globalParams destroyed before all threads done
At some cases data from globalParams are accessed after the globalParams object has been destructed. This happens when a long running thread tries to get some data from the object but the globalParams object was already destructed in "__run_exit_handlers()".
This is related to globalParams being global object and hence is destructed after end of main() (see e.g. https://stackoverflow.com/questions/2204608/does-c-call-destructors-for-global-and-class-static-variables). The GlobalParamsIniter does not help here since it just initializes the global object and does not "own" it and hence the globalParams is handled at the exit.
I'm not sure how to fix this. It would be good to tell the compiler that we don't want to have this object handled this way but since it is a global unique_ptr we don't have much choices. It helps if I make it shared_ptr and "reference" it somewhere (e.g. in glib's PopplerDocument) but that is not probably good solution.
I am able to reproduce it when I place a small delay in NameToCharCode::lookup() into the while cycle via usleep(10) and close evince window as soon as it opens. But it is hard to catch a backtrace. There can be another crashes reproduced by this, e.g. https://gitlab.gnome.org/GNOME/evince/-/issues/1784
Here are some reports we have so far:
- https://bugzilla.redhat.com/show_bug.cgi?id=2076037
- https://bugzilla.redhat.com/show_bug.cgi?id=2051746
- https://bugzilla.redhat.com/show_bug.cgi?id=2051018
- https://bugzilla.redhat.com/show_bug.cgi?id=2035723
- https://bugzilla.redhat.com/show_bug.cgi?id=1980339
- https://retrace.fedoraproject.org/faf/problems/bthash/?bth=9e4f6ea9321670115f18a066c7759bdf6d6e862f&bth=6defb1f7a5b940ddc2287402ea5d16011fab3412&bth=84b04aaafb5a2f713baa33e26dd3703c5f645e8a&bth=6673bb29a38a090a3c9fa8dcff670d0780a8c243&bth=2f61d640dc4902f626bf2c5ce5f4b66f51f3ac27
- https://retrace.fedoraproject.org/faf/problems/bthash/?bth=fdd5291debcf340523c91eb3f41d541b61b77fe9&bth=4f3a5e110d7728d1b9def14c81e48f2ee0ab2203&bth=4828cf630ac28279945ea00d3a81d17f255e57e9
- https://retrace.fedoraproject.org/faf/problems/bthash/?bth=aa35b0eb524d95da40b6460123fb9f860b7339a9&bth=aa27dec765c197c26c5863506f70da34c3895e62&bth=fe8b0d6b84abd6523947038d3630d3b1a6db6e06&bth=9aa92ff450405192c26716292e0427db1fa2391f&bth=0a96e1568472e03ccfa6193a6be57ebb5862181f&bth=3bda4b8b163abb79e78ee16c603c6473f01f32e7&bth=dba2434b13515382e151ecb491d79d6d14401bba&bth=a90daac792b6a64b76b503daf663a7a67bea3d03&bth=003d60b8aedc103355114b83a5c8db56b379fd7c&bth=68e1f98943c9383d11f6454d36fd9496cc414db8
One of the caught backtraces:
==64097== Invalid read of size 1
==64097== at 0x484C534: strcmp (vg_replace_strmem.c:924)
==64097== by 0x1ED02D1B: NameToCharCode::lookup(char const*) const (NameToCharCode.cc:112)
==64097== by 0x1ECD0C96: GlobalParams::mapNameToUnicodeText(char const*) (GlobalParams.cc:598)
==64097== by 0x1EC9BDC1: Gfx8BitFont::Gfx8BitFont(XRef*, char const*, Ref, std::optional<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >&&, GfxFontType, Ref, Dict*) (GfxFont.cc:1242)
==64097== by 0x1EC97BD5: GfxFont::makeFont(XRef*, char const*, Ref, Dict*) (GfxFont.cc:218)
==64097== by 0x1ECA0581: GfxFontDict::GfxFontDict(XRef*, Ref*, Dict*) (GfxFont.cc:2364)
==64097== by 0x1EC74DC7: GfxResources::GfxResources(XRef*, Dict*, GfxResources*) (Gfx.cc:253)
==64097== by 0x1EC75BCC: Gfx::Gfx(PDFDoc*, OutputDev*, int, Dict*, double, double, PDFRectangle const*, PDFRectangle const*, int, bool (*)(void*), void*, XRef*) (Gfx.cc:474)
==64097== by 0x1ED0E8BE: Page::createGfx(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, XRef*) (Page.cc:550)
==64097== by 0x1EA89B47: poppler_page_get_text_page(_PopplerPage*) (poppler-page.cc:261)
==64097== by 0x1EA8A995: poppler_page_get_selected_region (poppler-page.cc:699)
==64097== by 0x1E618A38: pdf_document_text_get_text_mapping (ev-poppler.c:2058)
==64097== Address 0x1a636300 is 0 bytes inside a block of size 10 free'd
==64097== at 0x48480E4: free (vg_replace_malloc.c:872)
==64097== by 0x1EBD982B: gfree(void*) (gmem.h:64)
==64097== by 0x1ED02A29: NameToCharCode::~NameToCharCode() (NameToCharCode.cc:57)
==64097== by 0x1ECD0A18: GlobalParams::~GlobalParams() (GlobalParams.cc:562)
==64097== by 0x1ECD5925: std::default_delete<GlobalParams>::operator()(GlobalParams*) const (unique_ptr.h:85)
==64097== by 0x1ECD4867: std::unique_ptr<GlobalParams, std::default_delete<GlobalParams> >::~unique_ptr() (unique_ptr.h:365)
==64097== by 0x5A27064: __run_exit_handlers (in /usr/lib64/libc.so.6)
==64097== by 0x5A271DF: exit (in /usr/lib64/libc.so.6)
==64097== by 0x5A0F596: (below main) (in /usr/lib64/libc.so.6)
==64097== Block was alloc'd at
==64097== at 0x484586F: malloc (vg_replace_malloc.c:381)
==64097== by 0x1EBD97C8: gmalloc(unsigned long, bool) (gmem.h:43)
==64097== by 0x1EBE9031: copyString(char const*) (gmem.h:189)
==64097== by 0x1ED02C8E: NameToCharCode::add(char const*, unsigned int) (NameToCharCode.cc:99)
==64097== by 0x1ECCFDEE: GlobalParams::GlobalParams(char const*) (GlobalParams.cc:437)
==64097== by 0x1ECD47FB: std::__detail::_MakeUniq<GlobalParams>::__single_object std::make_unique<GlobalParams, char const*>(char const*&&) (unique_ptr.h:984)
==64097== by 0x1ECD357B: GlobalParamsIniter::GlobalParamsIniter(void (*)(ErrorCategory, long long, char const*)) (GlobalParams.cc:1410)
==64097== by 0x1EA8493A: std::__detail::_MakeUniq<GlobalParamsIniter>::__single_object std::make_unique<GlobalParamsIniter, void (&)(ErrorCategory, long long, char const*)>(void (&)(ErrorCategory, long long, char const*)) (unique_ptr.h:984)
==64097== by 0x1EA79DC9: poppler_document_new_from_file (poppler-document.cc:194)
==64097== by 0x1E615077: pdf_document_load (ev-poppler.c:266)
==64097== by 0x48E5CBF: ev_document_load_full (ev-document.c:415)
==64097== by 0x48E934B: ev_document_factory_get_document_full (ev-document-factory.c:325)
==64097==
==64097== Invalid read of size 1
==64097== at 0x484C548: strcmp (vg_replace_strmem.c:924)
==64097== by 0x1ED02D1B: NameToCharCode::lookup(char const*) const (NameToCharCode.cc:112)
==64097== by 0x1ECD0C96: GlobalParams::mapNameToUnicodeText(char const*) (GlobalParams.cc:598)
==64097== by 0x1EC9BDC1: Gfx8BitFont::Gfx8BitFont(XRef*, char const*, Ref, std::optional<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >&&, GfxFontType, Ref, Dict*) (GfxFont.cc:1242)
==64097== by 0x1EC97BD5: GfxFont::makeFont(XRef*, char const*, Ref, Dict*) (GfxFont.cc:218)
==64097== by 0x1ECA0581: GfxFontDict::GfxFontDict(XRef*, Ref*, Dict*) (GfxFont.cc:2364)
==64097== by 0x1EC74DC7: GfxResources::GfxResources(XRef*, Dict*, GfxResources*) (Gfx.cc:253)
==64097== by 0x1EC75BCC: Gfx::Gfx(PDFDoc*, OutputDev*, int, Dict*, double, double, PDFRectangle const*, PDFRectangle const*, int, bool (*)(void*), void*, XRef*) (Gfx.cc:474)
==64097== by 0x1ED0E8BE: Page::createGfx(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, XRef*) (Page.cc:550)
==64097== by 0x1EA89B47: poppler_page_get_text_page(_PopplerPage*) (poppler-page.cc:261)
==64097== by 0x1EA8A995: poppler_page_get_selected_region (poppler-page.cc:699)
==64097== by 0x1E618A38: pdf_document_text_get_text_mapping (ev-poppler.c:2058)
==64097== Address 0x1a636301 is 1 bytes inside a block of size 10 free'd
==64097== at 0x48480E4: free (vg_replace_malloc.c:872)
==64097== by 0x1EBD982B: gfree(void*) (gmem.h:64)
==64097== by 0x1ED02A29: NameToCharCode::~NameToCharCode() (NameToCharCode.cc:57)
==64097== by 0x1ECD0A18: GlobalParams::~GlobalParams() (GlobalParams.cc:562)
==64097== by 0x1ECD5925: std::default_delete<GlobalParams>::operator()(GlobalParams*) const (unique_ptr.h:85)
==64097== by 0x1ECD4867: std::unique_ptr<GlobalParams, std::default_delete<GlobalParams> >::~unique_ptr() (unique_ptr.h:365)
==64097== by 0x5A27064: __run_exit_handlers (in /usr/lib64/libc.so.6)
==64097== by 0x5A271DF: exit (in /usr/lib64/libc.so.6)
==64097== by 0x5A0F596: (below main) (in /usr/lib64/libc.so.6)
==64097== Block was alloc'd at
==64097== at 0x484586F: malloc (vg_replace_malloc.c:381)
==64097== by 0x1EBD97C8: gmalloc(unsigned long, bool) (gmem.h:43)
==64097== by 0x1EBE9031: copyString(char const*) (gmem.h:189)
==64097== by 0x1ED02C8E: NameToCharCode::add(char const*, unsigned int) (NameToCharCode.cc:99)
==64097== by 0x1ECCFDEE: GlobalParams::GlobalParams(char const*) (GlobalParams.cc:437)
==64097== by 0x1ECD47FB: std::__detail::_MakeUniq<GlobalParams>::__single_object std::make_unique<GlobalParams, char const*>(char const*&&) (unique_ptr.h:984)
==64097== by 0x1ECD357B: GlobalParamsIniter::GlobalParamsIniter(void (*)(ErrorCategory, long long, char const*)) (GlobalParams.cc:1410)
==64097== by 0x1EA8493A: std::__detail::_MakeUniq<GlobalParamsIniter>::__single_object std::make_unique<GlobalParamsIniter, void (&)(ErrorCategory, long long, char const*)>(void (&)(ErrorCategory, long long, char const*)) (unique_ptr.h:984)
==64097== by 0x1EA79DC9: poppler_document_new_from_file (poppler-document.cc:194)
==64097== by 0x1E615077: pdf_document_load (ev-poppler.c:266)
==64097== by 0x48E5CBF: ev_document_load_full (ev-document.c:415)
==64097== by 0x48E934B: ev_document_factory_get_document_full (ev-document-factory.c:325)