Opened 6 years ago

Closed 4 years ago

#845 closed defect/bug (fixed)

Program crash when setting a destination

Reported by: niccolo rigacci Owned by: KaZeR
Priority: major Milestone:
Component: core Version: git master
Severity: Keywords:
Cc:

Description

I'm running Navit SVN 4445 on the OpenMoko FreeRunner with Debian Sid (armel CPU).

When I set a destination (from bookmarks or from a click on the map), the program crashes. I don't have symbols compiled in, so the only message printed is:

#0  0x4042d5e8 in waitpid () from /lib/libc.so.6
#1  0x403d0598 in ?? () from /lib/libc.so.6
Cannot access memory at address 0x2062645e

The crash does not occur when I remove the ~/.navit/destination.txt file before starting Navit. But it works only the first time, when I set a destination for the sencond time, it crashes again.

To make the program usable I symlinked ~/.navit/destination.txt to /dev/null, so it does not crash (but it forgets its destination once exited).

The problem was not observed with svn3501.

The problem does not occurr with the same svn4445 version, but compiled and running on a Debian Squeeze nettop (i386 CPU).

The problem seems like #715, but having gpsd running and/or having a fix does not change the behaviour.

Change History (15)

comment:1 Changed 6 years ago by elhennig

The same behaviour can be observed for versions 4446 and 4466 on Android. On Android the problem does not occur with version 4281.

comment:2 Changed 6 years ago by antenna

This seems to happen when you jump back to the map either after setting a destination (bookmark)/changing settings or directly when you click on the globe icon.

comment:3 Changed 6 years ago by woglinde

Hi,

without debug-symbols, its hard for us dev to workout whats wrong. It might be my commit http://navit.svn.sourceforge.net/viewvc/navit?view=revision&revision=4462 But than it's only masked a another bug somewhere else. would be glad if you can test this version and report back.

Bye Henning

comment:4 Changed 6 years ago by timo lindfors

I might have hit the same bug. Happens on two armel systems (openmoko and mv78100) but does not happen on amd64. Does not occur if I recompile with -O0 but does occur if I recompile with -g -O2.

Since I found the dbus-send command this is now fully reproducible.

Steps to reproduce:
1) mkdir ~/.navit && cd ~/.navit

wget http://lindi.iki.fi/lindi/navit/finland.navit.bin
wget http://lindi.iki.fi/lindi/navit/navit.xml
wget http://lindi.iki.fi/lindi/navit/destination.txt

2) navit
3) dbus-send  --print-reply --session --dest=org.navit_project.navit /org/navit_project/navit/default_navit org.navit_project.navit.navit.set_destination string:"geo: 24.0 65.0" string:"comment"

Expected results:
3) navit does not crash

Actual results:
3) navit crashes.

More info:
1) screenshot from debugger: http://lindi.iki.fi/lindi/navit/navit-crash1.png
2) 

(gdb) bt full
#0  bookmarks_append_coord (this_=<value optimized out>, file=0x188a60 "/home/lindi/.navit/destination.txt", c=0xbebdb3a0, count=1, type=0x52e84 "former_destination", description=0x71a18 "aa", h=0x0, limit=10) at /home/lindi/debian/debian-navit/navit-0.5.0~svn4494+dfsg.1/navit/bookmarks.c:679
        offsets = 0xbebd92a8
        offset_pos = 0
        offset = 0
        buffer = "type=former_destination label=\"aa\"\n\000\030y\000@\000\000\000\000\000\000\000\000\002", '\000' <repeats 11 times>, "\030y\000@\000\000\000\000\000\000\000\000\002", '\000' <repeats 11 times>, "\030y\000@\000\000\000\000\000\000\000\000\002", '\000' <repeats 11 times>, "\030y\000@H\221\f\000\000\000\000\000\002", '\000' <repeats 11 times>, "\030y\000@\260\221\f\000\000\000\036@\002", '\000' <repeats 11 times>, "\030y\000@h\221\f\000\000\000\070@\002", '\000' <repeats 11 times>, "\030y\000@\230\221\f\000\000\000\360?\002", '\000' <repeats 11 times>, "\030y\000@\030\221\f\000\231\231\311?\002", '\000' <repeats 11 times>...
        f = 0x18f328
        prostr = <value optimized out>
#1  0x0002e538 in navit_set_destination (this_=0x72110, c=0xbebdb3a0, description=0x71a18 "aa", async=10) at /home/lindi/debian/debian-navit/navit-0.5.0~svn4494+dfsg.1/navit/navit.c:1448
        destination_file = 0x188a60 "/home/lindi/.navit/destination.txt"
        __PRETTY_FUNCTION__ = "navit_set_destination"
#2  0x406c5ac4 in request_navit_set_destination (connection=0x6e698, message=0x6e9a0) at /home/lindi/debian/debian-navit/navit-0.5.0~svn4494+dfsg.1/navit/binding/dbus/binding_dbus.c:1291
        pc = {pro = projection_mg, x = 2760602, y = 8450981}
        navit = 0x72110
        iter = {dummy1 = 0x6e9a0, dummy2 = 0x600000, dummy3 = 452716, dummy4 = 453028, dummy5 = 166, dummy6 = 453092, dummy7 = 28, dummy8 = 1081354660, dummy9 = 1608288, dummy10 = 1080846404, dummy11 = 1080882728, pad1 = 1080846812, pad2 = -1094863584, pad3 = 0x403f6fc8}
        description = 0x2a1f9a ""
        __PRETTY_FUNCTION__ = "request_navit_set_destination"
#3  0x406c309c in navit_handler_func (connection=0xbebdb480, message=0x6e9a0, user_data=<value optimized out>) at /home/lindi/debian/debian-navit/navit-0.5.0~svn4494+dfsg.1/navit/binding/dbus/binding_dbus.c:1694
        i = <value optimized out>
        path = 0x188a60 "/home/lindi/.navit/destination.txt"
        __PRETTY_FUNCTION__ = "navit_handler_func"
#4  0x4071fc24 in ?? () from /lib/arm-linux-gnueabi/libdbus-1.so.3
No symbol table info available.
#5  0x4071fc24 in ?? () from /lib/arm-linux-gnueabi/libdbus-1.so.3
No symbol table info available.
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) x/8i $pc
=> 0x4cb18 <bookmarks_append_coord+760>:	ldr	r2, [r2, #-56]	; 0x38
   0x4cb1c <bookmarks_append_coord+764>:	str	r6, [r2, r3, lsl #2]
   0x4cb20 <bookmarks_append_coord+768>:	bl	0x4d5f4 <__aeabi_idivmod>
   0x4cb24 <bookmarks_append_coord+772>:	sub	r3, r11, #8192	; 0x2000
   0x4cb28 <bookmarks_append_coord+776>:	str	r1, [r3, #-52]	; 0x34
   0x4cb2c <bookmarks_append_coord+780>:	b	0x4ca00 <bookmarks_append_coord+480>
   0x4cb30 <bookmarks_append_coord+784>:	ldr	r1, [pc, #56]	; 0x4cb70 <bookmarks_append_coord+848>
   0x4cb34 <bookmarks_append_coord+788>:	add	r1, pc, r1
(gdb) info register
r0             0x1	1
r1             0xa	10
r2             0x0	0
r3             0x0	0
r4             0x18f328	1635112
r5             0x59bf0	367600
r6             0x0	0
r7             0xbebd92f0	-1094872336
r8             0x188a60	1608288
r9             0xa	10
r10            0x1	1
r11            0xbebdb314	-1094864108
r12            0x403fb99c	1077918108
sp             0xbebd9298	0xbebd9298
lr             0x4c9f8	313848
pc             0x4cb18	0x4cb18 <bookmarks_append_coord+760>
cpsr           0xa0000010	-1610612720
(gdb) l
674			for (;;) {
675				offset=ftell(f);
676				if (!fgets(buffer, sizeof(buffer), f))
677					break;
678				if (strstr(buffer,"type=")) {
679					offsets[offset_pos]=offset;
680					offset_pos=(offset_pos+1)%limit;
681				}
682			}
683			fclose(f);
(gdb) info locals
offsets = 0xbefce2a8
offset_pos = 0
offset = 21
buffer = "type=former_destination label=\"aa\"\n\000\030y\000@\000\000\000\000\000\000\000\000\002", '\000' <repeats 11 times>, "\030y\000@\000\000\000\000\000\000\000\000\002", '\000' <repeats 11 times>, "\030y\000@\000\000\000\000\000\000\000\000\002", '\000' <repeats 11 times>, "\030y\000@H\221\f\000\000\000\000\000\002", '\000' <repeats 11 times>, "\030y\000@\260\221\f\000\000\000\036@\002", '\000' <repeats 11 times>, "\030y\000@h\221\f\000\000\000\070@\002", '\000' <repeats 11 times>, "\030y\000@\230\221\f\000\000\000\360?\002", '\000' <repeats 11 times>, "\030y\000@\030\221\f\000\231\231\311?\002", '\000' <repeats 11 times>...
f = 0x2dc1e8
prostr = <value optimized out>
(gdb) 

comment:5 Changed 6 years ago by timo lindfors

And before you ask. This is navit 0.5.0~svn4494+dfsg.1-1 from debian unstable.

comment:6 Changed 6 years ago by timo lindfors

(gdb) disassemble bookmarks_append_coord 
Dump of assembler code for function bookmarks_append_coord:
   0x0004c820 <+0>:	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
   0x0004c824 <+4>:	add	r11, sp, #32
   0x0004c828 <+8>:	sub	sp, sp, #8192	; 0x2000
   0x0004c82c <+12>:	sub	sp, sp, #44	; 0x2c
   0x0004c830 <+16>:	ldr	r9, [r11, #16]
   0x0004c834 <+20>:	mov	r8, r1
   0x0004c838 <+24>:	cmp	r9, #0
   0x0004c83c <+28>:	sub	r1, r11, #8192	; 0x2000
   0x0004c840 <+32>:	str	r2, [r1, #-40]	; 0x28
   0x0004c844 <+36>:	mov	r10, r3
   0x0004c848 <+40>:	bne	0x4c9a8 <bookmarks_append_coord+392>
   0x0004c84c <+44>:	ldr	r1, [pc, #748]	; 0x4cb40 <bookmarks_append_coord+800>
   0x0004c850 <+48>:	mov	r0, r8
   0x0004c854 <+52>:	add	r1, pc, r1
   0x0004c858 <+56>:	bl	0x13ac0 <fopen>
   0x0004c85c <+60>:	subs	r8, r0, #0
   0x0004c860 <+64>:	beq	0x4c994 <bookmarks_append_coord+372>
   0x0004c864 <+68>:	sub	r1, r11, #8192	; 0x2000
   0x0004c868 <+72>:	ldr	r1, [r1, #-40]	; 0x28
   0x0004c86c <+76>:	cmp	r1, #0
   0x0004c870 <+80>:	beq	0x4c988 <bookmarks_append_coord+360>
   0x0004c874 <+84>:	ldr	r2, [r11, #8]
   0x0004c878 <+88>:	cmp	r2, #0
   0x0004c87c <+92>:	ldr	r2, [r11, #4]
   0x0004c880 <+96>:	beq	0x4cb30 <bookmarks_append_coord+784>
   0x0004c884 <+100>:	ldr	r1, [pc, #696]	; 0x4cb44 <bookmarks_append_coord+804>
   0x0004c888 <+104>:	ldr	r3, [r11, #8]
   0x0004c88c <+108>:	add	r1, pc, r1
   0x0004c890 <+112>:	bl	0x13e98 <fprintf>
   0x0004c894 <+116>:	cmp	r10, #0
   0x0004c898 <+120>:	ble	0x4c994 <bookmarks_append_coord+372>
   0x0004c89c <+124>:	sub	r3, r11, #8192	; 0x2000
   0x0004c8a0 <+128>:	ldr	r4, [r3, #-40]	; 0x28
   0x0004c8a4 <+132>:	ldr	r3, [pc, #668]	; 0x4cb48 <bookmarks_append_coord+808>
   0x0004c8a8 <+136>:	sub	r2, r11, #8192	; 0x2000
   0x0004c8ac <+140>:	add	r1, pc, r3
   0x0004c8b0 <+144>:	ldr	r3, [pc, #660]	; 0x4cb4c <bookmarks_append_coord+812>
   0x0004c8b4 <+148>:	str	r1, [r2, #-40]	; 0x28
   0x0004c8b8 <+152>:	add	r1, pc, r3
   0x0004c8bc <+156>:	ldr	r3, [pc, #652]	; 0x4cb50 <bookmarks_append_coord+816>
   0x0004c8c0 <+160>:	str	r1, [r2, #-44]	; 0x2c
   0x0004c8c4 <+164>:	add	r1, pc, r3
   0x0004c8c8 <+168>:	ldr	r9, [pc, #644]	; 0x4cb54 <bookmarks_append_coord+820>
   0x0004c8cc <+172>:	mov	r5, #0
   0x0004c8d0 <+176>:	str	r1, [r2, #-48]	; 0x30
   0x0004c8d4 <+180>:	b	0x4c92c <bookmarks_append_coord+268>
   0x0004c8d8 <+184>:	ldr	r12, [r4, #8]
   0x0004c8dc <+188>:	ldr	r6, [pc, #628]	; 0x4cb58 <bookmarks_append_coord+824>
   0x0004c8e0 <+192>:	cmp	lr, #0
   0x0004c8e4 <+196>:	rsblt	lr, lr, #0
   0x0004c8e8 <+200>:	cmp	r12, #0
   0x0004c8ec <+204>:	add	r6, pc, r6
   0x0004c8f0 <+208>:	blt	0x4c97c <bookmarks_append_coord+348>
   0x0004c8f4 <+212>:	ldr	r7, [pc, #608]	; 0x4cb5c <bookmarks_append_coord+828>
   0x0004c8f8 <+216>:	add	r7, pc, r7
   0x0004c8fc <+220>:	cmp	r12, #0
   0x0004c900 <+224>:	rsblt	r12, r12, #0
   0x0004c904 <+228>:	mov	r0, r8
   0x0004c908 <+232>:	add	r1, pc, r9
   0x0004c90c <+236>:	add	r5, r5, #1
   0x0004c910 <+240>:	stm	sp, {r6, lr}
   0x0004c914 <+244>:	str	r7, [sp, #8]
   0x0004c918 <+248>:	str	r12, [sp, #12]
   0x0004c91c <+252>:	bl	0x13e98 <fprintf>
   0x0004c920 <+256>:	cmp	r5, r10
   0x0004c924 <+260>:	add	r4, r4, #12
   0x0004c928 <+264>:	beq	0x4c994 <bookmarks_append_coord+372>
   0x0004c92c <+268>:	mov	r1, #0
   0x0004c930 <+272>:	ldr	r0, [r4]
   0x0004c934 <+276>:	bl	0x39a64 <projection_to_name>
   0x0004c938 <+280>:	ldrb	r3, [r0]
   0x0004c93c <+284>:	sub	r1, r11, #8192	; 0x2000
   0x0004c940 <+288>:	cmp	r3, #0
   0x0004c944 <+292>:	ldr	lr, [r4, #4]
   0x0004c948 <+296>:	ldr	r3, [r1, #-40]	; 0x28
   0x0004c94c <+300>:	ldr	r1, [r1, #-44]	; 0x2c
   0x0004c950 <+304>:	mov	r2, r0
   0x0004c954 <+308>:	movne	r3, r1
   0x0004c958 <+312>:	cmp	lr, #0
   0x0004c95c <+316>:	bge	0x4c8d8 <bookmarks_append_coord+184>
   0x0004c960 <+320>:	ldr	r12, [r4, #8]
   0x0004c964 <+324>:	sub	r1, r11, #8192	; 0x2000
   0x0004c968 <+328>:	cmp	lr, #0
   0x0004c96c <+332>:	rsblt	lr, lr, #0
   0x0004c970 <+336>:	cmp	r12, #0
   0x0004c974 <+340>:	ldr	r6, [r1, #-48]	; 0x30
   0x0004c978 <+344>:	bge	0x4c8f4 <bookmarks_append_coord+212>
   0x0004c97c <+348>:	ldr	r7, [pc, #476]	; 0x4cb60 <bookmarks_append_coord+832>
   0x0004c980 <+352>:	add	r7, pc, r7
   0x0004c984 <+356>:	b	0x4c8fc <bookmarks_append_coord+220>
   0x0004c988 <+360>:	mov	r0, #10
   0x0004c98c <+364>:	mov	r1, r8
   0x0004c990 <+368>:	bl	0x13ef8 <fputc>
   0x0004c994 <+372>:	mov	r0, r8
   0x0004c998 <+376>:	bl	0x13a00 <fclose>
   0x0004c99c <+380>:	sub	sp, r11, #32
   0x0004c9a0 <+384>:	pop	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
   0x0004c9a4 <+388>:	bx	lr
   0x0004c9a8 <+392>:	ldr	r1, [pc, #436]	; 0x4cb64 <bookmarks_append_coord+836>
   0x0004c9ac <+396>:	mov	r0, r8
   0x0004c9b0 <+400>:	add	r1, pc, r1
   0x0004c9b4 <+404>:	bl	0x13ac0 <fopen>
   0x0004c9b8 <+408>:	subs	r4, r0, #0
   0x0004c9bc <+412>:	beq	0x4c84c <bookmarks_append_coord+44>
   0x0004c9c0 <+416>:	lsl	r3, r9, #2
   0x0004c9c4 <+420>:	add	r3, r3, #14
   0x0004c9c8 <+424>:	bic	r3, r3, #7
   0x0004c9cc <+428>:	sub	sp, sp, r3
   0x0004c9d0 <+432>:	ldr	r5, [pc, #400]	; 0x4cb68 <bookmarks_append_coord+840>
   0x0004c9d4 <+436>:	mov	r3, #0
   0x0004c9d8 <+440>:	sub	r1, r11, #8192	; 0x2000
   0x0004c9dc <+444>:	add	r2, sp, #16
   0x0004c9e0 <+448>:	str	r2, [r1, #-56]	; 0x38
   0x0004c9e4 <+452>:	add	r5, pc, r5
   0x0004c9e8 <+456>:	str	r3, [sp, #16]
   0x0004c9ec <+460>:	str	r3, [r1, #-52]	; 0x34
   0x0004c9f0 <+464>:	b	0x4ca00 <bookmarks_append_coord+480>
   0x0004c9f4 <+468>:	bl	0x13e20 <strstr>
   0x0004c9f8 <+472>:	cmp	r0, #0
   0x0004c9fc <+476>:	bne	0x4cb04 <bookmarks_append_coord+740>
   0x0004ca00 <+480>:	mov	r0, r4
   0x0004ca04 <+484>:	bl	0x13d48 <ftell>
   0x0004ca08 <+488>:	mov	r6, r0
   0x0004ca0c <+492>:	sub	r0, r11, #8192	; 0x2000
   0x0004ca10 <+496>:	mov	r1, #4096	; 0x1000
   0x0004ca14 <+500>:	sub	r0, r0, #36	; 0x24
   0x0004ca18 <+504>:	mov	r2, r4
   0x0004ca1c <+508>:	bl	0x13a0c <fgets>
   0x0004ca20 <+512>:	subs	r7, r0, #0
   0x0004ca24 <+516>:	sub	r0, r11, #8192	; 0x2000
   0x0004ca28 <+520>:	mov	r1, r5
   0x0004ca2c <+524>:	sub	r0, r0, #36	; 0x24
   0x0004ca30 <+528>:	bne	0x4c9f4 <bookmarks_append_coord+468>
   0x0004ca34 <+532>:	mov	r0, r4
   0x0004ca38 <+536>:	bl	0x13a00 <fclose>
   0x0004ca3c <+540>:	sub	r2, r11, #8192	; 0x2000
   0x0004ca40 <+544>:	ldr	r1, [r2, #-52]	; 0x34
   0x0004ca44 <+548>:	ldr	r3, [r2, #-56]	; 0x38
   0x0004ca48 <+552>:	ldr	r6, [r3, r1, lsl #2]
   0x0004ca4c <+556>:	cmp	r6, #0
   0x0004ca50 <+560>:	beq	0x4c84c <bookmarks_append_coord+44>
   0x0004ca54 <+564>:	ldr	r1, [pc, #272]	; 0x4cb6c <bookmarks_append_coord+844>
   0x0004ca58 <+568>:	mov	r0, r8
   0x0004ca5c <+572>:	add	r1, pc, r1
   0x0004ca60 <+576>:	bl	0x13ac0 <fopen>
   0x0004ca64 <+580>:	subs	r4, r0, #0
   0x0004ca68 <+584>:	beq	0x4c84c <bookmarks_append_coord+44>
   0x0004ca6c <+588>:	mov	r5, r4
   0x0004ca70 <+592>:	b	0x4caa0 <bookmarks_append_coord+640>
   0x0004ca74 <+596>:	bl	0x13c34 <fseek>
   0x0004ca78 <+600>:	sub	r0, r11, #4096	; 0x1000
   0x0004ca7c <+604>:	sub	r0, r0, #36	; 0x24
   0x0004ca80 <+608>:	mov	r1, r4
   0x0004ca84 <+612>:	mov	r2, #1
   0x0004ca88 <+616>:	mov	r3, r5
   0x0004ca8c <+620>:	bl	0x13e50 <fwrite>
   0x0004ca90 <+624>:	cmp	r0, #1
   0x0004ca94 <+628>:	bne	0x4c84c <bookmarks_append_coord+44>
   0x0004ca98 <+632>:	add	r6, r6, r4
   0x0004ca9c <+636>:	add	r7, r7, r4
   0x0004caa0 <+640>:	mov	r1, r6
   0x0004caa4 <+644>:	mov	r2, #0
   0x0004caa8 <+648>:	mov	r0, r5
   0x0004caac <+652>:	bl	0x13c34 <fseek>
   0x0004cab0 <+656>:	sub	r0, r11, #4096	; 0x1000
   0x0004cab4 <+660>:	mov	r1, #1
   0x0004cab8 <+664>:	mov	r2, #4096	; 0x1000
   0x0004cabc <+668>:	sub	r0, r0, #36	; 0x24
   0x0004cac0 <+672>:	mov	r3, r5
   0x0004cac4 <+676>:	bl	0x140a8 <fread>
   0x0004cac8 <+680>:	subs	r4, r0, #0
   0x0004cacc <+684>:	mov	r1, r7
   0x0004cad0 <+688>:	mov	r2, #0
   0x0004cad4 <+692>:	mov	r0, r5
   0x0004cad8 <+696>:	bne	0x4ca74 <bookmarks_append_coord+596>
   0x0004cadc <+700>:	mov	r0, r5
   0x0004cae0 <+704>:	bl	0x13c70 <fflush>
   0x0004cae4 <+708>:	mov	r0, r5
   0x0004cae8 <+712>:	bl	0x138c8 <fileno>
   0x0004caec <+716>:	mov	r1, r7
   0x0004caf0 <+720>:	bl	0x13f28 <ftruncate>
   0x0004caf4 <+724>:	mov	r0, r5
   0x0004caf8 <+728>:	mov	r4, r5
   0x0004cafc <+732>:	bl	0x13a00 <fclose>
   0x0004cb00 <+736>:	b	0x4c84c <bookmarks_append_coord+44>
   0x0004cb04 <+740>:	sub	r2, r11, #8192	; 0x2000
   0x0004cb08 <+744>:	ldr	r2, [r2, #-52]	; 0x34
   0x0004cb0c <+748>:	mov	r1, r9
   0x0004cb10 <+752>:	mov	r3, r2
   0x0004cb14 <+756>:	add	r0, r2, #1
=> 0x0004cb18 <+760>:	ldr	r2, [r2, #-56]	; 0x38
   0x0004cb1c <+764>:	str	r6, [r2, r3, lsl #2]
   0x0004cb20 <+768>:	bl	0x4d5f4 <__aeabi_idivmod>
   0x0004cb24 <+772>:	sub	r3, r11, #8192	; 0x2000
   0x0004cb28 <+776>:	str	r1, [r3, #-52]	; 0x34
   0x0004cb2c <+780>:	b	0x4ca00 <bookmarks_append_coord+480>
   0x0004cb30 <+784>:	ldr	r1, [pc, #56]	; 0x4cb70 <bookmarks_append_coord+848>
   0x0004cb34 <+788>:	add	r1, pc, r1
   0x0004cb38 <+792>:	bl	0x13e98 <fprintf>
   0x0004cb3c <+796>:	b	0x4c894 <bookmarks_append_coord+116>
   0x0004cb40 <+800>:	andeq	r11, r0, r0, asr sp
   0x0004cb44 <+804>:	andeq	sp, r0, r4, ror #6
   0x0004cb48 <+808>:	andeq	r5, r0, r4, lsr #24
   0x0004cb4c <+812>:	andeq	r3, r0, r12, lsl #27
   0x0004cb50 <+816>:	andeq	r5, r0, r0, asr r8
   0x0004cb54 <+820>:	andeq	sp, r0, r8, lsl #6
   0x0004cb58 <+824>:	andeq	r5, r0, r4, ror #23
   0x0004cb5c <+828>:	ldrdeq	r5, [r0], -r8
   0x0004cb60 <+832>:	muleq	r0, r4, r7
   0x0004cb64 <+836>:	andeq	r4, r0, r12, asr r7
   0x0004cb68 <+840>:	andeq	sp, r0, r4, lsl #4
   0x0004cb6c <+844>:	andeq	r8, r0, r0, lsl r2
   0x0004cb70 <+848>:	ldrdeq	sp, [r0], -r0
End of assembler dump.
(gdb) 

comment:7 Changed 6 years ago by timo lindfors

void
bookmarks_append_coord(struct bookmarks *this_, char *file, struct pcoord *c, int count, const char *type, const char *description, GHashTable *h, int limit)
{
	FILE *f;
	const char *prostr;

	if (limit != 0 && (f=fopen(file, "r"))) {
		int *offsets=g_alloca(sizeof(int)*limit);
		int offset_pos=0;
		int offset;
		char buffer[4096];
		memset(offsets, 0, sizeof(offsets));
		for (;;) {
			offset=ftell(f);
			if (!fgets(buffer, sizeof(buffer), f))
				break;
			if (strstr(buffer,"type=")) {
				offsets[offset_pos]=offset;
				offset_pos=(offset_pos+1)%limit;
			}
		}
		fclose(f);
		bookmarks_shrink(file, offsets[offset_pos]);
	}
	f=fopen(file, "a");
	if (f) {
		if (c) {
			int i;
			if (description) 
				fprintf(f,"type=%s label=\"%s\"\n", type, description);
			else
				fprintf(f,"type=%s\n", type);
			for (i = 0 ; i < count ; i++) {
				prostr = projection_to_name(c[i].pro,NULL);
				fprintf(f,"%s%s%s0x%x %s0x%x\n",
				 prostr, *prostr ? ":" : "",
				 c[i].x >= 0 ? "":"-", c[i].x >= 0 ? c[i].x : -c[i].x,
				 c[i].y >= 0 ? "":"-", c[i].y >= 0 ? c[i].y : -c[i].y);
			}
		} else
			fprintf(f,"\n");
	}
	fclose(f);
}

comment:8 Changed 6 years ago by pini

Hi,

I've tried to reproduce this bug without success so far. Unfortunately I don't have a working pure Debian installation on my Freerunner presently. Hence I'm using QtMoko v35 which is based on Debian squeeze.

There I've run the test case detailed in comment #4 which Navit completes correctly.

Navit version: 0.5.0~svn4776+dfsg.1-1

comment:9 Changed 6 years ago by antenna

I don't know, but maybe an unsupported menu html like in ticket #926 has something to do with this issue.

comment:10 Changed 6 years ago by pini

Reproduced, finally. I've had to repartition my SD card to make some room for a fresh Debian sid installation beside QtMoko. And once there I can reproduce the test case.

Last edited 6 years ago by pini (previous) (diff)

comment:11 Changed 6 years ago by pini

Not so reproducible :/

In the process of setting up a build environment for debugging I've recompiled the package into a sid chroot, with *no change at all*. The so built package passes the test case correctly. Strange enough...

comment:12 Changed 6 years ago by pini

I didn't success either using the same gcc-4.6 suite as the one used by the Debian armel buildd for navit (version 1:4.6.1-9).

Timo, does the problem still occur with your own builds?

comment:13 Changed 6 years ago by timo lindfors

navit 0.5.0~svn4776+dfsg.1-1 in debian unstable crashes with the steps I provided at least on mv78100 armel system.

comment:14 Changed 6 years ago by pini

I've just tried with navit 0.5.0~svn4776+dfsg.1-2 from unstable and the crash doesn't occur anymore.

comment:15 Changed 4 years ago by usul

  • Resolution set to fixed
  • Status changed from new to closed

I can confirm that everything is ok on WinCE and Linux. I close this ticket, but feel free to reopen it. Thanks for your reports!

Note: See TracTickets for help on using tickets.