search

gtkforphp / cairo

PHP extension for Cairo Graphics Library
Other
27 stars 19 forks source link

memory leak / segmentation fault after ft_mem_free() when using freetype . #2

Closed swen100 closed 9 years ago

swen100 commented 11 years ago

This error still exists, so i thought i give more detailed informations.

I am able to reproduce a memory leak with the following script:

<?php
$fontFile = dirname(__FILE__) . "/Vera.ttf";

$surface = new \CairoImageSurface(
    CairoFormat::ARGB32,
    750,
    750
);
$context = new \CairoContext( $surface );

try {
    $fontFaceObject = new \CairoFtFontFace($fontFile);
    //$fontFaceObject = cairo_ft_font_face_create($fontFile);
    $context->setFontFace( $fontFaceObject );
    $CairoFontMatrix = new \CairoMatrix();

    $CairoFontMatrix->scale( 12, 12 );

    for( $i = 0; $i < 10; ++$i ) {
        $angle = rand(1, 360);
        $CairoFontMatrix->rotate(deg2rad($angle));
        $context->setFontMatrix( $CairoFontMatrix );

        $x = rand(0, 750);
        $y = rand(0, 750);
        $context->MoveTo( $x, $y );
        $context->textPath( "blah" );

        $context->setSourceRgba(
            rand(0,255) / 255, rand(0,255) / 255, rand(0,255) / 255, 1 - rand(0,255) / 255
        );
        $context->fill();
    }

} catch (\CairoException $exc) {
    echo "<pre>";
    print_r($exc);
    print_r($fontFaceObject);
    echo $exc->getMessage();
    echo $exc->getTraceAsString();
    die();
}

header( "Content-Type: image/png" );
$surface->writeToPng( "php://output" );

unset($context);
unset($surface);
unset($fontFaceObject);
swen100 commented 9 years ago

System is: OpenSuse 13.1 Apache 2.4 PHP 5.5.17 nts debug Cairo 1.12.16 Freetype 2.5.0.1 Cairo-Extenion: 0.3.2 (PECL) and 0.3.2dev (Github)

php-error.log:

[Wed Oct 15 09:53:23 2014]  Script:  'ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZä—'
/usr/src/php-5.5.10/Zend/zend_vm_execute.h(757) :  Freeing 0x7F1A7ED080F8 (32 bytes), script=ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZä—
Last leak repeated 1498 times
=== ***Total 1499 memory leaks detected*** ===

segmentation fault also exists in github version. As i can remember this issue was introduced with version 0.2.

Program received signal SIGSEGV, Segmentation fault.õê{G§2ÀÔi_?ÒÝ^ßy¬OÊ¥:
0x00007ffff582d755 in ft_mem_free () from /usr/lib64/libfreetype.so.6
(gdb) bt
#0  0x00007ffff582d755 in ft_mem_free () from /usr/lib64/libfreetype.so.6
#1  0x00007ffff582e46c in FT_Stream_ReleaseFrame () from /usr/lib64/libfreetype.so.6
#2  0x00007ffff5866177 in ?? () from /usr/lib64/libfreetype.so.6
#3  0x00007ffff583a129 in ?? () from /usr/lib64/libfreetype.so.6
#4  0x00007ffff583069c in ?? () from /usr/lib64/libfreetype.so.6
#5  0x00007ffff58307a1 in FT_Done_Face () from /usr/lib64/libfreetype.so.6
#6  0x00007ffff5832119 in FT_Done_Library () from /usr/lib64/libfreetype.so.6
#7  0x00007ffff5828eae in FT_Done_FreeType () from /usr/lib64/libfreetype.so.6
#8  0x00007ffff20592e4 in zm_globals_dtor_cairo (cairo_globals=0x7ffff2289cf0 <cairo_globals>) at /usr/src/cairo/cairo.c:53
#9  0x0000000000989a01 in module_destructor (module=0x14e6a90) at /usr/src/php-5.5.17/Zend/zend_API.c:2371
#10 0x0000000000992123 in zend_hash_apply_deleter (ht=0x1453d20 <module_registry>, p=0x14e6a30) at /usr/src/php-5.5.17/Zend/zend_hash.c:650
#11 0x00000000009922be in zend_hash_graceful_reverse_destroy (ht=0x1453d20 <module_registry>) at /usr/src/php-5.5.17/Zend/zend_hash.c:687
#12 0x0000000000987c1b in zend_destroy_modules () at /usr/src/php-5.5.17/Zend/zend_API.c:1895
#13 0x000000000097e7f0 in zend_shutdown () at /usr/src/php-5.5.17/Zend/zend.c:831
#14 0x00000000008eda94 in php_module_shutdown () at /usr/src/php-5.5.17/main/main.c:2384
#15 0x0000000000a2eff0 in main (argc=2, argv=0x1455110) at /usr/src/php-5.5.17/sapi/cli/php_cli.c:1393
swen100 commented 9 years ago

this is the error i get on the page:

Fatal error: Uncaught exception 'CairoException' with message 'CairoFtFontFace::__construct(): An error occurred opening the file' in /srv/www/htdocs/cairo_test/CairoFtFontFace/cairo_ft.php on line 19
( ! ) CairoException: CairoFtFontFace::__construct(): An error occurred opening the file in /srv/www/htdocs/cairo_test/CairoFtFontFace/cairo_ft.php on line 19

CairoException Object
(
    [message:protected] => CairoFtFontFace::__construct(): An error occurred opening the file
    [string:Exception:private] => 
    [code:protected] => 85
    [file:protected] => /srv/www/htdocs/cairo_test/CairoFtFontFace/cairo_ft.php
    [line:protected] => 21
    [trace:Exception:private] => Array
        (
            [0] => Array
                (
                    [file] => /srv/www/htdocs/cairo_test/CairoFtFontFace/cairo_ft.php
                    [line] => 21
                    [function] => __construct
                    [class] => CairoFtFontFace
                    [type] => ->
                    [args] => Array
                        (
                            [0] => /srv/www/htdocs/cairo_test/CairoFtFontFace/Vera.ttf
                        )

                )

        )

    [previous:Exception:private] => 
    [xdebug_message] => ( ! ) CairoException: CairoFtFontFace::__construct(): An error occurred opening the file in /srv/www/htdocs/cairo_test/CairoFtFontFace/cairo_ft.php on line 21
Call Stack
#TimeMemoryFunctionLocation
10.0010272784{main}(  )../cairo_ft.php:0
20.0017274968__construct
(  )../cairo_ft.php:21
swen100 commented 9 years ago

For me it seems, that something is not closed/freed after script exits.

swen100 commented 9 years ago

what is the difference between usage of cairo_globals.v and cairo_globals->ft_lib ? in other words: what does "CAIROG(v) (cairo_globals.v)" do? (defined in php_cairo.h) it is three times used in cairo_ft_font.c: ft_lib = &CAIROG(ft_lib);

is here something wrong, so that the the last function "PHP_GSHUTDOWN_FUNCTION" with FT_Done_FreeType(cairo_globals->ft_lib); leads to a memory leak?

swen100 commented 9 years ago

Hm, if i remove the line

FT_Done_FreeType(cairo_globals->ft_lib);

in cairo.c then there is no memory leak. Is this good?

auroraeosrose commented 9 years ago

ouch, please don't, then if your fontface load DOESN'T fail you'll leak!!

ok it looks like this is actually a bug when doing a freetype font face creation FAILS and we get an exception - (freetype doesn't like whatever file it is that you're trying to load, or it doesn't exist, or it doesn't like the permissions on the file, that's why you get that error) - for some reason it's not seeing that ft_lib is NULL, I may need to add an additional item to the globals that flag if ft_lib needs to be free'd (sigh)

CAIROG(v) accesses extension globals you don't do that in a GINIT function because the globals struct is passed in directly - this is part of the "magic" of TSRM

auroraeosrose commented 9 years ago

Can you do a weird check for me? Can you try using the function version instead of object for creating a freetype font there? cairo_ft_font_face_create

swen100 commented 9 years ago

Hi Elizabeth,

no, please dont get me wrong, the load of the fontface does not fail! It was only a new error message i got once, after the script quit with error before, thats all. The script runs "fine" so far. May be that it was the pecl-version i got this error with, because with the github-version this error does not occur. Please take my tiny script and run it, so you will see that it runs fine.

I have tried it out with the function version and i get the same segmentation fault message.

auroraeosrose commented 9 years ago

In not sure exactly what was causing the issue but somehow something was freeing freetype before we tried to do it - can you please test this against a new build from git please? It's working great for me now

swen100 commented 9 years ago

Hi Elizabeth, i am sorry, i still get a segfault. Here is the backtrace (looks very different to the first one):

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff582d755 in ft_mem_free () from /usr/lib64/libfreetype.so.6
(gdb) bt
#0  0x00007ffff582d755 in ft_mem_free () from /usr/lib64/libfreetype.so.6
#1  0x00007ffff582e46c in FT_Stream_ReleaseFrame () from /usr/lib64/libfreetype.so.6
#2  0x00007ffff5866177 in ?? () from /usr/lib64/libfreetype.so.6
#3  0x00007ffff583a129 in ?? () from /usr/lib64/libfreetype.so.6
#4  0x00007ffff583069c in ?? () from /usr/lib64/libfreetype.so.6
#5  0x00007ffff58307a1 in FT_Done_Face () from /usr/lib64/libfreetype.so.6
#6  0x00007ffff5832119 in FT_Done_Library () from /usr/lib64/libfreetype.so.6
#7  0x00007ffff5828eae in FT_Done_FreeType () from /usr/lib64/libfreetype.so.6
#8  0x00007ffff1e31d80 in cairo_ft_font_face_object_destroy (object=0x7ffff7fbf1d8) at /usr/src/cairo/cairo_ft_font.c:295
#9  0x00000000009b75f0 in zend_objects_store_del_ref_by_handle_ex (handle=3, handlers=0x142f260 <std_object_handlers>) at /usr/src/php-5.5.17/Zend/zend_objects_API.c:226
#10 0x00000000009b7338 in zend_objects_store_del_ref (zobject=0x7ffff7fc06a0) at /usr/src/php-5.5.17/Zend/zend_objects_API.c:178
#11 0x000000000097c645 in _zval_dtor_func (zvalue=0x7ffff7fc06a0, __zend_filename=0xeee458 "/usr/src/php-5.5.17/Zend/zend_execute.h", __zend_lineno=81)
    at /usr/src/php-5.5.17/Zend/zend_variables.c:54
#12 0x0000000000968d65 in _zval_dtor (zvalue=0x7ffff7fc06a0, __zend_filename=0xeee458 "/usr/src/php-5.5.17/Zend/zend_execute.h", __zend_lineno=81)
    at /usr/src/php-5.5.17/Zend/zend_variables.h:35
#13 0x0000000000968e2c in i_zval_ptr_dtor (zval_ptr=0x7ffff7fc06a0, __zend_filename=0xef0410 "/usr/src/php-5.5.17/Zend/zend_variables.c", __zend_lineno=182)
    at /usr/src/php-5.5.17/Zend/zend_execute.h:81
#14 0x000000000096a062 in _zval_ptr_dtor (zval_ptr=0x7ffff7fbf638, __zend_filename=0xef0410 "/usr/src/php-5.5.17/Zend/zend_variables.c", __zend_lineno=182)
    at /usr/src/php-5.5.17/Zend/zend_execute_API.c:426
#15 0x000000000097ca38 in _zval_ptr_dtor_wrapper (zval_ptr=0x7ffff7fbf638) at /usr/src/php-5.5.17/Zend/zend_variables.c:182
#16 0x0000000000991bea in zend_hash_del_key_or_index (ht=0x14535e8 <executor_globals+360>, arKey=0x7ffff7f03798 "fontFaceObject", nKeyLength=15, h=9924879587585365474,
    flag=2) at /usr/src/php-5.5.17/Zend/zend_hash.c:532
#17 0x000000000096df17 in zend_delete_variable (ex=0x0, ht=0x14535e8 <executor_globals+360>, name=0x7ffff7f03798 "fontFaceObject", name_len=15,
---Type <return> to continue, or q <return> to quit---
    hash_value=9924879587585365474) at /usr/src/php-5.5.17/Zend/zend_execute_API.c:1685
#18 0x0000000000a2600f in ZEND_UNSET_VAR_SPEC_CV_UNUSED_HANDLER (execute_data=0x7ffff7f847c8) at /usr/src/php-5.5.17/Zend/zend_vm_execute.h:38549
#19 0x00000000009be64e in execute_ex (execute_data=0x7ffff7f847c8) at /usr/src/php-5.5.17/Zend/zend_vm_execute.h:363
#20 0x00007ffff2275d70 in xdebug_execute_ex (execute_data=0x7ffff7f847c8) at /tmp/pear/temp/xdebug/xdebug.c:1437
#21 0x00000000009be6d7 in zend_execute (op_array=0x7ffff7fbe670) at /usr/src/php-5.5.17/Zend/zend_vm_execute.h:388
#22 0x0000000000980059 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-5.5.17/Zend/zend.c:1330
#23 0x00000000008edead in php_execute_script (primary_file=0x7fffffffdfe0) at /usr/src/php-5.5.17/main/main.c:2506
#24 0x0000000000a2de6c in do_cli (argc=2, argv=0x1455110) at /usr/src/php-5.5.17/sapi/cli/php_cli.c:994
#25 0x0000000000a2ef8e in main (argc=2, argv=0x1455110) at /usr/src/php-5.5.17/sapi/cli/php_cli.c:1378
swen100 commented 9 years ago

In addition my test-script fails completely.

I get the error: "[fcgid:error] [pid 7420] mod_fcgid: process /srv/www/cgi-bin/php5_wrapper(7431) exit(communication error), get unexpected signal 11"

Hm, when i remove the part with rotation, i get a different error: "[core:error] [pid 12212] [client 192.168.1.57:57070] End of script output before headers: cairo_ft.php"

swen100 commented 9 years ago

Hi Elizabeth,

did you find some time again to take a look at the code? I tried it again also after i made some updates to my system (OpenSuse, PHP, e.t.c.)

Cairo 0.3.2beta from Git PHP 5.5.18 nts debug with Xdebug v2.2.4 Freetype 2.5.0.1-2.1.2 same script as shown above in this ticket

here is my backtrace, seems to be identical as shown previously:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff582b755 in ft_mem_free () from /usr/lib64/libfreetype.so.6
(gdb) bt
#0  0x00007ffff582b755 in ft_mem_free () from /usr/lib64/libfreetype.so.6
#1  0x00007ffff582c46c in FT_Stream_ReleaseFrame () from /usr/lib64/libfreetype.so.6
#2  0x00007ffff5864177 in ?? () from /usr/lib64/libfreetype.so.6
#3  0x00007ffff5838129 in ?? () from /usr/lib64/libfreetype.so.6
#4  0x00007ffff582e69c in ?? () from /usr/lib64/libfreetype.so.6
#5  0x00007ffff582e7a1 in FT_Done_Face () from /usr/lib64/libfreetype.so.6
#6  0x00007ffff5830119 in FT_Done_Library () from /usr/lib64/libfreetype.so.6
#7  0x00007ffff5826eae in FT_Done_FreeType () from /usr/lib64/libfreetype.so.6
#8  0x00007ffff1e2fd80 in cairo_ft_font_face_object_destroy (object=0x7ffff7fbd008) at /usr/src/cairo/cairo_ft_font.c:295
#9  0x00000000009b7658 in zend_objects_store_del_ref_by_handle_ex (handle=3, handlers=0x142f260 <std_object_handlers>) at /usr/src/php-5.5.18/Zend/zend_objects_API.c:226
#10 0x00000000009b73a0 in zend_objects_store_del_ref (zobject=0x7ffff7fbfee8) at /usr/src/php-5.5.18/Zend/zend_objects_API.c:178
#11 0x000000000097c69d in _zval_dtor_func (zvalue=0x7ffff7fbfee8, __zend_filename=0xeee518 "/usr/src/php-5.5.18/Zend/zend_execute.h", __zend_lineno=81) at /usr/src/php-5.5.18/Zend/zend_variables.c:54
#12 0x0000000000968dbd in _zval_dtor (zvalue=0x7ffff7fbfee8, __zend_filename=0xeee518 "/usr/src/php-5.5.18/Zend/zend_execute.h", __zend_lineno=81) at /usr/src/php-5.5.18/Zend/zend_variables.h:35
#13 0x0000000000968e84 in i_zval_ptr_dtor (zval_ptr=0x7ffff7fbfee8, __zend_filename=0xef04d0 "/usr/src/php-5.5.18/Zend/zend_variables.c", __zend_lineno=183) at /usr/src/php-5.5.18/Zend/zend_execute.h:81
#14 0x000000000096a0ba in _zval_ptr_dtor (zval_ptr=0x7ffff7fbd588, __zend_filename=0xef04d0 "/usr/src/php-5.5.18/Zend/zend_variables.c", __zend_lineno=183)
    at /usr/src/php-5.5.18/Zend/zend_execute_API.c:426
#15 0x000000000097caa0 in _zval_ptr_dtor_wrapper (zval_ptr=0x7ffff7fbd588) at /usr/src/php-5.5.18/Zend/zend_variables.c:183
#16 0x0000000000991c52 in zend_hash_del_key_or_index (ht=0x14535e8 <executor_globals+360>, arKey=0x7ffff7f01ab8 "fontFaceObject", nKeyLength=15, h=9924879587585365474, flag=2)
    at /usr/src/php-5.5.18/Zend/zend_hash.c:532
#17 0x000000000096df6f in zend_delete_variable (ex=0x0, ht=0x14535e8 <executor_globals+360>, name=0x7ffff7f01ab8 "fontFaceObject", name_len=15, hash_value=9924879587585365474)
    at /usr/src/php-5.5.18/Zend/zend_execute_API.c:1685
#18 0x0000000000a26077 in ZEND_UNSET_VAR_SPEC_CV_UNUSED_HANDLER (execute_data=0x7ffff7f828e8) at /usr/src/php-5.5.18/Zend/zend_vm_execute.h:38549
#19 0x00000000009be6b6 in execute_ex (execute_data=0x7ffff7f828e8) at /usr/src/php-5.5.18/Zend/zend_vm_execute.h:363
#20 0x00007ffff2273d70 in xdebug_execute_ex (execute_data=0x7ffff7f828e8) at /tmp/pear/temp/xdebug/xdebug.c:1437
#21 0x00000000009be73f in zend_execute (op_array=0x7ffff7fbc8f0) at /usr/src/php-5.5.18/Zend/zend_vm_execute.h:388
#22 0x00000000009800c1 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-5.5.18/Zend/zend.c:1330
#23 0x00000000008ede55 in php_execute_script (primary_file=0x7fffffffdf50) at /usr/src/php-5.5.18/main/main.c:2506
#24 0x0000000000a2ded4 in do_cli (argc=3, argv=0x1455210) at /usr/src/php-5.5.18/sapi/cli/php_cli.c:994
#25 0x0000000000a2eff6 in main (argc=3, argv=0x1455210) at /usr/src/php-5.5.18/sapi/cli/php_cli.c:1378

Please, try it out with my script, i am pretty sure that it will stop with an error.

swen100 commented 9 years ago

This is what i expect to see: zwischenablage01

This is what i get, when i request it via browser: zwischenablage02

auroraeosrose commented 9 years ago

Hmmm, can I also get your libcairo version as well please?

swen100 commented 9 years ago

i use Cairo v1.12.16 installed via yast inside OpenSuse 13.1 here you can see the installed packages with their versions: zwischenablage03 here is the fontconfig zwischenablage04 and freetype zwischenablage05

i can try it out with the newest version of cairo 1.14.0 from cairographics.org

swen100 commented 9 years ago

so. i tried it with cairo 1.14.0 and freetype 2.5.3. Both fresh install from src. no success :-(

here is my full backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff582b755 in ft_mem_free () from /usr/lib64/libfreetype.so.6
(gdb) bt full
#0  0x00007ffff582b755 in ft_mem_free () from /usr/lib64/libfreetype.so.6
#1  0x00007ffff582c46c in FT_Stream_ReleaseFrame () from /usr/lib64/libfreetype.so.6
#2  0x00007ffff5864177 in ?? () from /usr/lib64/libfreetype.so.6
#3  0x00007ffff5838129 in ?? () from /usr/lib64/libfreetype.so.6
#4  0x00007ffff582e69c in ?? () from /usr/lib64/libfreetype.so.6
#5  0x00007ffff582e7a1 in FT_Done_Face () from /usr/lib64/libfreetype.so.6
#6  0x00007ffff5830119 in FT_Done_Library () from /usr/lib64/libfreetype.so.6
#7  0x00007ffff5826eae in FT_Done_FreeType () from /usr/lib64/libfreetype.so.6
#8  0x00007ffff1e2fd90 in cairo_ft_font_face_object_destroy (object=0x7ffff7fbce30) at /usr/src/cairo/cairo_ft_font.c:295
        closure = 0x7ffff7fbe7c8
        font_face = 0x7ffff7fbce30
#9  0x00000000009b7658 in zend_objects_store_del_ref_by_handle_ex (handle=3, handlers=0x142f260 <std_object_handlers>) at /usr/src/php-5.5.18/Zend/zend_objects_API.c:226
        __orig_bailout = 0x7fffffffbbd0
        __bailout = {{__jmpbuf = {140737256042842, 2628847271707380992, 4408384, 140737488347872, 0, 0, 2628847271606717696, -2628848309770416896}, __mask_was_saved = 0,
            __saved_mask = {__val = {4607182418800017408, 0, 9718568, 4607182418800017408, 15656216, 15664336, 4294967479, 140737353857616, 21320912, 140737251587510,
                4103013257, 5, 140737256042842, 140737353857648, 140737353857536, 23952688}}}}
        obj = 0x7ffff7fa2180
        failure = 0
#10 0x00000000009b73a0 in zend_objects_store_del_ref (zobject=0x7ffff7fbe890) at /usr/src/php-5.5.18/Zend/zend_objects_API.c:178
        handle = 3
#11 0x000000000097c69d in _zval_dtor_func (zvalue=0x7ffff7fbe890, __zend_filename=0xeee518 "/usr/src/php-5.5.18/Zend/zend_execute.h", __zend_lineno=81)
    at /usr/src/php-5.5.18/Zend/zend_variables.c:54
#12 0x0000000000968dbd in _zval_dtor (zvalue=0x7ffff7fbe890, __zend_filename=0xeee518 "/usr/src/php-5.5.18/Zend/zend_execute.h", __zend_lineno=81)
    at /usr/src/php-5.5.18/Zend/zend_variables.h:35
#13 0x0000000000968e84 in i_zval_ptr_dtor (zval_ptr=0x7ffff7fbe890, __zend_filename=0xef04d0 "/usr/src/php-5.5.18/Zend/zend_variables.c", __zend_lineno=183)
    at /usr/src/php-5.5.18/Zend/zend_execute.h:81
        __PRETTY_FUNCTION__ = "i_zval_ptr_dtor"
#14 0x000000000096a0ba in _zval_ptr_dtor (zval_ptr=0x7ffff7fbd318, __zend_filename=0xef04d0 "/usr/src/php-5.5.18/Zend/zend_variables.c", __zend_lineno=183)
    at /usr/src/php-5.5.18/Zend/zend_execute_API.c:426
#15 0x000000000097caa0 in _zval_ptr_dtor_wrapper (zval_ptr=0x7ffff7fbd318) at /usr/src/php-5.5.18/Zend/zend_variables.c:183
#16 0x0000000000991c52 in zend_hash_del_key_or_index (ht=0x14535e8 <executor_globals+360>, arKey=0x7ffff7f01ab8 "fontFaceObject", nKeyLength=15, h=9924879587585365474, flag=2)
    at /usr/src/php-5.5.18/Zend/zend_hash.c:532
        nIndex = 34
        p = 0x7ffff7fbd300
#17 0x000000000096df6f in zend_delete_variable (ex=0x0, ht=0x14535e8 <executor_globals+360>, name=0x7ffff7f01ab8 "fontFaceObject", name_len=15, hash_value=9924879587585365474)
    at /usr/src/php-5.5.18/Zend/zend_execute_API.c:1685
#18 0x0000000000a26077 in ZEND_UNSET_VAR_SPEC_CV_UNUSED_HANDLER (execute_data=0x7ffff7f82888) at /usr/src/php-5.5.18/Zend/zend_vm_execute.h:38549
        cv = 0x7ffff7fbdfb0
        opline = 0x7ffff7e01320
        tmp = {value = {lval = 140737352045296, dval = 6.9533490732246049e-310, str = {val = 0x7ffff7e012f0 "d\f\234", len = -134731640}, ht = 0x7ffff7e012f0, obj = {
              handle = 4158657264, handlers = 0x7ffff7f82888}}, refcount__gc = 4294945024, type = 255 '\377', is_ref__gc = 127 '\177'}
        varname = 0x9c00dd <ZEND_EXT_STMT_SPEC_HANDLER+63>
        target_symbol_table = 0x7ffff7f82548
#19 0x00000000009be6b6 in execute_ex (execute_data=0x7ffff7f82888) at /usr/src/php-5.5.18/Zend/zend_vm_execute.h:363
        ret = 0
        original_in_execution = 0 '\000'
#20 0x00007ffff2273d70 in xdebug_execute_ex (execute_data=0x7ffff7f82888) at /tmp/pear/temp/xdebug/xdebug.c:1437
        op_array = 0x7ffff7fbc860
        edata = 0x0
        dummy = 0xe8
        fse = 0x19abf00
        xfse = 0x7ffff7fbc960
        magic_cookie = 0x0
        do_return = 0
        function_nr = 0
        le = 0x0
         clear = 1
        return_val = 0x0
#21 0x00000000009be73f in zend_execute (op_array=0x7ffff7fbc860) at /usr/src/php-5.5.18/Zend/zend_vm_execute.h:388
#22 0x00000000009800c1 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-5.5.18/Zend/zend.c:1330
        files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffffffaba0, reg_save_area = 0x7fffffffaae0}}
        i = 1
        file_handle = 0x7fffffffdf50
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
        orig_interactive = 0
#23 0x00000000008ede55 in php_execute_script (primary_file=0x7fffffffdf50) at /usr/src/php-5.5.18/main/main.c:2506
        realfile = "/srv/www/htdocs/cairo_test/CairoFtFontFace/test-cli.php", '\000' <repeats 41 times>, "\002\000\000\000\000\000\000\000@", '\000' <repeats 15 times>, "\060", '\000' <repeats 15 times>, "[", '\000' <repeats 23 times>, "n\000\000\000w", '\000' <repeats 35 times>...
        __orig_bailout = 0x7fffffffce30
        __bailout = {{__jmpbuf = {16, 2628847272412024064, 4408384, 140737488347872, 0, 0, 2628847271533317376, -2628848426975130368}, __mask_was_saved = 0, __saved_mask = {
              __val = {140737351953511, 1, 0, 511101108334, 140737296023220, 0, 140737488339144, 0, 0, 1, 64, 32, 0, 140737488342240, 4408384, 140737488347872}}}}
        prepend_file_p = 0x0
        append_file_p = 0x0
        prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0,
                pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, closer = 0x0}}, free_filename = 0 '\000'}
        append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0,
                pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, closer = 0x0}}, free_filename = 0 '\000'}
        old_cwd = 0x7fffffffabc0 ""
        use_heap = 0 '\000'
        retval = 0
#24 0x0000000000a2ded4 in do_cli (argc=3, argv=0x1455210) at /usr/src/php-5.5.18/sapi/cli/php_cli.c:994
        __orig_bailout = 0x7fffffffe0e0
        __bailout = {{__jmpbuf = {0, 2628847273913584896, 4408384, 140737488347872, 0, 0, 2628847272518978816, -2628848667427894016}, __mask_was_saved = 0, __saved_mask = {
              __val = {22067272, 140737353931168, 140737194717396, 140737295842680, 140737194682136, 4294967296, 4294968452, 0, 140737351932796, 140737488343056, 479443869,
                3, 140737488342816, 140737488343456, 140737488342816, 140737196127885}}}}
        c = -1
        file_handle = {type = ZEND_HANDLE_MAPPED, filename = 0x1455290 "/srv/www/htdocs/cairo_test/CairoFtFontFace/test-cli.php", opened_path = 0x0, handle = {
            fd = -134493736, fp = 0x7ffff7fbc9d8, stream = {handle = 0x7ffff7fbc9d8, isatty = 0, mmap = {len = 1211, pos = 0, map = 0x7ffff7fee000,
                buf = 0x7ffff7fee000 <Address 0x7ffff7fee000 out of bounds>, old_handle = 0x19abec0, old_closer = 0x99eacb <zend_stream_stdio_closer>},
              reader = 0x99ea9c <zend_stream_stdio_reader>, fsizer = 0x99eafc <zend_stream_stdio_fsizer>, closer = 0x99ec0e <zend_stream_mmap_closer>}},
          free_filename = 0 '\000'}
        behavior = 1
        reflection_what = 0x0
        request_started = 1
        exit_status = 0
        php_optarg = 0x1455290 "/srv/www/htdocs/cairo_test/CairoFtFontFace/test-cli.php"
        orig_optarg = 0x0
        php_optind = 3
        orig_optind = 1
        exec_direct = 0x0
        exec_run = 0x0
        exec_begin = 0x0
        exec_end = 0x0
        arg_free = 0x1455290 "/srv/www/htdocs/cairo_test/CairoFtFontFace/test-cli.php"
        arg_excp = 0x1455220
        script_file = 0x1455290 "/srv/www/htdocs/cairo_test/CairoFtFontFace/test-cli.php"
        translated_path = 0x19ac360 "/srv/www/htdocs/cairo_test/CairoFtFontFace/test-cli.php"
        interactive = 0
        lineno = 1
        param_error = 0x0
        hide_argv = 0
#25 0x0000000000a2eff6 in main (argc=3, argv=0x1455210) at /usr/src/php-5.5.18/sapi/cli/php_cli.c:1378
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {0, 2628847273995373824, 4408384, 140737488347872, 0, 0, 2628847273919876352, -2628848667110175488}, __mask_was_saved = 0, __saved_mask = {
              __val = {0, 140733193388033, 140737354129736, 4294967299, 80, 0, 140733193388080, 0, 140737354130592, 140737488347552, 140737488347536, 4131212846, 4313214,
                4294967295, 140737351953511, 140737295839656}}}}
        c = -1
        exit_status = 0
        module_started = 1
        sapi_started = 1
        php_optarg = 0x1455290 "/srv/www/htdocs/cairo_test/CairoFtFontFace/test-cli.php"
        php_optind = 3
        use_extended_info = 0
        ini_path_override = 0x0
        ini_entries = 0x1455430 "html_errors=0\nregister_argc_argv=1\nimplicit_flush=1\noutput_buffering=0\nmax_execution_time=0\nmax_input_time=-1\n"
        ini_entries_len = 110
        ini_ignore = 0
        sapi_module = 0x142f680 <cli_sapi_module>
swen100 commented 9 years ago

Hi Elizabeth, did you have some time to look at my last postings? Tell me, if you need some more informations, i will do everything to solve this problem. Swen

mazen commented 9 years ago

This has been happening for us, too, even with the newer versions we get some segmentation faults.

As far as i can see, the root cause for this is in cairo_ft_font.c

 error = cairo_font_face_set_user_data (
                        font_face_object->font_face,
                        &font_face_object->key,
                        face,
                        (cairo_destroy_func_t) FT_Done_Face);

but, alas, i have no idea how to fix that

swen100 commented 9 years ago

Hi Mazen,

"good" to hear, that i am not the only one with this problem. Meanwhile i thought that i do something wrong and i am the only unhappy guy.

At this point i still use a slightly modified 0.2 version, which does not have this problem. But, if new PHP-versions come out, what if then this old pecl-version does not work anymore? I do not hope so.

Elizabeth seems to be very busy, but i hope that she finds some time to take a look at the code again. At this point i am not able to solve this problem, i still have too less abilities in c.

Swen

medic123de commented 9 years ago

I found a solution working for me. can you please check if that also solves this problem ?

https://github.com/gtkforphp/cairo/pull/15

if so, Swen100 was right and I was wrong, and it's all the same problem.

medic123de commented 9 years ago

From Discussion in #15 : ft_mem_free() Crash is probably related to a "PHP Debug Build" ( configure --debug )

auroraeosrose commented 9 years ago

possibly - freetype is a horribly buggy library :( we can remove that, ti's there to clear out memory properly for use with valgrind, but if it's bombing we can just take it out

medic123de commented 9 years ago

@auroraeosrose let me see first, please ... this is stuck so long already, some more years probably wont hurt ;)

I also guess you need to raise minimum cairo version. pecl-cairo 3.2 apparently does not work with cairo 1.8 ( unit tests are failing )

auroraeosrose commented 9 years ago

hmmm, I'd love a new issue with the unit test failures please - I'm trying to keep semi-decent backwards compat while still adding new features with the new versions - generally the oldest version centos/redhat ships is the "lowest" version to support (oh centos/redhat, you make life angry)

medic123de commented 9 years ago

@auroraeosrose let me check if we have an unpatched RHEL 6 around. i'll create another issue then.

back to topic: I created a Debug Build of PHP, and it's really really bad behaving.
It's leaking like hell - even the fonts filehandles.

That pretty much supports my suspection, that "Debug PHP" keeps a reference to all objects, and prevents proper destroyal.
To be very precise, you take care of proper destroyal ( when object is destroyed ), which means the object is probably never destroyed during run.

Addition: I am hesitated to blame FreeType for that. It's an easy and comfortable way to keep objects around to analyze them later. But it really kicks ones butt when ref-count memory management is done :(

Addition2: Maybe going back to global lib_ft is an option? Starting from 3.2 release ?

medic123de commented 9 years ago

@swen100 i verified: PHP Debug does very nasty things and is (probably) leaking like hell with libfreetype. Nevertheless I guess i have a non-crashing version.

@auroraeosrose PHP Debug also leaks with Cairo. I 'd like to say that PHP Debug mechanism is very much into breaking things. ( not freeing ressources is bad in a lot of ways and scripts ).

going back to global lib_ft hadn't been an option. Doing a localized lib was definetly the right decision.

I improved the change, now it's also compatible with Debug mode ( but it's leaking like hell within the same request ).

!! please review and try #15 !!

swen100 commented 9 years ago

solved with #17