[Mono-dev] GDI+ crashing with 2.10.7 beta

Brian Luczkiewicz brian at sooloos.com
Thu Dec 8 14:35:57 EST 2011 

I wanted to report this sooner rather than later in case someone is already
working on it. I don't yet have an isolated test case to reproduce this,
but I am working on getting one together.

I've observed this crash on a mac running lion. I am using this mono beta
build:
http://download.mono-project.com/archive/2.10.7/MonoFramework-MDK-2.10.7_gtk-beta.macos10.xamarin.x86.dmg.
mono
2.10.6 does not crash like this.

This is the code. I am using GDI+ simply as an image loader/scaler here.
Note that this code can run concurrently in multiple threads, and the crash
happens perhaps once for every 2-3000 times that the code is executed.

      var outbmp = new Bitmap(o.Width, o.Height,
PixelFormat.Format24bppRgb);
      using (var stream = File.OpenRead(somefile))
      using (var inbmp = Bitmap.FromStream(stream))
      using (var g = Graphics.FromImage(bmp))
          g.DrawImage(outbmp, new Rectangle(0, 0, bmp.Width, bmp.Height));

The crash is due to an assert:

Assertion failed: (!"reached"), function
_cairo_hash_table_lookup_exact_key, file cairo-hash.c, line 471.

The stack for the assert look like this:

0   libsystem_kernel.dylib              0x94dad9c6 __pthread_kill + 10
1   libsystem_c.dylib                   0x91af2f78 pthread_kill + 106
2   libsystem_c.dylib                   0x91ae3bdd abort + 167
3   Sooloos                             0x00092f5a
mono_handle_native_sigsegv + 858 (mini-exceptions.c:2130)
4   Sooloos                             0x000dd0ad sigabrt_signal_handler +
109 (mini-posix.c:195)
5   libsystem_c.dylib                   0x91b4859b _sigtramp + 43
6   ???                                 0xffffffff 0 + 4294967295
7   libsystem_c.dylib                   0x91ae3bdd abort + 167
8   libsystem_c.dylib                   0x91b1820b __assert_rtn + 351
9   libcairo.2.dylib                    0x0b172f5e
_cairo_hash_table_lookup_exact_key + 270
10  libcairo.2.dylib                    0x0b172f94 _cairo_hash_table_remove
+ 36
11  libcairo.2.dylib                    0x0b1bd9ca
_cairo_toy_font_face_destroy + 170
12  libcairo.2.dylib                    0x0b16a02a cairo_font_face_destroy
+ 170
13  libcairo.2.dylib                    0x0b16d508 _cairo_gstate_fini + 40
14  libcairo.2.dylib                    0x0b15fe89 cairo_destroy + 201
15  libgdiplus.dylib                    0x0af8cbe2 GdipDeleteGraphics + 162
16  ???                                 0x0cbee06c 0 + 213835884
17  ???                                 0x0cbedee4 0 + 213835492
18  ???                                 0x0bfd7dd1 0 + 201162193
19  ???                                 0x0bfd576c 0 + 201152364
20  ???                                 0x0bfd4a68 0 + 201149032
21  ???                                 0x0bfd4264 0 + 201146980
22  ???                                 0x0bfd2d86 0 + 201141638
23  ???                                 0x070483c1 0 + 117736385
24  ???                                 0x035e9b52 0 + 56531794
25  ???                                 0x035e966c 0 + 56530540
26  ???                                 0x035e9452 0 + 56530002
27  ???                                 0x035e3d9d 0 + 56507805
28  Sooloos                             0x0000d0a2 mono_jit_runtime_invoke
+ 722 (mini.c:5791)
29  Sooloos                             0x001a4caa mono_runtime_invoke +
170 (object.c:2755)
30  Sooloos                             0x001a6547
mono_runtime_delegate_invoke + 135 (object.c:3420)
31  Sooloos                             0x0021fec6 start_wrapper_internal +
726 (threads.c:799)
32  Sooloos                             0x0021ff32 start_wrapper + 34
(threads.c:831)
33  Sooloos                             0x002653ce thread_start_routine +
206 (wthreads.c:287)
34  Sooloos                             0x001efa75 gc_start_thread + 165
(sgen-gc.c:6151)
35  libsystem_c.dylib                   0x91af0ed9 _pthread_start + 335
36  libsystem_c.dylib                   0x91af46de thread_start + 34


Interestingly, at the same time as the crash, another thread was in a
nearby part of the code:

0   libsystem_kernel.dylib              0x94dad876 __psynch_mutexwait + 10
1   libsystem_c.dylib                   0x91aef6af pthread_mutex_lock + 633
2   libcairo.2.dylib                    0x0b1bd25f
_cairo_toy_font_face_hash_table_lock + 31
3   libcairo.2.dylib                    0x0b1bd785
cairo_toy_font_face_create + 229
4   libcairo.2.dylib                    0x0b170ae8
_cairo_gstate_select_font_face + 56
5   libcairo.2.dylib                    0x0b162b0d cairo_select_font_face +
77
6   libgdiplus.dylib                    0x0af8c92a gdip_graphics_cairo_init
+ 106
7   libgdiplus.dylib                    0x0af8c975 gdip_graphics_new + 53
8   libgdiplus.dylib                    0x0afa6072
GdipGetImageGraphicsContext + 306
9   ???                                 0x0cbed888 0 + 213833864
10  ???                                 0x0cbed58c 0 + 213833100
11  ???                                 0x0bfd7c90 0 + 201161872
12  ???                                 0x0bfd576c 0 + 201152364
13  ???                                 0x0bfd4a68 0 + 201149032
14  ???                                 0x0bfd4264 0 + 201146980
15  ???                                 0x0bfd2d86 0 + 201141638
16  ???                                 0x070483c1 0 + 117736385
17  ???                                 0x035e9b52 0 + 56531794
18  ???                                 0x035e966c 0 + 56530540
19  ???                                 0x035e9452 0 + 56530002
20  ???                                 0x035e3d9d 0 + 56507805
21  Sooloos                             0x0000d0a2 mono_jit_runtime_invoke
+ 722 (mini.c:5791)
22  Sooloos                             0x001a4caa mono_runtime_invoke +
170 (object.c:2755)
23  Sooloos                             0x001a6547
mono_runtime_delegate_invoke + 135 (object.c:3420)
24  Sooloos                             0x0021fec6 start_wrapper_internal +
726 (threads.c:799)
25  Sooloos                             0x0021ff32 start_wrapper + 34
(threads.c:831)
26  Sooloos                             0x002653ce thread_start_routine +
206 (wthreads.c:287)
27  Sooloos                             0x001efa75 gc_start_thread + 165
(sgen-gc.c:6151)
28  libsystem_c.dylib                   0x91af0ed9 _pthread_start + 335
29  libsystem_c.dylib                   0x91af46de thread_start + 34
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ximian.com/pipermail/mono-devel-list/attachments/20111208/4bf43df1/attachment.html

More information about the Mono-devel-list mailing list