Mono SIGABRT in System.Drawing.Common affecting some test runs #37838
Comments
GrabYourPitchforks
added
test-run-core
Dotnet-GitSync-Bot
added
area-System.Drawing
untriaged
|
Tagging subscribers to this area: @safern, @tannergooding |
safern
added
the
blocking-clean-ci
tannergooding
removed
the
untriaged
|
This failure is still active in Mono. Will change this to a live issue. |
|
FYI @marek-safar |
|
Hmm, this looks like some interop corruption. @lambdageek / @vargaz could you please have a look |
|
Got it to fail in LLDB after a couple dozen iterations. Looks like this test fails It's dying in a call to My theory right now is that this is a use-after-free error - the test calls |
|
So then is it safe to say that this a bug in |
|
I think it's a bug in the test. It should dispose of |
Fixes dotnet#37838 Verified using libgdiplus built with mono/libgdiplus#671
|
Going to take another approach to this: refcount in managed and only dispose of the native metadata instance once all the graphics instances that take a reference to it are disposed. |
|
Checked on Windows both versions of the following work: using (Graphics g = fromImage (metafileImage)) {
... /* metafileImage.Dispose() here */
}
/* or metafileImage.Dispose() here */;On the other hand using (Graphics g = fromImage (mf))
using (Graphics g2 = fromImage (mf)) Throws an I'm not sure what the thread safety / locking situation should be. I'm assuming all the drawing stuff has to be on a single thread, but I haven't checked what happens on Windows. |
On Windows, both of the following are legal
Metafile mf = ... ; // get a metafile instance
Graphics g = Graphics.FromImage(mf);
g.Dispose(); mf.Dispose();
and
Metafile mf = ... ; // get a metafile instance
Graphics g = Graphics.FromImage(mf);
mf.Dispose(); g.Dispose();
On Unix, libgdiplus has a use after free bug for the second form - the metafile
native image is disposed, but the graphics instance still has a pointer to the
memory that it will use during cleanup. If the memory is reused, the graphics
instance will see garbage values and crash.
The workaround is to add a MetadataHolder class and to transfer responsibility
for disposing of the native image instance to it if the Metafile is disposed
before the Graphics.
Note that the following is not allowed (throws OutOfMemoryException on GDI+ on
Windows), so there's only ever one instance of Graphics associated with a
Metafile at a time.
Graphics g = Graphics.FromImage(mf);
Graphics g2 = Graphics.FromImage(mf); // throws
Addresses dotnet#37838
* [System.Drawing.Common] Work around libgdiplus use after free
On Windows, both of the following are legal
Metafile mf = ... ; // get a metafile instance
Graphics g = Graphics.FromImage(mf);
g.Dispose(); mf.Dispose();
and
Metafile mf = ... ; // get a metafile instance
Graphics g = Graphics.FromImage(mf);
mf.Dispose(); g.Dispose();
On Unix, libgdiplus has a use after free bug for the second form - the metafile
native image is disposed, but the graphics instance still has a pointer to the
memory that it will use during cleanup. If the memory is reused, the graphics
instance will see garbage values and crash.
The workaround is to add a MetadataHolder class and to transfer responsibility
for disposing of the native image instance to it if the Metafile is disposed
before the Graphics.
Note that the following is not allowed (throws OutOfMemoryException on GDI+ on
Windows), so there's only ever one instance of Graphics associated with a
Metafile at a time.
Graphics g = Graphics.FromImage(mf);
Graphics g2 = Graphics.FromImage(mf); // throws
Addresses #37838
* Formatting fixes
Co-authored-by: Santiago Fernandez Madero <safern@microsoft.com>
* Address review feedback
* Inilne unhelpful helper
* formatting
Co-authored-by: Santiago Fernandez Madero <safern@microsoft.com>
|
Fixed in: #43074 |
ghost
locked as resolved and limited conversation to collaborators
and others
Affects clean test runs in #37536
AzDO run: https://dev.azure.com/dnceng/public/_build/results?buildId=681708&view=logs&j=c6f8dc49-92a1-5760-c098-ba97b8142bfb&t=22b0078b-0469-5ba6-8725-2121fdbae049&l=42
Test log: https://helix.dot.net/api/2019-06-17/jobs/73f57a06-eec2-4676-8076-302ccabec52f/workitems/System.Drawing.Common.Tests/console
=========================================================================================================== /private/tmp/helix/working/A83A0976/w/A92E096B/e /private/tmp/helix/working/A83A0976/w/A92E096B/e Discovering: System.Drawing.Common.Tests (method display = ClassAndMethod, method display options = None) Discovered: System.Drawing.Common.Tests (found 1565 of 1967 test cases) Starting: System.Drawing.Common.Tests (parallel test collections = on, max threads = 4) System.Drawing.Drawing2D.Tests.BlendTests.Ctor_LargeCount_ThrowsOutOfMemoryException [SKIP] Condition(s) not met: "IsNotIntMaxValueArrayIndexSupported" System.Drawing.Printing.Tests.PrintControllerTests.OnStartPage_InvokeWithPrint_ReturnsNull [SKIP] Condition(s) not met: "IsAnyInstalledPrinters" ================================================================= Native Crash Reporting ================================================================= Got a segv while executing native code. This usually indicates a fatal error in the mono runtime or one of the native libraries used by your application. ================================================================= ================================================================= Native stacktrace: ================================================================= 0x10305ca56 - /private/tmp/helix/working/A83A0976/p/shared/Microsoft.NETCore.App/5.0.0/libcoreclr.dylib : mono_dump_native_crash_info 0x102ffeae5 - /private/tmp/helix/working/A83A0976/p/shared/Microsoft.NETCore.App/5.0.0/libcoreclr.dylib : mono_handle_native_crash 0x1030574c3 - /private/tmp/helix/working/A83A0976/p/shared/Microsoft.NETCore.App/5.0.0/libcoreclr.dylib : altstack_handle_and_restore 0x7fff5d81d916 - /usr/lib/system/libsystem_c.dylib : fclose 0x10771e7c0 - /usr/local/lib/libgdiplus.dylib : gdip_metafile_stop_recording 0x10770ab5e - /usr/local/lib/libgdiplus.dylib : GdipDeleteGraphics 0x108df9d35 - Unknown 0x108ad8c91 - Unknown 0x102f61f7e - /private/tmp/helix/working/A83A0976/p/shared/Microsoft.NETCore.App/5.0.0/libcoreclr.dylib : mono_jit_runtime_invoke 0x10313acf8 - /private/tmp/helix/working/A83A0976/p/shared/Microsoft.NETCore.App/5.0.0/libcoreclr.dylib : mono_runtime_invoke_checked 0x10314288c - /private/tmp/helix/working/A83A0976/p/shared/Microsoft.NETCore.App/5.0.0/libcoreclr.dylib : mono_runtime_try_invoke_array 0x1030ec3e4 - /private/tmp/helix/working/A83A0976/p/shared/Microsoft.NETCore.App/5.0.0/libcoreclr.dylib : ves_icall_InternalInvoke 0x1030f8484 - /private/tmp/helix/working/A83A0976/p/shared/Microsoft.NETCore.App/5.0.0/libcoreclr.dylib : ves_icall_InternalInvoke_raw <snip> ----- end Wed Jun 10 17:22:30 PDT 2020 ----- exit code 134 ---------------------------------------------------------- exit code 134 means SIGABRT Abort. Managed or native assert, or runtime check such as heap corruption, caused call to abort(). Core dumped.Possibly related: #32827, #23784, but this issue appears to have a different termination code.
Runfo Tracking Issue: Assertions in System.Drawing.Common in Mono runs
Displaying 100 of 104 results
Build Result Summary
The text was updated successfully, but these errors were encountered: