[osg-users] OpenSceneGraph-3.6.5 release candidate 2 tagged, please test

OpenSceneGraph Users osg-users at lists.openscenegraph.org
Tue Jan 28 15:13:47 PST 2020

On Tuesday, January 28, 2020 at 10:11:49 AM UTC+1, OpenSceneGraph Users 
> Hi Fabian,
>> My build is using static osg, static osg-plugins and link time 
>> optimization.
>> I created an address sanitizer enabled build.
>> It exhibits a heap-use-after-free.
>> I will try to further investigate this week.
>> =================================================================
>> ==11872==ERROR: AddressSanitizer: heap-use-after-free on address 
>> 0x6030000082c0 at pc 0x55b4b9659551 bp 0x7ffdf8a9c190 sp 0x7ffdf8a9c180
>> READ of size 8 at 0x6030000082c0 thread T0
>>     #0 0x55b4b9659550 in 
>> OpenThreads::ScopedPointerLock<OpenThreads::Mutex>::ScopedPointerLock(OpenThreads::Mutex*) 
>> ./openmw/extern-git/OpenSceneGraph/include/OpenThreads/ScopedLock:54
>>     #1 0x55b4b9659550 in 
>> osg::StateAttribute::removeParent(osg::StateSet*) 
>> ./openmw/extern-git/OpenSceneGraph/src/osg/StateAttribute.cpp:38
>>     #2 0x55b4b965a033 in osg::StateSet::clear() 
>> ./openmw/extern-git/OpenSceneGraph/src/osg/StateSet.cpp:734
> Given the stack trace it kinda looks like the getRefMutex() call in 
> StateAttribute.cpp is the where things might be going astray (note the 
> comment I've added below):
> void StateAttribute::removeParent(osg::StateSet* object)
> {
>     OpenThreads::ScopedPointerLock<OpenThreads::Mutex> 
> lock(getRefMutex()); // calls the base classes Referenced::getRefMutex() 
> method that will map to Referenced::getGlobalReferencedMutex
>     ParentList::iterator pitr = 
> std::find(_parents.begin(),_parents.end(),object);
>     if (pitr!=_parents.end()) _parents.erase(pitr);
> }
> The Referenced::getGlobalReferencedMutex() implementation in 
> Referenced.cpp is:
> OpenThreads::Mutex* Referenced::getGlobalReferencedMutex()
> {
>     static GlobalMutexPointer s_ReferencedGlobalMutext = new 
> OpenThreads::Mutex;
>     return s_ReferencedGlobalMutext.get();
> }
> // helper class for forcing the global mutex to be constructed when the 
> library is loaded.
> struct InitGlobalMutexes
> {
>     InitGlobalMutexes()
>     {
>         Referenced::getGlobalReferencedMutex();
>     }
> };
> static InitGlobalMutexes s_initGlobalMutexes;
> Which is all a bit hacky way of trying to get a singleton's 
> _ReferencedGlobalMutext to construct before any other code calling 
> getGlobalReferencedMutex() gets called.
> I don't really know why a pointer is even being used here, it's not how 
> I'd write the code these days, but off the top of my head don't recall the 
> derivation and motivations between all this code as it dates back to the 
> earliest days of the OSG project, so almost two decades :-)
> What I'd write today would simply be:
> static OpenThreads::Mutex s_ReferencedGlobalMutex;
> OpenThreads::Mutex* Referenced::getGlobalReferencedMutex()
> {
>     return &s_ReferencedGlobalMutex;
> }
> You could try substituting this in.  I will try a build here just to make 
> sure the above works fine for standard OSG work.  I don't expect this 
> change to have any affect on your own code, if it does it suggest there is 
> some issue with order of clean up of statics.
> Robert.

Hi Robert,
Using your suggested changes i get a crash on start.
I forgot to mention i also link OpenThreads statically.
I am starting to suspect the static linking and optimization surfaces 
undefined behavior.


==19668==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 
(pc 0x5597ebadb5ac bp 0x60c000000b80 sp 0x7ffce8efbba0 T0)
==19668==The signal is caused by a READ memory access.
==19668==Hint: address points to the zero page.
    #0 0x5597ebadb5ab in 
    #1 0x5597ebadb5ab in addParent 
    #2 0x5597ebadbc84 in setAttribute 
    #3 0x5597ebadc737 in 
osg::StateSet::setAttributeAndModes(osg::StateAttribute*, unsigned int) 
[clone .part.309] 
    #4 0x5597ebcb7241 in __base_ctor  
    #5 0x5597ebcb7a37 in __base_ctor  
    #6 0x5597ebcb7a37 in renderBinPrototypeList 
    #7 0x5597eab5bacb in RenderBinSingletonProxy::RenderBinSingletonProxy() 
    #8 0x5597eab5bacb in __static_initialization_and_destruction_0 
    #9 0x5597eab5bacb in 
    #10 0x5597eabb1163 in global constructors keyed to 
65535_0_objects.cpp.o.6481610 (./openmw-build/openmw+0x3b5163)
    #11 0x5597ec775bcc in __libc_csu_init (./openmw-build/openmw+0x1f79bcc)
    #12 0x7f213df67b27 in __libc_start_main 
    #13 0x5597eabe6039 in _start (./openmw-build/openmw+0x3ea039)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV 
./openmw/extern-git/OpenSceneGraph/include/OpenThreads/ScopedLock:54 in 

You received this message because you are subscribed to the Google Groups "OpenSceneGraph Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to osg-users+unsubscribe at googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/osg-users/ee701728-f7f9-423d-a491-22083995288d%40googlegroups.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openscenegraph.org/pipermail/osg-users-openscenegraph.org/attachments/20200128/9cfb78f1/attachment.html>

More information about the osg-users mailing list