GNOME Bugzilla – Bug 121455
Possible memory corruption in "Open Recent"
Last modified: 2004-12-22 21:47:04 UTC
This bug has been detected on AIX because the bad pointer used generates a core. ***** in egg-recent-item.c: GType egg_recent_item_get_type (void) { static GType boxed_type = 0; if (!boxed_type) { boxed_type = g_boxed_type_register_static ("EggRecentItem", (GBoxedCopyFunc)egg_recent_item_ref, (GBoxedFreeFunc)egg_recent_item_unref); } return boxed_type; } ***** GBoxedCopyFunc type is: typedef gpointer (*GBoxedCopyFunc) (gpointer boxed); ***** and egg_recent_item_ref is: void egg_recent_item_ref (EggRecentItem *item) { item->refcount++; } ***** and in boxed_proxy_collect_value: value->data[0].v_pointer = node->copy (collect_values[0].v_pointer); and node->copy() = egg_recent_item_ref() ***** BUT egg_recent_item_ref() returns NOTHING because type is void. THIS works on linux because the parameter is the value to return and I think it's stored in the same register.
Created attachment 19728 [details] [review] Correct the type of egg_recent_item_ref()
Same problem found in: ./file-roller/src/recent-files/egg-recent-item.c ./gedit/src/recent-files/egg-recent-item.c ./gnome-panel/gnome-panel/egg-recent-item.c ./nautilus/cut-n-paste-code/libegg/egg-recent-item.c
Reassigning to libegg.
I'm reassigning to the owner of the component.
Wow, that's an incredibly embarassing mistake. I'm applying the patch to libegg.
James : can we close the bug now that you committed the patch ?
Closing this bug, it's been fixed in libegg itself for a while now. I personally just committed updates to the libegg sources found in eog and nautilus. file-roller, gedit, and gnome-panel are using updated copies that contain this fix.