Menu
▾
▴
#4 *** glibc detected *** double free or corruption
Hi.
I'm working on the following system:
- Ubuntu 8.04 with g++-4.2
- PAL SVN checkout (Revision #31)
- Bullet Collision Detection and Physics Library version 2.69
When making a distance query on a palBox and a palConvex object (about 450 vertices) with the transponderSensor, I get the following error
*** glibc detected *** ./HalloWorld: double free or corruption (fasttop): 0x080a90b8 ***
with the backtrace listed below.
I don't get this error when I do exactly the same query on two palBoxes. The palConvex object doesn"t cause any error without the collision query.
I can provide more detailed information if necessary.
*** glibc detected *** ./HalloWorld: double free or corruption (fasttop): 0x080a90b8 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7bd0a85]
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7bd44f0]
/usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0xb7d9cb11]
./HalloWorld(_ZN9__gnu_cxx13new_allocatorIP20palTransponderSenderE10deallocateEPS2_j+0x11)[0x806c29f]
./HalloWorld(_ZNSt12_Vector_baseIP20palTransponderSenderSaIS1_EE13_M_deallocateEPS1_j+0x27)[0x806c2c9]
./HalloWorld(_ZNSt12_Vector_baseIP20palTransponderSenderSaIS1_EED2Ev+0x36)[0x806c302]
./HalloWorld(_ZNSt6vectorIP20palTransponderSenderSaIS1_EED1Ev+0x54)[0x806c7b2]
liblibpal_bullet.so[0xb7e93f20]
/lib/tls/i686/cmov/libc.so.6(__cxa_finalize+0xb1)[0xb7b933b1]
liblibpal_bullet.so[0xb7e67d73]
liblibpal_bullet.so[0xb7f06bdc]
/lib/ld-linux.so.2[0xb7f5efdf]
/lib/tls/i686/cmov/libc.so.6(exit+0xd4)[0xb7b93084]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe8)[0xb7b7b458]
./HalloWorld(__gxx_personality_v0+0x7d)[0x8068c01]
======= Memory map: ========
08048000-080a3000 r-xp 00000000 09:01 7226177 /path/HalloWorld/Debug/HalloWorld
080a3000-080a4000 rw-p 0005a000 09:01 7226177 /path/HalloWorld/Debug/HalloWorld
080a4000-080c5000 rw-p 080a4000 00:00 0 [heap]
b4500000-b4521000 rw-p b4500000 00:00 0
b4521000-b4600000 ---p b4521000 00:00 0
b467f000-b7b65000 rw-p b467f000 00:00 0
b7b65000-b7cae000 r-xp 00000000 09:00 245914 /lib/tls/i686/cmov/libc-2.7.so
b7cae000-b7caf000 r--p 00149000 09:00 245914 /lib/tls/i686/cmov/libc-2.7.so
b7caf000-b7cb1000 rw-p 0014a000 09:00 245914 /lib/tls/i686/cmov/libc-2.7.so
b7cb1000-b7cb4000 rw-p b7cb1000 00:00 0
b7cb4000-b7cbe000 r-xp 00000000 09:00 245776 /lib/libgcc_s.so.1
b7cbe000-b7cbf000 rw-p 0000a000 09:00 245776 /lib/libgcc_s.so.1
b7cbf000-b7cc0000 rw-p b7cbf000 00:00 0
b7cc0000-b7ce3000 r-xp 00000000 09:00 245919 /lib/tls/i686/cmov/libm-2.7.so
b7ce3000-b7ce5000 rw-p 00023000 09:00 245919 /lib/tls/i686/cmov/libm-2.7.so
b7ce5000-b7dcd000 r-xp 00000000 09:00 312244 /usr/lib/libstdc++.so.6.0.9
b7dcd000-b7dd0000 r--p 000e8000 09:00 312244 /usr/lib/libstdc++.so.6.0.9
b7dd0000-b7dd2000 rw-p 000eb000 09:00 312244 /usr/lib/libstdc++.so.6.0.9
b7dd2000-b7dd8000 rw-p b7dd2000 00:00 0
b7dd8000-b7dda000 r-xp 00000000 09:00 245917 /lib/tls/i686/cmov/libdl-2.7.so
b7dda000-b7ddc000 rw-p 00001000 09:00 245917 /lib/tls/i686/cmov/libdl-2.7.so
b7dec000-b7ded000 rw-p b7dec000 00:00 0
b7ded000-b7f24000 r-xp 00000000 09:01 7226179 /path/HalloWorld/Debug/liblibpal_bullet.so
b7f24000-b7f2c000 rw-p 00137000 09:01 7226179 /path/HalloWorld/Debug/liblibpal_bullet.so
b7f2c000-b7f50000 rw-p b7f2c000 00:00 0
b7f50000-b7f51000 r-xp b7f50000 00:00 0 [vdso]
b7f51000-b7f6b000 r-xp 00000000 09:00 245777 /lib/ld-2.7.so
b7f6b000-b7f6d000 rw-p 00019000 09:00 245777 /lib/ld-2.7.so
bfc28000-bfc3e000 rw-p bffea000 00:00 0 [stack]
Abort
Discussion
Logged In: YES
user_id=1257292
Originator: YES
Addition: The error seems to occurr when calling
PF->Cleanup();
at the end of the program.
I have encountered the same or a really similar bug in the Bullet connector, too. I've narrowed my problem down somewhat:
The destructor palBulletGeometry::~palBulletGeometry deletes m_pbtShape *and* later this same object is deleted by palBulletBodyBase::~palBulletBodyBase (when it deletes m_pbtBody->getCollisionShape).
I ran into this just with running the example program. I don't know exactly what situations trigger it.
Is anyone looking into this? This bug was opened over a year ago.