After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 421252 - [PATCH] Keyboard indicator applet crashes due to free() error
[PATCH] Keyboard indicator applet crashes due to free() error
Status: RESOLVED FIXED
Product: libgnomekbd
Classification: Core
Component: Indicator
2.18.x
Other FreeBSD
: Normal critical
: ---
Assigned To: libgnomekbd maintainers
Sergey V. Udaltsov
Depends on:
Blocks:
 
 
Reported: 2007-03-21 22:11 UTC by Joe Marcus Clarke
Modified: 2007-03-22 23:00 UTC
See Also:
GNOME target: ---
GNOME version: 2.17/2.18

Attachments
Fix crash due to improperly free'd memory (647 bytes, patch)
2007-03-21 22:13 UTC, Joe Marcus Clarke 		none Details | Review

Description Joe Marcus Clarke 2007-03-21 22:11:26 UTC 
When more than one keyboard layout is configure,d the keyboard indicator will crash with the following backtrace.

+ Trace 120945

  • #0 idalloc
    at /usr/src/lib/libc/stdlib/malloc.c line 3000
  • #1 free
    at /usr/src/lib/libc/stdlib/malloc.c line 3679
  • #2 IA__g_free
    at gmem.c line 187
  • #3 IA__g_hash_table_insert
    at ghash.c line 347
  • #4 gkbd_indicator_fill
    at gkbd-indicator.c line 310
  • #5 gkbd_indicator_init
    at gkbd-indicator.c line 619
  • #6 IA__g_type_create_instance
    at gtype.c line 1569
  • #7 g_object_constructor
    at gobject.c line 1041
  • #8 IA__g_object_newv
    at gobject.c line 937
  • #9 IA__g_object_new_valist
    at gobject.c line 981
  • #10 IA__g_object_new
    at gobject.c line 795
  • #11 gkbd_indicator_new
    at gkbd-indicator.c line 776
  • #12 GSwitchItAppletNew
    at gswitchit-applet.c line 556
  • #13 panel_applet_marshal_BOOLEAN__STRING
    at panel-applet-marshal.c line 128
  • #14 IA__g_closure_invoke
    at gclosure.c line 490
  • #15 bonobo_closure_invoke_va_list
    at bonobo-types.c line 404
  • #16 bonobo_closure_invoke
    at bonobo-types.c line 467
  • #17 panel_applet_control_bound
    at panel-applet.c line 1377
  • #18 IA__g_cclosure_marshal_VOID__VOID
    at gmarshal.c line 77
  • #19 IA__g_closure_invoke
    at gclosure.c line 490
  • #20 signal_emit_unlocked_R
    at gsignal.c line 2440
  • #21 IA__g_signal_emit_valist
    at gsignal.c line 2199
  • #22 IA__g_signal_emit
    at gsignal.c line 2243
  • #23 impl_Bonobo_Control_setFrame
    at bonobo-control.c line 434
  • #24 _ORBIT_skel_small_Bonobo_Control_setFrame
    at Bonobo-common.c line 584
  • #25 ORBit_POAObject_invoke
    at poa.c line 1142
  • #26 ORBit_OAObject_invoke
    at orbit-adaptor.c line 338
  • #27 ORBit_small_invoke_adaptor
    at orbit-small.c line 844
  • #28 ORBit_POAObject_handle_request
    at poa.c line 1351
  • #29 ORBit_POAObject_invoke_incoming_request
    at poa.c line 1421
  • #30 ORBit_POA_handle_request
    at poa.c line 1643
  • #31 ORBit_handle_request
    at orbit-adaptor.c line 298
  • #32 giop_connection_handle_input
    at giop-recv-buffer.c line 1308
  • #33 link_connection_io_handler
    at linc-connection.c line 1387
  • #34 link_source_dispatch
    at linc-source.c line 159
  • #35 IA__g_main_context_dispatch
    at gmain.c line 2045
  • #36 g_main_context_iterate
    at gmain.c line 2677
  • #37 IA__g_main_loop_run
    at gmain.c line 2881
  • #38 bonobo_main
    at bonobo-main.c line 311
  • #39 bonobo_generic_factory_main_timeout
    at bonobo-generic-factory.c line 411
  • #40 bonobo_generic_factory_main
    at bonobo-generic-factory.c line 368
  • #41 panel_applet_factory_main_closure
    at panel-applet.c line 1757
  • #42 panel_applet_factory_main
    at panel-applet.c line 1781
  • #43 main
    at switch.c line 37
  • #0 idalloc
    at /usr/src/lib/libc/stdlib/malloc.c line 3000
  • #1 free
    at /usr/src/lib/libc/stdlib/malloc.c line 3679
  • #2 IA__g_free
    at gmem.c line 187
  • #3 IA__g_hash_table_insert
    at ghash.c line 347
  • #4 gkbd_indicator_fill
    at gkbd-indicator.c line 310
  • #5 gkbd_indicator_init
    at gkbd-indicator.c line 619
  • #6 IA__g_type_create_instance
    at gtype.c line 1569
  • #7 g_object_constructor
    at gobject.c line 1041
  • #8 IA__g_object_newv
    at gobject.c line 937
  • #9 IA__g_object_new_valist
    at gobject.c line 981
  • #10 IA__g_object_new
    at gobject.c line 795
  • #11 gkbd_indicator_new
    at gkbd-indicator.c line 776
  • #12 GSwitchItAppletNew
    at gswitchit-applet.c line 556
  • #13 panel_applet_marshal_BOOLEAN__STRING
    at panel-applet-marshal.c line 128
  • #14 IA__g_closure_invoke
    at gclosure.c line 490
  • #15 bonobo_closure_invoke_va_list
    at bonobo-types.c line 404
  • #16 bonobo_closure_invoke
    at bonobo-types.c line 467
  • #17 panel_applet_control_bound
    at panel-applet.c line 1377
  • #18 IA__g_cclosure_marshal_VOID__VOID
    at gmarshal.c line 77
  • #19 IA__g_closure_invoke
    at gclosure.c line 490
  • #20 signal_emit_unlocked_R
    at gsignal.c line 2440
  • #21 IA__g_signal_emit_valist
    at gsignal.c line 2199
  • #22 IA__g_signal_emit
    at gsignal.c line 2243
  • #23 impl_Bonobo_Control_setFrame
    at bonobo-control.c line 434
  • #24 _ORBIT_skel_small_Bonobo_Control_setFrame
    at Bonobo-common.c line 584
  • #25 ORBit_POAObject_invoke
    at poa.c line 1142
  • #26 ORBit_OAObject_invoke
    at orbit-adaptor.c line 338
  • #27 ORBit_small_invoke_adaptor
    at orbit-small.c line 844
  • #28 ORBit_POAObject_handle_request
    at poa.c line 1351
  • #29 ORBit_POAObject_invoke_incoming_request
    at poa.c line 1421
  • #30 ORBit_POA_handle_request
    at poa.c line 1643
  • #31 ORBit_handle_request
    at orbit-adaptor.c line 298
  • #32 giop_connection_handle_input
    at giop-recv-buffer.c line 1308
  • #33 link_connection_io_handler
    at linc-connection.c line 1387
  • #34 link_source_dispatch
    at linc-source.c line 159
  • #35 IA__g_main_context_dispatch
    at gmain.c line 2045
  • #36 g_main_context_iterate
    at gmain.c line 2677
  • #37 IA__g_main_loop_run
    at gmain.c line 2881
  • #38 bonobo_main
    at bonobo-main.c line 311
  • #39 bonobo_generic_factory_main_timeout
    at bonobo-generic-factory.c line 411
  • #40 bonobo_generic_factory_main
    at bonobo-generic-factory.c line 368
  • #41 panel_applet_factory_main_closure
    at panel-applet.c line 1757
  • #42 panel_applet_factory_main
    at panel-applet.c line 1781
  • #43 main
    at switch.c line 37 


This is due to static memory being free'd in the hash table (i.e. layout_name is not always dynamically allocated, and thus cannot always be free'd).  The attached patch corrects the problem.
Comment 1 Joe Marcus Clarke 2007-03-21 22:13:20 UTC 
Created attachment 85082 [details] [review]
Fix crash due to improperly free'd memory
Comment 2 Sergey V. Udaltsov 2007-03-22 23:00:19 UTC 
Big thanks for the patch. It is not exactly what's required here - but very close to it. Commited.