tags:

views:

267

answers:

1

I've probably included more than I needed to, but then again, I probably missed exactly what I needed to add. At any rate, below is a stack trace, some valgrind output, and some related code. The valgrind output probably explains most. I don't think the stack trace is worth much; maybe the program output right before it might be useful.

Here's where the program crashes and the stack trace.

Transition: LROWS: 64, LCOLS: 256, n: 15360, row: 7, col: 174, calc1: 15534, calc2: 328
Transition: LROWS: 64, LCOLS: 256, n: 15616, row: 7, col: 174, calc1: 15790, calc2: 328
Transition: LROWS: 64, LCOLS: 256, n: 15872, row: 7, col: 174, calc1: 16046, calc2: 328
Transition: LROWS: 64, LCOLS: 256, n: 16128, row: 7, col: 174, calc1: 16302, calc2: 328

Program received signal SIGSEGV, Segmentation fault.
0x04b57fd3 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQtCore.so.4
Missing separate debuginfos, use: debuginfo-install ImageMagick-6.5.1.2-1.fc11.i586 ImageMagick-c++-6.5.1.2-1.fc11.i586 bzip2-libs-1.0.5-5.fc11.i586 expat-2.0.1-6.fc11.1.i586 glibc-2.10.1-5.i686 libXt-1.0.5-2.fc11.i586 libvorbis-1.2.0-9.fc11.i586 qt-4.5.3-9.fc11.i586 qt-x11-4.5.3-9.fc11.i586
(gdb) bt
#0  0x04b57fd3 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQtCore.so.4
#1  0x04b58a22 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) ()
   from /usr/lib/libQtCore.so.4
#2  0x04b920a7 in QTimer::timeout() () from /usr/lib/libQtCore.so.4
#3  0x04b5d4fe in QTimer::timerEvent(QTimerEvent*) () from /usr/lib/libQtCore.so.4
#4  0x04b51edf in QObject::event(QEvent*) () from /usr/lib/libQtCore.so.4
#5  0x04d5f8b4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#6  0x04d67029 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#7  0x04b420ab in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#8  0x04b6f29e in ?? () from /usr/lib/libQtCore.so.4
#9  0x04b6cc30 in ?? () from /usr/lib/libQtCore.so.4
#10 0x07db6308 in g_main_dispatch (context=<value optimized out>) at gmain.c:1824
#11 IA__g_main_context_dispatch (context=<value optimized out>) at gmain.c:2377
#12 0x07db99e0 in g_main_context_iterate (context=0x8148c90, block=<value optimized out>, dispatch=1, 
    self=0x81437d8) at gmain.c:2455
#13 0x07db9b13 in IA__g_main_context_iteration (context=0x8148c90, may_block=1) at gmain.c:2518
#14 0x04b6cb7c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib/libQtCore.so.4
#15 0x04dfec45 in ?? () from /usr/lib/libQtGui.so.4
#16 0x04b40639 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib/libQtCore.so.4
#17 0x04b40a8a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#18 0x04b42f0f in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#19 0x04d5f737 in QApplication::exec() () from /usr/lib/libQtGui.so.4
#20 0x08054b57 in LCD::LCDControl::Start (this=0x80f73d0, argc=1, argv=0xbffff404) at LCDControl.cpp:33
#21 0x0805d636 in main (argc=1, argv=0xbffff404) at Main.cpp:20
(gdb)

Here's some output from valgrind.

Transition: LROWS: 64, LCOLS: 256, n: 15872, row: 7, col: 240, calc1: 16112, calc2: 64
Transition: LROWS: 64, LCOLS: 256, n: 16128, row: 7, col: 240, calc1: 16368, calc2: 64
Transition: LROWS: 64, LCOLS: 256, n: 0, row: 0, col: 9, calc1: 9, calc2: 988
==14585== 
==14585== Invalid read of size 1
==14585==    at 0x4007B88: memcpy (mc_replace_strmem.c:402)
==14585==    by 0x809509A: LCD::LCDGraphic::Transition() (LCDGraphic.cpp:490)
==14585==    by 0x8089D8C: LCD::Generic<LCD::LCDGraphic>::GraphicLayoutTransition() (Generic.h:512)
==14585==    by 0x80C2431: LCD::LCDWrapper::GraphicLayoutTransition() (LCDWrapper.h:61)
==14585==    by 0x80C20EC: LCD::LCDWrapper::qt_metacall(QMetaObject::Call, int, void**) (moc_LCDWrapper.cc:116)
==14585==    by 0x4B57DC2: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B58A21: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B920A6: QTimer::timeout() (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B5D4FD: QTimer::timerEvent(QTimerEvent*) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B51EDE: QObject::event(QEvent*) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4D5F8B3: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.3)
==14585==    by 0x4D67028: QApplication::notify(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.3)
==14585==  Address 0x61f38ef is 1 bytes before a block of size 65,536 alloc'd
==14585==    at 0x400612D: operator new[](unsigned int) (vg_replace_malloc.c:268)
==14585==    by 0x80938D7: LCD::LCDGraphic::GraphicInit(int, int, int, int, int) (LCDGraphic.cpp:84)
==14585==    by 0x8084AEE: LCD::DrvPicoGraphics::DrvPicoGraphics(std::string, LCD::LCDControl*, Json::Value*) (DrvPicoGraphics.cpp:52)
==14585==    by 0x8055562: LCD::LCDControl::ConfigSetup() (LCDControl.cpp:88)
==14585==    by 0x8054B51: LCD::LCDControl::Start(int, char**) (LCDControl.cpp:32)
==14585==    by 0x805D635: main (Main.cpp:20)
==14585== 
==14585== Invalid read of size 1
==14585==    at 0x4007B92: memcpy (mc_replace_strmem.c:402)
==14585==    by 0x809509A: LCD::LCDGraphic::Transition() (LCDGraphic.cpp:490)
==14585==    by 0x8089D8C: LCD::Generic<LCD::LCDGraphic>::GraphicLayoutTransition() (Generic.h:512)
==14585==    by 0x80C2431: LCD::LCDWrapper::GraphicLayoutTransition() (LCDWrapper.h:61)
==14585==    by 0x80C20EC: LCD::LCDWrapper::qt_metacall(QMetaObject::Call, int, void**) (moc_LCDWrapper.cc:116)
==14585==    by 0x4B57DC2: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B58A21: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B920A6: QTimer::timeout() (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B5D4FD: QTimer::timerEvent(QTimerEvent*) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B51EDE: QObject::event(QEvent*) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4D5F8B3: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.3)
==14585==    by 0x4D67028: QApplication::notify(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.3)
==14585==  Address 0x61f38ee is 2 bytes before a block of size 65,536 alloc'd
==14585==    at 0x400612D: operator new[](unsigned int) (vg_replace_malloc.c:268)
==14585==    by 0x80938D7: LCD::LCDGraphic::GraphicInit(int, int, int, int, int) (LCDGraphic.cpp:84)
==14585==    by 0x8084AEE: LCD::DrvPicoGraphics::DrvPicoGraphics(std::string, LCD::LCDControl*, Json::Value*) (DrvPicoGraphics.cpp:52)
==14585==    by 0x8055562: LCD::LCDControl::ConfigSetup() (LCDControl.cpp:88)
==14585==    by 0x8054B51: LCD::LCDControl::Start(int, char**) (LCDControl.cpp:32)
==14585==    by 0x805D635: main (Main.cpp:20)
==14585== 
==14585== Invalid read of size 1
==14585==    at 0x4007B9B: memcpy (mc_replace_strmem.c:402)
==14585==    by 0x809509A: LCD::LCDGraphic::Transition() (LCDGraphic.cpp:490)
==14585==    by 0x8089D8C: LCD::Generic<LCD::LCDGraphic>::GraphicLayoutTransition() (Generic.h:512)
==14585==    by 0x80C2431: LCD::LCDWrapper::GraphicLayoutTransition() (LCDWrapper.h:61)
==14585==    by 0x80C20EC: LCD::LCDWrapper::qt_metacall(QMetaObject::Call, int, void**) (moc_LCDWrapper.cc:116)
==14585==    by 0x4B57DC2: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B58A21: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B920A6: QTimer::timeout() (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B5D4FD: QTimer::timerEvent(QTimerEvent*) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B51EDE: QObject::event(QEvent*) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4D5F8B3: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.3)
==14585==    by 0x4D67028: QApplication::notify(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.3)
==14585==  Address 0x61f38ed is 3 bytes before a block of size 65,536 alloc'd
==14585==    at 0x400612D: operator new[](unsigned int) (vg_replace_malloc.c:268)
==14585==    by 0x80938D7: LCD::LCDGraphic::GraphicInit(int, int, int, int, int) (LCDGraphic.cpp:84)
==14585==    by 0x8084AEE: LCD::DrvPicoGraphics::DrvPicoGraphics(std::string, LCD::LCDControl*, Json::Value*) (DrvPicoGraphics.cpp:52)
==14585==    by 0x8055562: LCD::LCDControl::ConfigSetup() (LCDControl.cpp:88)
==14585==    by 0x8054B51: LCD::LCDControl::Start(int, char**) (LCDControl.cpp:32)
==14585==    by 0x805D635: main (Main.cpp:20)
==14585== 
==14585== Invalid read of size 1
==14585==    at 0x4007BA4: memcpy (mc_replace_strmem.c:402)
==14585==    by 0x809509A: LCD::LCDGraphic::Transition() (LCDGraphic.cpp:490)
==14585==    by 0x8089D8C: LCD::Generic<LCD::LCDGraphic>::GraphicLayoutTransition() (Generic.h:512)
==14585==    by 0x80C2431: LCD::LCDWrapper::GraphicLayoutTransition() (LCDWrapper.h:61)
==14585==    by 0x80C20EC: LCD::LCDWrapper::qt_metacall(QMetaObject::Call, int, void**) (moc_LCDWrapper.cc:116)
==14585==    by 0x4B57DC2: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B58A21: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B920A6: QTimer::timeout() (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B5D4FD: QTimer::timerEvent(QTimerEvent*) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4B51EDE: QObject::event(QEvent*) (in /usr/lib/libQtCore.so.4.5.3)
==14585==    by 0x4D5F8B3: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.3)
==14585==    by 0x4D67028: QApplication::notify(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.3)
==14585==  Address 0x61f38ec is 4 bytes before a block of size 65,536 alloc'd
==14585==    at 0x400612D: operator new[](unsigned int) (vg_replace_malloc.c:268)
==14585==    by 0x80938D7: LCD::LCDGraphic::GraphicInit(int, int, int, int, int) (LCDGraphic.cpp:84)
==14585==    by 0x8084AEE: LCD::DrvPicoGraphics::DrvPicoGraphics(std::string, LCD::LCDControl*, Json::Value*) (DrvPicoGraphics.cpp:52)
==14585==    by 0x8055562: LCD::LCDControl::ConfigSetup() (LCDControl.cpp:88)
==14585==    by 0x8054B51: LCD::LCDControl::Start(int, char**) (LCDControl.cpp:32)
==14585==    by 0x805D635: main (Main.cpp:20)
Transition: LROWS: 64, LCOLS: 256, n: 256, row: 0, col: 9, calc1: 265, calc2: 988
Transition: LROWS: 64, LCOLS: 256, n: 512, row: 0, col: 9, calc1: 521, calc2: 988

Here's LCDGraphic::Transition():

void LCDGraphic::Transition() {
    int direction = visitor_->GetDirection();
    int col;
    transitioning_ = true;
    for(unsigned int row = 0; row < LROWS / YRES; row++) {
        if( direction == TRANSITION_LEFT ||
            (direction == TRANSITION_BOTH && row % 2 == 0))
            col = LCOLS - transition_tick_ - 1;
        else if( direction == TRANSITION_RIGHT || direction == TRANSITION_BOTH)
            col = transition_tick_;
        else
            col = 0;
        if(col < 0)
            col = 0;

        for(unsigned int i = 0; i < YRES; i++) {
            int n = row * YRES * LCOLS + i * LCOLS;
            RGBA tmp[LCOLS];
            LCDError("Transition: LROWS: %u, LCOLS: %u, n: %d, row: %d, col: %d, calc1: %d, calc2: %d", 
            LROWS, LCOLS, n, row, col, n + col, (LCOLS - col) * sizeof(RGBA));
            memcpy(tmp + XRES, GraphicFB + n + col + XRES, (LCOLS - col) * sizeof(RGBA));
            for(unsigned j = 0; j < XRES; j++)
                tmp[j] = NO_COL;
            memcpy(GraphicFB + n + col, tmp, sizeof(RGBA) * (LCOLS - col));

        }

    }

    transition_tick_+=XRES;
    if( transition_tick_ >= (int)LCOLS ) {
        transitioning_ = false;
        transition_tick_ = 0;
        emit static_cast<LCDEvents *>(
            visitor_->GetWrapper())->_TransitionFinished();
    }

    GraphicBlit(0, 0, LROWS, LCOLS);
}

Here's LCDGraphic::GraphicInit:

void LCDGraphic::GraphicInit(const int rows, const int cols,
    const int yres, const int xres, const int layers) {
    LROWS = rows;
    LCOLS = cols;
    YRES = yres;
    XRES = xres;
    LAYERS = layers;

    GraphicFB = (RGBA **)malloc(sizeof(RGBA **) * layers);

    for(int l = 0; l < layers; l++) {
        GraphicFB[l] = new RGBA[rows * cols];
    }

    for(int l = 0; l < layers; l++)
        for(int i = 0; i < cols * rows; i++)
            GraphicFB[l][i] = NO_COL;

}
+3  A: 

The problem is in one of your two memcpys, either:

memcpy(tmp + XRES, GraphicFB + n + col + XRES, (LCOLS - col) * sizeof(RGBA));

Or:

memcpy(GraphicFB + n + col, tmp, sizeof(RGBA) * (LCOLS - col));

Can't tell which without the line numbers, but since it's an invalid read rather than an invalid write, it's fair to assume that either the second or third of your arguments is invalid.

Try adding a print statement that prints out the addresses there for the source addresses and see if you're overrunning the buffer; I expect you are.

scotchi
Oops forgot to add those line numbers. It was the first one.
Scott
See this is the issue I've been having. I've known where the problem is, but the numbers in the output don't reveal anything wrong.
Scott
I'd add a line like:assert(sizeof(RGBA **) * layers <= (n + col + XRES) + ((LCOLS - col) * sizeof(RGBA)));
scotchi
Oh snap. I just realized what I did wrong. Layers! *sigh* I forgot all about them.
Scott
It should be `GraphicFB[layer] + n + col + XRES` etc...
Scott