db48x
commented
4 years ago Oh, and if you'd like to take a look at the bug without having to download Aurora (which is freely available but also proprietary), you can use my recording in Pernosco
Closed db48x closed 4 years ago
db48x
commented
4 years ago Oh, and if you'd like to take a look at the bug without having to download Aurora (which is freely available but also proprietary), you can use my recording in Pernosco
db48x
commented
4 years ago Oops, this is a duplicate report. Somehow I missed that this bug was fixed a few weeks ago in #647; when I looked at the history for pen.c, I guess that I was looking at the history for the 6.0.5 tag rather than master. Thanks!
I'm using mono 6.8.0.123 to run an application (Aurora4x if you're interested and want to try to reproduce it) and while it's drawing its main window
freeprints out this error and aborts.I pulled it up in GDB to get a stack. I don't even have symbols for Aurora, but the crash is at pen.c:413. It's deleting a pen, and freeing the dash array either uncovers some heap corruption, or it's already freed this array before.
Since tracking that kind of problem down in an ordinary debugger is pretty horrific, I got out the big guns. I recorded Aurora with rr, then uploaded the recording to Pernosco. Five minutes poking around in Pernosco and the problem was pretty clear. A custom dash array was set on this pen, and
own_dash_arraywas set to true. Later, the dash style was set back to just an ordinary DashStyleDash. As you can see at pen.c:839,own_dash_arrayis not reset back to false when this happens. Thus, the bug is that we freed the static array Dash. Also, we leaked the custom dash array that we did own when we went back to the default Dash.