Bug 357203 – Invalid read reported by valgrind

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 357203 - Invalid read reported by valgrind


Summary:	Invalid read reported by valgrind


Status:	RESOLVED FIXED

Product:	bug-buddy
Classification:	Deprecated
Component:	general
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Bug-buddy Maintainers
QA Contact:	Bug-buddy Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2006-09-22 14:27 UTC by Kjartan Maraas
Modified:	2006-12-20 17:32 UTC

See Also:
GNOME target:	---
GNOME version:	2.15/2.16

Description Kjartan Maraas 2006-09-22 14:27:01 UTC

Backtrace:

==18889== Invalid read of size 1
==18889==    at 0x400621B: strcmp (mc_replace_strmem.c:340)
==18889==    by 0x804F2AF: load_applications (bugzilla.c:383)
==18889==    by 0x804CF23: main (bug-buddy.c:1152)
==18889==  Address 0x5C32D40 is 0 bytes inside a block of size 10 free'd
==18889==    at 0x4004FE0: free (vg_replace_malloc.c:233)
==18889==    by 0x4B57270: g_free (gmem.c:187)
==18889==    by 0x4027625: desktop_entry_unref (desktop-entries.c:432)
==18889==    by 0x402A32D: gmenu_tree_item_unref (gmenu-tree.c:1396)
==18889==    by 0x804F62B: load_applications (bugzilla.c:441)
==18889==    by 0x804CF23: main (bug-buddy.c:1152)

Comment 1 Kjartan Maraas 2006-11-28 09:49:31 UTC

This leads to crashes sometimes when bug-buddy starts. I've seen it crash a few times running under valgrind, but it's hard to get a backtrace when it happens

Comment 2 Fernando Herrera 2006-12-02 17:21:02 UTC

the invalid read is an error in gmenu_tree_entry_get_name (entry) returning some invalid address intead of NULL

Comment 3 Kjartan Maraas 2006-12-06 01:07:00 UTC

should we move it there then?

Comment 4 Fernando Herrera 2006-12-13 22:47:41 UTC

yup.

Comment 5 Mark McLoughlin 2006-12-20 10:14:26 UTC

Here's your bug:

  prev_name = gmenu_tree_entry_get_name (entry);
  g_key_file_free (key_file);
  gmenu_tree_item_unref (entry);

prev_name is now freed and the pointer now points to an invalid address

Comment 6 Fernando Herrera 2006-12-20 17:32:27 UTC

Mark, thanks _a lot_ for pointing this.

2006-12-20  Fernando Herrera  <fherrera@onirica.com>

        * src/bugzilla.c: (load_applications): dup the
        string from gmenu_tree_entry_get_name for prev_name
        before freeing the keyfile/entry. Fix bug #357203.
        Thanks to Mark McLoughlin!.