On Thu, May 1, 2008 at 1:00 PM, Adam Sjøgren <asjo(a)koldfront.dk> wrote:
Here is what I got when I built packages with debug and nostrip
on (I still couldn't get it to core-dump):
Thanks, Adam. I'm having trouble wrapping my brain around this crash.
The sequence of events SHOULD be:
1. png_instantiate (glyphs-eimage.c) gets called.
2. The read struct is creaed on line 893. If something goes wrong, it
signals out of there on line 897.
3. The info struct is created on line 900. If something goes wrong,
it frees the read struct (line 905) and signals out of there (line
4. The read struct pointer is stored for later freeing on line 908.
5. The image is drawn.
6. The cleanup function (set on line 881) is called on line 1051.
7. The unwind code calls png_instantiate_unwind (line 842).
8. The pointer from the unwind structure is destroyed (line 853).
9. The read struct is freed (line 854).
I can see all of those steps taking place in your backtrace, and #8
should prevent exactly the problem you are seeing. Would you be
willing to do the following?
1. Run XEmacs under gdb. Don't set any breakpoints yet.
2. Start Gnus. Get ready to read the offending article.
3. Break into the debugger and set a breakpoint at glyphs-eimage.c, line 908.
4. When that gets hit, set a watchpoint on unwind.info_ptr.
5. Continue and see what happens.
If it's an XEmacs problem, that should show us the offending
corruption or extra free(). Otherwise, we'll have to investigate the
possibility that libpng is at fault.
XEmacs-Beta mailing list