555559d2fb80 "maps/meshes/urban/rioblue.md2")
at /home/myuser/annat/netradiant/libs/generic/functional.h:123
#26 0x00007fffe72fbc5f in detail::BindFirstOpaqueN<detail::MemberN<SingletonModel, void (char const*)>::instance<&SingletonModel::modelChanged>, void (SingletonModel&, char const*)>::thunk_(SingletonModel&, char const*) (environment=..., args#0=0x555559d2fb80 "maps/meshes/urban/rioblue.md2")
at /home/myuser/annat/netradiant/libs/generic/callback.h:181
#27 0x00007fffe72fb705 in detail::BindFirstOpaqueN<detail::MemberN<SingletonMode---Type <return> to continue, or q <return> to quit---
l, void (char const*)>::instance<&SingletonModel::modelChanged>, void (SingletonModel&, char const*)>::thunk(void*, char const*) (environment=0x555559d2f458, args#0=0x555559d2fb80 "maps/meshes/urban/rioblue.md2")
at /home/myuser/annat/netradiant/libs/generic/callback.h:177
#28 0x00007fffe72b1825 in Callback<void (char const*)>::operator()(char const*) const (this=0x55555b2d09f0, args#0=0x555559d2fb80 "maps/meshes/urban/rioblue.md2") at /home/myuser/annat/netradiant/libs/generic/callback.h:221
#29 0x00007fffe729fbc4 in KeyValue::attach(Callback<void (char const*)> const&) (this=0x555559d2fb10, observer=...)
at /home/myuser/annat/netradiant/libs/entitylib.h:335
#30 0x00007fffe72a545a in KeyObserverMap::insert(char const*, EntityKeyValue&) (this=0x555559d2f348, key=0x555559c84410 "model", value=...)
at /home/myuser/annat/netradiant/plugins/entity/keyobservers.h:41
#31 0x00007fffe72a0aec in EntityKeyValues::attach(Entity::Observer&) (this=0x555559d2f2d0, observer=...) at /home/myuser/annat/netradiant/libs/entitylib.h:534
#32 0x00007fffe72f9e50 in MiscModel::instanceAttach(Stack<Reference<scene::Node> > const&) (this=0x555559d2f2c8, path=...)
at /home/myuser/annat/netradiant/plugins/entity/miscmodel.cpp:171
#33 0x00007fffe72fa5d0 in MiscModelInstance::MiscModelInstance(Stack<Reference<scene::Node> > const&, scene::Instance*, MiscModel&) (this=0x55555aec6e70, path=..., parent=0x555556415890, miscmodel=...)
at /home/myuser/annat/netradiant/plugins/entity/miscmodel.cpp:318
#34 0x00007fffe72fb026 in MiscModelNode::create(Stack<Reference<scene::Node> > c---Type <return> to continue, or q <return> to quit---
onst&, scene::Instance*) (this=0x555559d2f240, path=..., parent=0x555556415890)
at /home/myuser/annat/netradiant/plugins/entity/miscmodel.cpp:483
#35 0x00005555555c0c39 in InstanceSubgraphWalker::pre(scene::Node&) const (this=0x7fffffffc610, node=...)
at /home/myuser/annat/netradiant/libs/instancelib.h:45
#36 0x00005555555c009b in Node_traverseSubgraph(scene::Node&, scene::Traversable::Walker const&) (node=..., walker=...)
at /home/myuser/annat/netradiant/libs/scenelib.h:279
#37 0x00005555556899dd in TraversableNodeSet::traverse(scene::Traversable::Walker const&) (this=0x5555569188c0, walker=...)
at /home/myuser/annat/netradiant/libs/traverselib.h:197
#38 0x00005555555c00d4 in Node_traverseSubgraph(scene::Node&, scene::Traversable::Walker const&) (node=..., walker=...)
at /home/myuser/annat/netradiant/libs/scenelib.h:282
#39 0x00005555557176f1 in CompiledGraph::insert_root(scene::Node&) (this=0x555555bd87d0, root=...) at /home/myuser/annat/netradiant/radiant/scenegraph.cpp:105
#40 0x000055555568bec6 in Map::realise() (this=0x555555ab3ac0 <g_map>)
at /home/myuser/annat/netradiant/radiant/map.cpp:347
#41 0x00005555556fba6b in ModelResource::attach(ModuleObserver&) (this=0x555556b56d80, observer=...)
at /home/myuser/annat/netradiant/radiant/referencecache.cpp:461
#42 0x00005555556840e7 in Map_LoadFile(char const*) (filename=0x555555ad1d00 <g_file_dialog_file> "/home/myuser/annat/aa/data1/maps/mapsrc/dm-turbo2k15.map")
---Type <return> to continue, or q <return> to quit---
at /home/myuser/annat/netradiant/radiant/map.cpp:1036
#43 0x0000555555686500 in OpenMap() ()
at /home/myuser/annat/netradiant/radiant/map.cpp:1992
#44 0x00005555555bc319 in detail::FreeCallerWrapper<void ()>::call(void*) (f=0x5555556864ac <OpenMap()>)
at /home/myuser/annat/netradiant/libs/generic/callback.h:334
#45 0x00005555555bbaf7 in detail::BindFirstOpaqueN<detail::FreeCallerWrapper<void ()>, void (void*)>::thunk_(void*) (environment=0x5555556864ac <OpenMap()>)
at /home/myuser/annat/netradiant/libs/generic/callback.h:181
#46 0x00005555555babf9 in detail::BindFirstOpaqueN<detail::FreeCallerWrapper<void ()>, void (void*)>::thunk(void*) (environment=0x5555556864ac <OpenMap()>)
at /home/myuser/annat/netradiant/libs/generic/callback.h:177
#47 0x00007ffff6e0a10d in g_closure_invoke ()
at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#48 0x00007ffff6e1d05e in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#49 0x00007ffff6e25715 in g_signal_emit_valist ()
at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#50 0x00007ffff6e26608 in g_signal_emit_by_name ()
at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#51 0x00007ffff6e0a10d in g_closure_invoke ()
at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#52 0x00007ffff6e1d05e in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#53 0x00007ffff6e25715 in g_signal_emit_valist ()
---Type <return> to continue, or q <return> to quit---
at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#54 0x00007ffff6e2612f in g_signal_emit ()
at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#55 0x00007ffff73906f5 in () at /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#56 0x00007ffff6e0a10d in g_closure_invoke ()
at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#57 0x00007ffff6e1d12e in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#58 0x00007ffff6e25715 in g_signal_emit_valist ()
at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#59 0x00007ffff6e2612f in g_signal_emit ()
at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#60 0x00007ffff738f679 in () at /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#61 0x00007ffff743538b in () at /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#62 0x00007ffff6e0a10d in g_closure_invoke ()
at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#63 0x00007ffff6e1cde8 in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#64 0x00007ffff6e250af in g_signal_emit_valist ()
at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#65 0x00007ffff6e2612f in g_signal_emit ()
at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#66 0x00007ffff754b2bc in () at /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#67 0x00007ffff743362c in gtk_propagate_event ()
at /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
---Type <return> to continue, or q <return> to quit---
#68 0x00007ffff7433a2b in gtk_main_do_event ()
at /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#69 0x00007ffff70a902c in () at /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
#70 0x00007ffff6b30387 in g_main_context_dispatch ()
at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#71 0x00007ffff6b305c0 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#72 0x00007ffff6b308d2 in g_main_loop_run ()
at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#73 0x00007ffff7432a37 in gtk_main ()
at /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#74 0x000055555578d2bc in ui::main() ()
at /home/myuser/annat/netradiant/libs/uilib/uilib.cpp:29
#75 0x000055555566f6f4 in main(int, char**) (argc=1, argv=0x7fffffffde08)
at /home/myuser/annat/netradiant/radiant/main.cpp:673
So something about a newer version of picomodel being used?
Edited by Tom Nojerry