Number: 1600
Title: windows debug exceptiosn using graphviz dot tool
Submitter: kiran kintali
Date: Wed Mar 11 14:52:08 2009
Subsys: Dot
Version: 2.18
System: *-*-MS Windows XP Professional Version 2002, SP3
Severity: critical
Problem:

>> >>which dot
C:/Program Files/Graphviz2.18/Bin/dot.exe

Attached dot "gm_mminmax_33bitsdsp.dot" file does not error out in manual run mode using the following command

>> >> dot -Tplain -o gm_mminmax_33bitsdsp.plain gm_mminmax_33bitsdsp.dot

however if we use a debugger like visual studio which does some minimal instrumentation like heap checking the dot progam asserts with the following messages

=======================

Windows has triggered a breakpoint in dot.exe. This may be due to a corruption of the heap, and indicates a bug in dot.exe or any of the DLLs it has loaded. The output window may have more diagnostic information

This may be due to a corruption of the heap, and indicates a bug in dot.exe or any of the DLLs it has loaded.

The output window may have more diagnostic information HEAP[dot.exe]: Invalid Address specified to RtlFreeHeap( 003D0000, 00E52880 ) Windows has triggered a breakpoint in dot.exe.

This may be due to a corruption of the heap, and indicates a bug in dot.exe or any of the DLLs it has loaded.

The output window may have more diagnostic information The program '[548] dot.exe: Native' has exited with code 0 (0x0).

=======================


Input file: b1600.dot
Comments:
[arif] Why would this be a bug? We ship the release binaries not debug ones.

[north] It is reporting a runtime error in the argument passed to RtlFreeHeap.

If you run graphviz (dot) with a memory checker enabled, is it OK?

[north] They could be right. See below. Also of interest is the 79,000 lost memory objects.


>>
>> The output window may have more diagnostic information
>> HEAP[dot.exe]: Invalid Address specified to RtlFreeHeap( 003D0000,
>> 00E52880 ) Windows has triggered a breakpoint in dot.exe.
>>
scn<899> valgrind dot ~//tmp/sfdp/ksh.dot -o /dev/null
==12853== Memcheck, a memory error detector.
==12853== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==12853== Using LibVEX rev 1854, a library for dynamic binary translation.
==12853== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==12853== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation framework.
==12853== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==12853== For more details, rerun with: -v
==12853==
==12853== Invalid read of size 8
==12853==    at 0x97CA46C: dot_rank (rank.c:65)
==12853==    by 0x97C310D: dot_layout (dotinit.c:261)
==12853==    by 0x4E4CA88: gvLayoutJobs (gvlayout.c:88)
==12853==    by 0x400FD0: main (dot.c:209)
==12853==  Address 0x9fccaa0 is 184 bytes inside a block of size 264 free'd
==12853==    at 0x4C252AF: free (vg_replace_malloc.c:323)
==12853==    by 0x97CA528: dot_rank (rank.c:75)
==12853==    by 0x97C310D: dot_layout (dotinit.c:261)
==12853==    by 0x4E4CA88: gvLayoutJobs (gvlayout.c:88)
==12853==    by 0x400FD0: main (dot.c:209)
==12853==
==12853== ERROR SUMMARY: 746 errors from 1 contexts (suppressed: 78 from 3)
==12853== malloc/free: in use at exit: 11,294,799 bytes in 73,956 blocks.
==12853== malloc/free: 364,132 allocs, 290,176 frees, 63,931,200 bytes allocated.
==12853== For counts of detected errors, rerun with: -v
==12853== searching for pointers to 73,956 not-freed blocks.
==12853== checked 11,339,080 bytes.
==12853==
==12853== LEAK SUMMARY:
==12853==    definitely lost: 90,212 bytes in 1,473 blocks.
==12853==      possibly lost: 93,690 bytes in 91 blocks.
==12853==    still reachable: 11,110,897 bytes in 72,392 blocks.
==12853==         suppressed: 0 bytes in 0 blocks.
==12853== Rerun with --leak-check=full to see details of leaked memory.
scn<900>

Owner: arif
Status: *