After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 303932 - gam_server crash in pollonly mode
gam_server crash in pollonly mode
Status: RESOLVED FIXED
Product: gamin
Classification: Other
Component: general
unspecified
Other Linux
: Normal normal
: ---
Assigned To: Gamin Maintainer(s)
Gamin Maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2005-05-12 15:59 UTC by Frederic Crozat
Modified: 2005-05-20 11:26 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
fix crash and factorise code (4.69 KB, patch)
2005-05-19 15:23 UTC, Frederic Crozat 		committed Details | Review

Description Frederic Crozat 2005-05-12 15:59:13 UTC 
Distribution/Version: Mandriva Linux cookoer

gamin 0.1.0

while debugging bug #303927, I ran gnome-panel and gam_server in gdb.

gnome-panel crashed in gdb but gam_server continued to poll files (since
gnome-panel was still running, it wasn't aware of client death).

When I stopped gnome-panel gdb, gamin noticed client exiting but also crashed :

Tree has 8 nodes
Removing node sub: /home/a/.config/menus/settings.menu
node_remove_subscription(/home/a/.config/menus/settings.menu)
  gam_exclude_check: true
prune_tree: node /home/a/.config/menus
prune_tree: node /home/a/.config
prune_tree: node /home/a
prune_tree: node /home
Freeing subscription for /home/a/.config/menus/settings.menu
Tree has 3 nodes
Poll: removed subscription
Closing connection 9
Poll: poll_file for  called
 at 1115912440 delta 1 : 0
Poll removing busy node
gam_poll_delist_node

Program received signal SIGSEGV, Segmentation fault.
poll_file (node=0x8072a58) at gam_poll.c:313
313             subs = subs->next;
(gdb) bt

+ Trace 59551

  • #0 poll_file
    at gam_poll.c line 313
  • #1 gam_poll_scan_directory_internal
    at gam_poll.c line 560
  • #2 gam_poll_scan_all_callback
    at gam_poll.c line 877
  • #3 g_timeout_dispatch
    at gmain.c line 3292
  • #4 g_main_dispatch
    at gmain.c line 1933
  • #5 IA__g_main_context_dispatch
    at gmain.c line 2483
  • #6 g_main_context_iterate
    at gmain.c line 2564
  • #7 IA__g_main_loop_run
    at gmain.c line 2768
  • #8 main
    at gam_server.c line 380 






Comment 1


Frederic Crozat





          2005-05-19 12:27:57 UTC
        



valgrind stack trace (with cvs from 19/05/2005) :

==19879==
==19879== Invalid read of size 4
==19879==    at 0x804AD7C: gam_node_get_path (gam_node.c:129)
==19879==    by 0x804BF6B: gam_poll_scan_directory_internal (gam_poll.c:552)
==19879==    by 0x804C574: gam_poll_scan_all_callback (gam_poll.c:877)
==19879==    by 0x1B92C21D: g_timeout_dispatch (gmain.c:3292)
==19879==    by 0x1B929E4D: g_main_dispatch (gmain.c:1933)
==19879==    by 0x1B92ACA6: g_main_context_dispatch (gmain.c:2483)
==19879==    by 0x1B92B068: g_main_context_iterate (gmain.c:2564)
==19879==    by 0x1B92B62C: g_main_loop_run (gmain.c:2768)
==19879==    by 0x804AB81: main (gam_server.c:380)
==19879==  Address 0x1BBDD140 is 0 bytes inside a block of size 128 free'd
==19879==    at 0x1B9037CD: free (vg_replace_malloc.c:152)
==19879==    by 0x1B92F9FD: g_free (gmem.c:187)
==19879==    by 0x804B097: gam_tree_remove (gam_tree.c:144)
==19879==    by 0x804CD12: gam_poll_remove_subscription (gam_poll.c:659)
==19879==    by 0x804A384: gam_listener_free (gam_listener.c:80)
==19879==    by 0x804E2C8: gam_connection_close (gam_connection.c:91)
==19879==    by 0x804D70B: gam_client_conn_shutdown (gam_channel.c:677)
==19879==    by 0x804D8C5: gam_client_conn_read (gam_channel.c:281)
==19879==    by 0x1B94C5DC: g_io_unix_dispatch (giounix.c:162)
==19879==    by 0x1B929E4D: g_main_dispatch (gmain.c:1933)
==19879==    by 0x1B92ACA6: g_main_context_dispatch (gmain.c:2483)
==19879==    by 0x1B92B068: g_main_context_iterate (gmain.c:2564)
==19879==
==19879== Invalid read of size 4
==19879==    at 0x804AD8C: gam_node_get_subscriptions (gam_node.c:143)
==19879==    by 0x804BF7D: gam_poll_scan_directory_internal (gam_poll.c:557)
==19879==    by 0x804C574: gam_poll_scan_all_callback (gam_poll.c:877)
==19879==    by 0x1B92C21D: g_timeout_dispatch (gmain.c:3292)
==19879==    by 0x1B929E4D: g_main_dispatch (gmain.c:1933)
==19879==    by 0x1B92ACA6: g_main_context_dispatch (gmain.c:2483)
==19879==    by 0x1B92B068: g_main_context_iterate (gmain.c:2564)
==19879==    by 0x1B92B62C: g_main_loop_run (gmain.c:2768)
==19879==    by 0x804AB81: main (gam_server.c:380)
==19879==  Address 0x1BBDD144 is 4 bytes inside a block of size 128 free'd
==19879==    at 0x1B9037CD: free (vg_replace_malloc.c:152)
==19879==    by 0x1B92F9FD: g_free (gmem.c:187)
==19879==    by 0x804B097: gam_tree_remove (gam_tree.c:144)
==19879==    by 0x804CD12: gam_poll_remove_subscription (gam_poll.c:659)
==19879==    by 0x804A384: gam_listener_free (gam_listener.c:80)
==19879==    by 0x804E2C8: gam_connection_close (gam_connection.c:91)
==19879==    by 0x804D70B: gam_client_conn_shutdown (gam_channel.c:677)
==19879==    by 0x804D8C5: gam_client_conn_read (gam_channel.c:281)
==19879==    by 0x1B94C5DC: g_io_unix_dispatch (giounix.c:162)
==19879==    by 0x1B929E4D: g_main_dispatch (gmain.c:1933)
==19879==    by 0x1B92ACA6: g_main_context_dispatch (gmain.c:2483)
==19879==    by 0x1B92B068: g_main_context_iterate (gmain.c:2564)
==19879==
==19879== Invalid read of size 4
==19879==    at 0x804AD3C: gam_node_is_dir (gam_node.c:101)
==19879==    by 0x804C057: gam_poll_scan_directory_internal (gam_poll.c:602)
==19879==    by 0x804C574: gam_poll_scan_all_callback (gam_poll.c:877)
==19879==    by 0x1B92C21D: g_timeout_dispatch (gmain.c:3292)
==19879==    by 0x1B929E4D: g_main_dispatch (gmain.c:1933)
==19879==    by 0x1B92ACA6: g_main_context_dispatch (gmain.c:2483)
==19879==    by 0x1B92B068: g_main_context_iterate (gmain.c:2564)
==19879==    by 0x1B92B62C: g_main_loop_run (gmain.c:2768)
==19879==    by 0x804AB81: main (gam_server.c:380)
==19879==  Address 0x1BBDD14C is 12 bytes inside a block of size 128 free'd
==19879==    at 0x1B9037CD: free (vg_replace_malloc.c:152)
==19879==    by 0x1B92F9FD: g_free (gmem.c:187)
==19879==    by 0x804B097: gam_tree_remove (gam_tree.c:144)
==19879==    by 0x804CD12: gam_poll_remove_subscription (gam_poll.c:659)
==19879==    by 0x804A384: gam_listener_free (gam_listener.c:80)
==19879==    by 0x804E2C8: gam_connection_close (gam_connection.c:91)
==19879==    by 0x804D70B: gam_client_conn_shutdown (gam_channel.c:677)
==19879==    by 0x804D8C5: gam_client_conn_read (gam_channel.c:281)
==19879==    by 0x1B94C5DC: g_io_unix_dispatch (giounix.c:162)
==19879==    by 0x1B929E4D: g_main_dispatch (gmain.c:1933)
==19879==    by 0x1B92ACA6: g_main_context_dispatch (gmain.c:2483)
==19879==    by 0x1B92B068: g_main_context_iterate (gmain.c:2564)
==19879==
==19879== Invalid read of size 4
==19879==    at 0x804B272: gam_tree_get_children (gam_tree.c:251)
==19879==    by 0x804C068: gam_poll_scan_directory_internal (gam_poll.c:603)
==19879==    by 0x804C574: gam_poll_scan_all_callback (gam_poll.c:877)
==19879==    by 0x1B92C21D: g_timeout_dispatch (gmain.c:3292)
==19879==    by 0x1B929E4D: g_main_dispatch (gmain.c:1933)
==19879==    by 0x1B92ACA6: g_main_context_dispatch (gmain.c:2483)
==19879==    by 0x1B92B068: g_main_context_iterate (gmain.c:2564)
==19879==    by 0x1B92B62C: g_main_loop_run (gmain.c:2768)
==19879==    by 0x804AB81: main (gam_server.c:380)
==19879==  Address 0x1BBDD148 is 8 bytes inside a block of size 128 free'd
==19879==    at 0x1B9037CD: free (vg_replace_malloc.c:152)
==19879==    by 0x1B92F9FD: g_free (gmem.c:187)
==19879==    by 0x804B097: gam_tree_remove (gam_tree.c:144)
==19879==    by 0x804CD12: gam_poll_remove_subscription (gam_poll.c:659)
==19879==    by 0x804A384: gam_listener_free (gam_listener.c:80)
==19879==    by 0x804E2C8: gam_connection_close (gam_connection.c:91)
==19879==    by 0x804D70B: gam_client_conn_shutdown (gam_channel.c:677)
==19879==    by 0x804D8C5: gam_client_conn_read (gam_channel.c:281)
==19879==    by 0x1B94C5DC: g_io_unix_dispatch (giounix.c:162)
==19879==    by 0x1B929E4D: g_main_dispatch (gmain.c:1933)
==19879==    by 0x1B92ACA6: g_main_context_dispatch (gmain.c:2483)
==19879==    by 0x1B92B068: g_main_context_iterate (gmain.c:2564)
==19879==
==19879== Invalid read of size 4
==19879==    at 0x1B932E28: g_node_n_children (gnode.c:915)
==19879==    by 0x804B285: gam_tree_get_children (gam_tree.c:254)
==19879==    by 0x804C068: gam_poll_scan_directory_internal (gam_poll.c:603)
==19879==    by 0x804C574: gam_poll_scan_all_callback (gam_poll.c:877)
==19879==    by 0x1B92C21D: g_timeout_dispatch (gmain.c:3292)
==19879==    by 0x1B929E4D: g_main_dispatch (gmain.c:1933)
==19879==    by 0x1B92ACA6: g_main_context_dispatch (gmain.c:2483)
==19879==    by 0x1B92B068: g_main_context_iterate (gmain.c:2564)
==19879==    by 0x1B92B62C: g_main_loop_run (gmain.c:2768)
==19879==    by 0x804AB81: main (gam_server.c:380)
==19879==  Address 0x1BBDD270 is 16 bytes inside a block of size 20 free'd
==19879==    at 0x1B9037CD: free (vg_replace_malloc.c:152)
==19879==    by 0x1B92F9FD: g_free (gmem.c:187)
==19879==    by 0x1B931DA5: g_nodes_free (gnode.c:198)
==19879==    by 0x1B931E16: g_node_destroy (gnode.c:212)
==19879==    by 0x804B08F: gam_tree_remove (gam_tree.c:143)
==19879==    by 0x804CD12: gam_poll_remove_subscription (gam_poll.c:659)
==19879==    by 0x804A384: gam_listener_free (gam_listener.c:80)
==19879==    by 0x804E2C8: gam_connection_close (gam_connection.c:91)
==19879==    by 0x804D70B: gam_client_conn_shutdown (gam_channel.c:677)
==19879==    by 0x804D8C5: gam_client_conn_read (gam_channel.c:281)
==19879==    by 0x1B94C5DC: g_io_unix_dispatch (giounix.c:162)
==19879==    by 0x1B929E4D: g_main_dispatch (gmain.c:1933)







Comment 2


Frederic Crozat





          2005-05-19 15:23:56 UTC
        



Created attachment 46643 [details] [review]
fix crash and factorise code

permission to commit ?






Comment 3


Daniel Veillard





          2005-05-20 11:21:47 UTC
        



Looks fine, sure, go ahead !

Daniel






Comment 4


Frederic Crozat





          2005-05-20 11:26:45 UTC
        



committed on HEAD.