Segmentation fault

[ujjvlh]

I am getting segfault at this line while dumping the Tjs. The page number on which this happens (sometimes on 1000+, sometimes on 10000+) is not deterministic, but out of ten times I have tried it, it has happened every single time.

pdf-glyph-mapping/src/dump-tjs.rs

Line 121 in 438e712

lopdf::content::Content::decode(&content_u8).unwrap()

[shreevatsa]

Oh interesting; it seems to work fine here so could you share or link to the PDF file that is being used as a source, so that I can try to reproduce it? And is there is anything more in the error message other than just segmentation fault?

(Guess it's time to make the code less hacky, and remove all unwrap and return Result everywhere instead…)

[shreevatsa]

It's also surprising that it happens non-deterministically… is it possible that the issue is something like consuming too much memory and running out of memory? (Then it would depend on what other programs are running at the time, etc.)

[ujjvlh]

Okay, here is the PDF that I am working on-

unabridged.pdf

Please check if this generates the same problem for you. If not, please share your version of the PDF with me.

But anyway, segfault should not generally happen in Rust unless memory is really an issue (but it happens with this program on 8GB). I will try debugging when I get sufficient time.

Error produced on a .unwrap() written without being sure that the Result will always be Ok is a different thing.

[shreevatsa]

Thanks for uploading; I'll take a look.

(May be a while: in the meantime I was editing the code quite a bit and it's gotten into a half-broken state now; will take a look when it's cleaned up…  And things are also very busy at work so any time I spend on this is "guilty time".)

[shreevatsa]

I'll download the file and try it when I have access, but I also made some changes to the code and the problem may have gone away now (though I can't see why); please try that too.

I was able to run the current version on the entire unabridged PDF from the Internet Archive without errors (earlier it wouldn't have worked and required the qpdf pass as in #3 but now it works on the file directly).

[ujjvlh]

I'll download the file and try it when I have access,

Sorry. Just changed the view permissions to "anyone with the link". Will now try with the updated code.

[shreevatsa]

I've downloaded the file but meanwhile I've started getting segmentation fault up too even with the file I was using earlier... Will take a look sometime (I think there's a way to run rust programs with ASan which may point to the problem). How did you narrow it down to that line of code earlier?

…

On Sun, Aug 15, 2021, 8:53 PM उ॒ज्ज्व॒लः ***@***.***> wrote: I'll download the file and try it when I have access, Sorry. Just changed the view permissions to "anyone with the link". Will now try with the updated code. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#5 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAF3MKUO6VAYIZBOECXUEQLT5CDTBANCNFSM5CC6AUJQ> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email> .

[ujjvlh]

Interesting indeed. I am not getting any segfault for now. But we have to remove the bug anyway (which probably seems to be with the lopdf library). Don't want to be haunted by it forever.

How did you narrow it down to that line of code earlier?

println!

[shreevatsa]

This was frustrating to debug as it was non-deterministic (even with println! logging, turns out it was not always crashing at the same place), but I found the problem using one of the sanitizers following the instructions at https://github.com/japaric/rust-san —

for SAN in address leak memory thread; do
    export RUSTFLAGS=-Zsanitizer=$SAN RUSTDOCFLAGS=-Zsanitizer=$SAN
    RUST_BACKTRACE=full cargo +nightly run -Zbuild-std --target x86_64-apple-darwin --bin dump-tjs -- ../../gp-mbh/unabridged.pdf font-usage --phase phase1
done

(with a small 1-page PDF file as input). It seems the memory sanitizer doesn't work on this architecture, but the leak one showed:

the output

==35735==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 261568 byte(s) in 1 object(s) allocated from:
    #0 0x10e0f4368 in wrap_malloc+0x58 (librustc-nightly_rt.lsan.dylib:x86_64h+0x8368)
    #1 0x10d4eb168 in std::sys::unix::alloc::_$LT$impl$u20$core..alloc..global..GlobalAlloc$u20$for$u20$std..alloc..System$GT$::alloc::h470ffdc85d4d4861+0x88 (dump-tjs:x86_64+0x10054e168)
    #2 0x10d50c658 in __rdl_alloc+0x38 (dump-tjs:x86_64+0x10056f658)
    #3 0x10d054af6 in alloc::alloc::alloc::h3263eab0325b5109+0x36 (dump-tjs:x86_64+0x1000b7af6)
    #4 0x10d054b75 in alloc::alloc::Global::alloc_impl::hb2c40b5c858fb521+0x65 (dump-tjs:x86_64+0x1000b7b75)
    #5 0x10d054e5a in _$LT$alloc..alloc..Global$u20$as$u20$core..alloc..Allocator$GT$::allocate::h3de4dcca1921f5e9+0x1a (dump-tjs:x86_64+0x1000b7e5a)
    #6 0x10d054a68 in alloc::alloc::exchange_malloc::h84da2d93f524304d+0x38 (dump-tjs:x86_64+0x1000b7a68)
    #7 0x10d0507bf in pprof::collector::TempFdArray$LT$T$GT$::new::hea726b904867fdf6+0x19f (dump-tjs:x86_64+0x1000b37bf)
    #8 0x10d051550 in pprof::collector::Collector$LT$T$GT$::new::h04eb4a6cd7916669+0x30 (dump-tjs:x86_64+0x1000b4550)
    #9 0x10d05dba4 in pprof::profiler::Profiler::new::hec63829a994cc04a+0x24 (dump-tjs:x86_64+0x1000c0ba4)
    #10 0x10d055028 in core::ops::function::FnOnce::call_once::h32ec437d7c5003f7+0x18 (dump-tjs:x86_64+0x1000b8028)
    #11 0x10d051b11 in lazy_static::lazy::Lazy$LT$T$GT$::get::_$u7b$$u7b$closure$u7d$$u7d$::h6bc7232ade22f7df+0x21 (dump-tjs:x86_64+0x1000b4b11)
    #12 0x10d060f98 in std::sync::once::Once::call_once::_$u7b$$u7b$closure$u7d$$u7d$::h820e6dd8713b2457+0x38 (dump-tjs:x86_64+0x1000c3f98)
    #13 0x10d5d636d in std::sync::once::Once::call_inner::hf2527b5d031ff925+0x1ed (dump-tjs:x86_64+0x10063936d)
    #14 0x10d060f34 in std::sync::once::Once::call_once::h94db1d7650bb3e50+0x74 (dump-tjs:x86_64+0x1000c3f34)
    #15 0x10d05e54f in _$LT$pprof..profiler..PROFILER$u20$as$u20$core..ops..deref..Deref$GT$::deref::h06d87b55e2a28aa2+0x2f (dump-tjs:x86_64+0x1000c154f)
    #16 0x10d05cba5 in pprof::profiler::trigger_lazy::h3494183b22569d53+0x25 (dump-tjs:x86_64+0x1000bfba5)
    #17 0x10d05cbf6 in pprof::profiler::ProfilerGuard::new::h2acd95977bc6a75f+0x26 (dump-tjs:x86_64+0x1000bfbf6)
    #18 0x10d028be5 in dump_tjs::main::hfe8da54ef2505aab dump-tjs.rs:129
    #19 0x10d012a0d in core::ops::function::FnOnce::call_once::h67791a50b38bcfe2 function.rs:227
    #20 0x10cfd9830 in std::sys_common::backtrace::__rust_begin_short_backtrace::h4c9dad599b86be2a backtrace.rs:125
    #21 0x10cfcc173 in std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::hce484e6ba64dde89 rt.rs:63
    #22 0x10d4fb2d2 in core::ops::function::impls::_$LT$impl$u20$core..ops..function..FnOnce$LT$A$GT$$u20$for$u20$$RF$F$GT$::call_once::h0c84ea5dfec15b1a+0x12 (dump-tjs:x86_64+0x10055e2d2)
    #23 0x10d533d69 in std::panicking::try::do_call::hb37852e00490aef1+0x39 (dump-tjs:x86_64+0x100596d69)
    #24 0x10d5352aa in __rust_try+0x2a (dump-tjs:x86_64+0x1005982aa)
    #25 0x10d533bb8 in std::panicking::try::ha93df4408ed6a17b+0x68 (dump-tjs:x86_64+0x100596bb8)
    #26 0x10d4a08cb in std::panic::catch_unwind::hb872d3ec40b93f64+0x1b (dump-tjs:x86_64+0x1005038cb)
    #27 0x10d4d903e in std::rt::lang_start_internal::_$u7b$$u7b$closure$u7d$$u7d$::h79004bbf634c4351+0x1e (dump-tjs:x86_64+0x10053c03e)
    #28 0x10d533cb9 in std::panicking::try::do_call::h5efaa05777cc4a5e+0x39 (dump-tjs:x86_64+0x100596cb9)
    #29 0x10d5352aa in __rust_try+0x2a (dump-tjs:x86_64+0x1005982aa)

Direct leak of 65536 byte(s) in 1 object(s) allocated from:
    #0 0x10e0f4368 in wrap_malloc+0x58 (librustc-nightly_rt.lsan.dylib:x86_64h+0x8368)
    #1 0x10d4eb168 in std::sys::unix::alloc::_$LT$impl$u20$core..alloc..global..GlobalAlloc$u20$for$u20$std..alloc..System$GT$::alloc::h470ffdc85d4d4861+0x88 (dump-tjs:x86_64+0x10054e168)
    #2 0x10d50c658 in __rdl_alloc+0x38 (dump-tjs:x86_64+0x10056f658)
    #3 0x10d054af6 in alloc::alloc::alloc::h3263eab0325b5109+0x36 (dump-tjs:x86_64+0x1000b7af6)
    #4 0x10d054b75 in alloc::alloc::Global::alloc_impl::hb2c40b5c858fb521+0x65 (dump-tjs:x86_64+0x1000b7b75)
    #5 0x10d054e5a in _$LT$alloc..alloc..Global$u20$as$u20$core..alloc..Allocator$GT$::allocate::h3de4dcca1921f5e9+0x1a (dump-tjs:x86_64+0x1000b7e5a)
    #6 0x10d054a68 in alloc::alloc::exchange_malloc::h84da2d93f524304d+0x38 (dump-tjs:x86_64+0x1000b7a68)
    #7 0x10d0500cf in _$LT$pprof..collector..StackHashCounter$LT$T$GT$$u20$as$u20$core..default..Default$GT$::default::h5dad465f06daaf7c+0x4f (dump-tjs:x86_64+0x1000b30cf)
    #8 0x10d05153d in pprof::collector::Collector$LT$T$GT$::new::h04eb4a6cd7916669+0x1d (dump-tjs:x86_64+0x1000b453d)
    #9 0x10d05dba4 in pprof::profiler::Profiler::new::hec63829a994cc04a+0x24 (dump-tjs:x86_64+0x1000c0ba4)
    #10 0x10d055028 in core::ops::function::FnOnce::call_once::h32ec437d7c5003f7+0x18 (dump-tjs:x86_64+0x1000b8028)
    #11 0x10d051b11 in lazy_static::lazy::Lazy$LT$T$GT$::get::_$u7b$$u7b$closure$u7d$$u7d$::h6bc7232ade22f7df+0x21 (dump-tjs:x86_64+0x1000b4b11)
    #12 0x10d060f98 in std::sync::once::Once::call_once::_$u7b$$u7b$closure$u7d$$u7d$::h820e6dd8713b2457+0x38 (dump-tjs:x86_64+0x1000c3f98)
    #13 0x10d5d636d in std::sync::once::Once::call_inner::hf2527b5d031ff925+0x1ed (dump-tjs:x86_64+0x10063936d)
    #14 0x10d060f34 in std::sync::once::Once::call_once::h94db1d7650bb3e50+0x74 (dump-tjs:x86_64+0x1000c3f34)
    #15 0x10d05e54f in _$LT$pprof..profiler..PROFILER$u20$as$u20$core..ops..deref..Deref$GT$::deref::h06d87b55e2a28aa2+0x2f (dump-tjs:x86_64+0x1000c154f)
    #16 0x10d05cba5 in pprof::profiler::trigger_lazy::h3494183b22569d53+0x25 (dump-tjs:x86_64+0x1000bfba5)
    #17 0x10d05cbf6 in pprof::profiler::ProfilerGuard::new::h2acd95977bc6a75f+0x26 (dump-tjs:x86_64+0x1000bfbf6)
    #18 0x10d028be5 in dump_tjs::main::hfe8da54ef2505aab dump-tjs.rs:129
    #19 0x10d012a0d in core::ops::function::FnOnce::call_once::h67791a50b38bcfe2 function.rs:227
    #20 0x10cfd9830 in std::sys_common::backtrace::__rust_begin_short_backtrace::h4c9dad599b86be2a backtrace.rs:125
    #21 0x10cfcc173 in std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::hce484e6ba64dde89 rt.rs:63
    #22 0x10d4fb2d2 in core::ops::function::impls::_$LT$impl$u20$core..ops..function..FnOnce$LT$A$GT$$u20$for$u20$$RF$F$GT$::call_once::h0c84ea5dfec15b1a+0x12 (dump-tjs:x86_64+0x10055e2d2)
    #23 0x10d533d69 in std::panicking::try::do_call::hb37852e00490aef1+0x39 (dump-tjs:x86_64+0x100596d69)
    #24 0x10d5352aa in __rust_try+0x2a (dump-tjs:x86_64+0x1005982aa)
    #25 0x10d533bb8 in std::panicking::try::ha93df4408ed6a17b+0x68 (dump-tjs:x86_64+0x100596bb8)
    #26 0x10d4a08cb in std::panic::catch_unwind::hb872d3ec40b93f64+0x1b (dump-tjs:x86_64+0x1005038cb)
    #27 0x10d4d903e in std::rt::lang_start_internal::_$u7b$$u7b$closure$u7d$$u7d$::h79004bbf634c4351+0x1e (dump-tjs:x86_64+0x10053c03e)
    #28 0x10d533cb9 in std::panicking::try::do_call::h5efaa05777cc4a5e+0x39 (dump-tjs:x86_64+0x100596cb9)
    #29 0x10d5352aa in __rust_try+0x2a (dump-tjs:x86_64+0x1005982aa)

Indirect leak of 17563648 byte(s) in 4096 object(s) allocated from:
    #0 0x10e0f4368 in wrap_malloc+0x58 (librustc-nightly_rt.lsan.dylib:x86_64h+0x8368)
    #1 0x10d4eb168 in std::sys::unix::alloc::_$LT$impl$u20$core..alloc..global..GlobalAlloc$u20$for$u20$std..alloc..System$GT$::alloc::h470ffdc85d4d4861+0x88 (dump-tjs:x86_64+0x10054e168)
    #2 0x10d50c658 in __rdl_alloc+0x38 (dump-tjs:x86_64+0x10056f658)
    #3 0x10d054af6 in alloc::alloc::alloc::h3263eab0325b5109+0x36 (dump-tjs:x86_64+0x1000b7af6)
    #4 0x10d054b75 in alloc::alloc::Global::alloc_impl::hb2c40b5c858fb521+0x65 (dump-tjs:x86_64+0x1000b7b75)
    #5 0x10d054e5a in _$LT$alloc..alloc..Global$u20$as$u20$core..alloc..Allocator$GT$::allocate::h3de4dcca1921f5e9+0x1a (dump-tjs:x86_64+0x1000b7e5a)
    #6 0x10d054a68 in alloc::alloc::exchange_malloc::h84da2d93f524304d+0x38 (dump-tjs:x86_64+0x1000b7a68)
    #7 0x10d04f96f in _$LT$pprof..collector..Bucket$LT$T$GT$$u20$as$u20$core..default..Default$GT$::default::h28014b09fd497944+0x4f (dump-tjs:x86_64+0x1000b296f)
    #8 0x10d050178 in _$LT$pprof..collector..StackHashCounter$LT$T$GT$$u20$as$u20$core..default..Default$GT$::default::_$u7b$$u7b$closure$u7d$$u7d$::h78e2260d372dfc92+0x18 (dump-tjs:x86_64+0x1000b3178)
    #9 0x10d060dda in _$LT$core..slice..iter..IterMut$LT$T$GT$$u20$as$u20$core..iter..traits..iterator..Iterator$GT$::for_each::hcd72468f34694ebd+0x6a (dump-tjs:x86_64+0x1000c3dda)
    #10 0x10d05014e in _$LT$pprof..collector..StackHashCounter$LT$T$GT$$u20$as$u20$core..default..Default$GT$::default::h5dad465f06daaf7c+0xce (dump-tjs:x86_64+0x1000b314e)
    #11 0x10d05153d in pprof::collector::Collector$LT$T$GT$::new::h04eb4a6cd7916669+0x1d (dump-tjs:x86_64+0x1000b453d)
    #12 0x10d05dba4 in pprof::profiler::Profiler::new::hec63829a994cc04a+0x24 (dump-tjs:x86_64+0x1000c0ba4)
    #13 0x10d055028 in core::ops::function::FnOnce::call_once::h32ec437d7c5003f7+0x18 (dump-tjs:x86_64+0x1000b8028)
    #14 0x10d051b11 in lazy_static::lazy::Lazy$LT$T$GT$::get::_$u7b$$u7b$closure$u7d$$u7d$::h6bc7232ade22f7df+0x21 (dump-tjs:x86_64+0x1000b4b11)
    #15 0x10d060f98 in std::sync::once::Once::call_once::_$u7b$$u7b$closure$u7d$$u7d$::h820e6dd8713b2457+0x38 (dump-tjs:x86_64+0x1000c3f98)
    #16 0x10d5d636d in std::sync::once::Once::call_inner::hf2527b5d031ff925+0x1ed (dump-tjs:x86_64+0x10063936d)
    #17 0x10d060f34 in std::sync::once::Once::call_once::h94db1d7650bb3e50+0x74 (dump-tjs:x86_64+0x1000c3f34)
    #18 0x10d05e54f in _$LT$pprof..profiler..PROFILER$u20$as$u20$core..ops..deref..Deref$GT$::deref::h06d87b55e2a28aa2+0x2f (dump-tjs:x86_64+0x1000c154f)
    #19 0x10d05cba5 in pprof::profiler::trigger_lazy::h3494183b22569d53+0x25 (dump-tjs:x86_64+0x1000bfba5)
    #20 0x10d05cbf6 in pprof::profiler::ProfilerGuard::new::h2acd95977bc6a75f+0x26 (dump-tjs:x86_64+0x1000bfbf6)
    #21 0x10d028be5 in dump_tjs::main::hfe8da54ef2505aab dump-tjs.rs:129
    #22 0x10d012a0d in core::ops::function::FnOnce::call_once::h67791a50b38bcfe2 function.rs:227
    #23 0x10cfd9830 in std::sys_common::backtrace::__rust_begin_short_backtrace::h4c9dad599b86be2a backtrace.rs:125
    #24 0x10cfcc173 in std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::hce484e6ba64dde89 rt.rs:63
    #25 0x10d4fb2d2 in core::ops::function::impls::_$LT$impl$u20$core..ops..function..FnOnce$LT$A$GT$$u20$for$u20$$RF$F$GT$::call_once::h0c84ea5dfec15b1a+0x12 (dump-tjs:x86_64+0x10055e2d2)
    #26 0x10d533d69 in std::panicking::try::do_call::hb37852e00490aef1+0x39 (dump-tjs:x86_64+0x100596d69)
    #27 0x10d5352aa in __rust_try+0x2a (dump-tjs:x86_64+0x1005982aa)
    #28 0x10d533bb8 in std::panicking::try::ha93df4408ed6a17b+0x68 (dump-tjs:x86_64+0x100596bb8)
    #29 0x10d4a08cb in std::panic::catch_unwind::hb872d3ec40b93f64+0x1b (dump-tjs:x86_64+0x1005038cb)

SUMMARY: LeakSanitizer: 17890752 byte(s) leaked in 4098 allocation(s).

So I just removed the profiler (the only one I had found to work in the first place :-( ) and it seems to not crash anymore; give it a try.

(Haven't looked any further to find why this happens; will report it to https://github.com/tikv/pprof-rs and leave it at that.)