[Scummvm-tracker] [ScummVM] #10524: Thread safety issue with MemoryPool

Thierry Crozat trac at scummvm.org
Sun May 13 21:25:30 CEST 2018


#10524: Thread safety issue with MemoryPool
-------------------+-----------------------
Reporter:  criezy  |      Owner:  (none)
    Type:  defect  |     Status:  new
Priority:  normal  |  Component:  --Other--
Keywords:          |       Game:
-------------------+-----------------------
 I have had random crashes when enabling networking code for a while. Today
 I finally managed to get a backtrace for it, and it turns out this is due
 to MemoryPool not being thread safe and being accessed from two separate
 threads simultaneously.

 Here is all the information I got so that it doesn't get lost:

 First here is the reason of the crash:

 {{{
 * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS
 (code=1, address=0x109261ca800)
     frame #0: 0x0000000101e89b69
 scummvm`Common::MemoryPool::allocChunk(this=0x0000000104c07a70) at
 memorypool.cpp:105
    102
    103          assert(_next);
    104          void *result = _next;
 -> 105          _next = *(void **)result;
    106          return result;
    107  }
    108
   thread #10, name = 'SDLTimer', stop reason = EXC_BAD_ACCESS (code=1,
 address=0x109261ca800)
     frame #0: 0x0000000101e89b69
 scummvm`Common::MemoryPool::allocChunk(this=0x0000000104c07a70) at
 memorypool.cpp:105
    102
    103          assert(_next);
    104          void *result = _next;
 -> 105          _next = *(void **)result;
    106          return result;
    107  }
    108
 }}}

 Here is the backtrace for thread 1:
 {{{
 * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS
 (code=1, address=0x109261ca800)
   * frame #0: 0x0000000101e89b69
 scummvm`Common::MemoryPool::allocChunk(this=0x0000000104c07a70) at
 memorypool.cpp:105
     frame #1: 0x0000000101e9572b
 scummvm`Common::String::incRefCount(this=0x00007fff5fbb8858) const at
 str.cpp:181
     frame #2: 0x0000000101e954de
 scummvm`Common::String::String(this=0x00007fff5fbb8880,
 str=0x00007fff5fbb8858) at str.cpp:85
     frame #3: 0x0000000101e9577d
 scummvm`Common::String::String(this=0x00007fff5fbb8880,
 str=0x00007fff5fbb8858) at str.cpp:78
     frame #4: 0x0000000101e98728
 scummvm`Common::operator+(x=0x00007fff5fbb8858, y=".Visible") at
 str.cpp:742
     frame #5: 0x0000000101c1edb5
 scummvm`GUI::Widget::isVisible(this=0x0000000104c79350) const at
 widget.cpp:208
     frame #6: 0x0000000101c1e72a
 scummvm`GUI::Widget::draw(this=0x0000000104c79350) at widget.cpp:102
     frame #7: 0x0000000101c1e97b
 scummvm`GUI::Widget::draw(this=0x0000000104c66e00) at widget.cpp:146
     frame #8: 0x0000000101c2f53f
 scummvm`GUI::TabWidget::draw(this=0x0000000104c66e00) at tab.cpp:332
     frame #9: 0x0000000101bbf82e
 scummvm`GUI::Dialog::drawWidgets(this=0x00007fff5fbb9278) at
 dialog.cpp:185
     frame #10: 0x0000000101bbf7cf
 scummvm`GUI::Dialog::drawDialog(this=0x00007fff5fbb9278,
 layerToDraw=kDrawLayerForeground) at dialog.cpp:173
     frame #11: 0x0000000101bce13d
 scummvm`GUI::GuiManager::redraw(this=0x0000000105087200) at gui-
 manager.cpp:253
     frame #12: 0x0000000101bcf54d
 scummvm`GUI::GuiManager::closeTopDialog(this=0x0000000105087200) at gui-
 manager.cpp:478
     frame #13: 0x0000000101bbf512
 scummvm`GUI::Dialog::close(this=0x00007fff5fbb8dc8) at dialog.cpp:102
     frame #14: 0x0000000101c2a459
 scummvm`GUI::PopUpDialog::handleMouseUp(this=0x00007fff5fbb8dc8, x=34,
 y=244, button=1, clickCount=1) at popup.cpp:182
     frame #15: 0x0000000101bcef88
 scummvm`GUI::GuiManager::processEvent(this=0x0000000105087200,
 event=0x00007fff5fbb8d00, activeDialog=0x00007fff5fbb8dc8) at gui-
 manager.cpp:588
     frame #16: 0x0000000101bce72a
 scummvm`GUI::GuiManager::runLoop(this=0x0000000105087200) at gui-
 manager.cpp:359
     frame #17: 0x0000000101bbf3da
 scummvm`GUI::Dialog::runModal(this=0x00007fff5fbb8dc8) at dialog.cpp:80
     frame #18: 0x0000000101c2aee2
 scummvm`GUI::PopUpWidget::handleMouseDown(this=0x0000000104c7aca0, x=84,
 y=10, button=1, clickCount=1) at popup.cpp:409
     frame #19: 0x0000000101bbf99a
 scummvm`GUI::Dialog::handleMouseDown(this=0x00007fff5fbb9278, x=225, y=53,
 button=1, clickCount=1) at dialog.cpp:205
     frame #20: 0x0000000101bcef36
 scummvm`GUI::GuiManager::processEvent(this=0x0000000105087200,
 event=0x00007fff5fbb9040, activeDialog=0x00007fff5fbb9278) at gui-
 manager.cpp:583
     frame #21: 0x0000000101bce72a
 scummvm`GUI::GuiManager::runLoop(this=0x0000000105087200) at gui-
 manager.cpp:359
     frame #22: 0x0000000101bbf3da
 scummvm`GUI::Dialog::runModal(this=0x00007fff5fbb9278) at dialog.cpp:80
     frame #23: 0x0000000101bd4a53
 scummvm`GUI::LauncherDialog::handleCommand(this=0x00007fff5fbb9988,
 sender=0x0000000104d5ce70, cmd=1330664526, data=0) at launcher.cpp:646
     frame #24: 0x0000000101c95ca5
 scummvm`GUI::CommandSender::sendCommand(this=0x0000000104d5ce70,
 cmd=1330664526, data=0) at object.h:55
     frame #25: 0x0000000101c1fba1
 scummvm`GUI::ButtonWidget::handleMouseUp(this=0x0000000104d5ce70, x=60,
 y=11, button=1, clickCount=1) at widget.cpp:332
     frame #26: 0x0000000101bbfb04
 scummvm`GUI::Dialog::handleMouseUp(this=0x00007fff5fbb9988, x=569, y=292,
 button=1, clickCount=1) at dialog.cpp:226
     frame #27: 0x0000000101bcef88
 scummvm`GUI::GuiManager::processEvent(this=0x0000000105087200,
 event=0x00007fff5fbb9900, activeDialog=0x00007fff5fbb9988) at gui-
 manager.cpp:588
     frame #28: 0x0000000101bce72a
 scummvm`GUI::GuiManager::runLoop(this=0x0000000105087200) at gui-
 manager.cpp:359
     frame #29: 0x0000000101bbf3da
 scummvm`GUI::Dialog::runModal(this=0x00007fff5fbb9988) at dialog.cpp:80
     frame #30: 0x000000010000a9b4 scummvm`launcherDialog() at main.cpp:106
     frame #31: 0x0000000100009cbe scummvm`::scummvm_main(argc=1,
 argv=0x00007fff5fbffb08) at main.cpp:501
     frame #32: 0x0000000100007af0 scummvm`main(argc=1,
 argv=0x00007fff5fbffb08) at macosx-main.cpp:45
     frame #33: 0x00007fff93fd3235 libdyld.dylib`start + 1
     frame #34: 0x00007fff93fd3235 libdyld.dylib`start + 1
 }}}

 And here is the backtrace for thread 10:
 {{{
 * thread #10, name = 'SDLTimer', stop reason = EXC_BAD_ACCESS (code=1,
 address=0x109261ca800)
   * frame #0: 0x0000000101e89b69
 scummvm`Common::MemoryPool::allocChunk(this=0x0000000104c07a70) at
 memorypool.cpp:105
     frame #1: 0x0000000101e9572b
 scummvm`Common::String::incRefCount(this=0x000070000a3f6920) const at
 str.cpp:181
     frame #2: 0x0000000101e954de
 scummvm`Common::String::String(this=0x0000000114b0e1a0,
 str=0x000070000a3f6920) at str.cpp:85
     frame #3: 0x0000000101e9577d
 scummvm`Common::String::String(this=0x0000000114b0e1a0,
 str=0x000070000a3f6920) at str.cpp:78
     frame #4: 0x0000000101e825cd
 scummvm`Common::JSONValue::JSONValue(this=0x0000000114b0e220,
 stringValue=0x000070000a3f6920) at json.cpp:537
     frame #5: 0x0000000101e8216d
 scummvm`Common::JSONValue::JSONValue(this=0x0000000114b0e220,
 stringValue=0x000070000a3f6920) at json.cpp:535
     frame #6: 0x0000000101e7fba9
 scummvm`Common::JSONValue::parse(data=0x000070000a3f8b20) at json.cpp:281
     frame #7: 0x0000000101e80aaf
 scummvm`Common::JSONValue::parse(data=0x000070000a3f8b20) at json.cpp:409
     frame #8: 0x0000000101e813f6
 scummvm`Common::JSONValue::parse(data=0x000070000a3f8b20) at json.cpp:466
     frame #9: 0x0000000101e80aaf
 scummvm`Common::JSONValue::parse(data=0x000070000a3f8b20) at json.cpp:409
     frame #10: 0x0000000101e7f871 scummvm`Common::JSON::parse(data="},
 {\".tag\": \"file\", \"name\": \"comi-fr.s14\", \"path_lower\": \"/saves
 /comi-fr.s14\", \"path_display\": \"/saves/comi-fr.s14\", \"id\":
 \"id:EW6r9glAsrAAAAAAAAAA5w\", \"client_modified\":
 \"2016-09-18T04:33:54Z\", \"server_modified\": \"2016-09-18T04:33:54Z\",
 \"rev\": \"e74da51434\", \"size\": 92075, \"content_hash\":
 \"62604193f7a654dee5a00f9a38e83b560dab2b1fd6b48cdb4db3a5c2daf7c58d\"},
 {\".tag\": \"file\", \"name\": \"comi-fr.s13\", \"path_lower\": \"/saves
 /comi-fr.s13\", \"path_display\": \"/saves/comi-fr.s13\", \"id\":
 \"id:EW6r9glAsrAAAAAAAAAA6A\", \"client_modified\":
 \"2016-09-18T04:33:58Z\", \"server_modified\": \"2016-09-18T04:33:58Z\",
 \"rev\": \"e84da51434\", \"size\": 82812, \"content_hash\":
 \"63b98d2446e54eaa0ec8535d6eb72087bf85b70b17f7bfd8e235df80ea91737e\"},
 {\".tag\": \"file\", \"name\": \"comi-fr.s12\", \"path_lower\": \"/saves
 /comi-fr.s12\", \"path_display\": \"/saves/comi-fr.s12\", \"id\":
 \"id:EW6r9glAsrAAAAAAAAAA6Q\", \"client_modified\":
 \"2016-09-18T04:34:02Z\", \"server_modified\": \"2016-09-18T04:34:02Z\",
 \"rev\": \"e94da51434\", \"size\": 78583, \"content_hash\":
 \"f30e111adee5d01b6c8ca"...) at json.cpp:82
     frame #11: 0x0000000101c8c54b
 scummvm`Networking::CurlJsonRequest::handle(this=0x000000010686d800) at
 curljsonrequest.cpp:75
     frame #12: 0x0000000101c88144
 scummvm`Networking::ConnectionManager::interateRequests(this=0x0000000104d73e10)
 at connectionmanager.cpp:159
     frame #13: 0x0000000101c87f1e
 scummvm`Networking::ConnectionManager::handle(this=0x0000000104d73e10) at
 connectionmanager.cpp:135
     frame #14: 0x0000000101c87e99
 scummvm`Networking::connectionsThread(ignored=0x0000000000000000) at
 connectionmanager.cpp:104
     frame #15: 0x0000000101c501b1
 scummvm`DefaultTimerManager::handler(this=0x0000000104e57de0) at default-
 timer.cpp:105
     frame #16: 0x0000000101cc6edb scummvm`timer_handler(interval=10,
 param=0x0000000104e57de0) at sdl-timer.cpp:33
     frame #17: 0x000000010442afa9
 libSDL2-2.0.0.dylib`SDL_TimerThread(_data=0x00000001044a8618) at
 SDL_timer.c:166 [opt]
     frame #18: 0x000000010442a94c
 libSDL2-2.0.0.dylib`SDL_RunThread(data=0x0000000104e52b30) at
 SDL_thread.c:283 [opt]
     frame #19: 0x0000000104484369
 libSDL2-2.0.0.dylib`RunThread(data=<unavailable>) at SDL_systhread.c:74
 [opt]
     frame #20: 0x00007fff941ec93b libsystem_pthread.dylib`_pthread_body +
 180
     frame #21: 0x00007fff941ec887 libsystem_pthread.dylib`_pthread_start +
 286
     frame #22: 0x00007fff941ec08d libsystem_pthread.dylib`thread_start +
 13
 }}}

--
Ticket URL: <https://bugs.scummvm.org/ticket/10524>
ScummVM <https://bugs.scummvm.org>
ScummVM


More information about the Scummvm-tracker mailing list