After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 541883 - memory allocated with g_slice_new() is freed with g_free()
memory allocated with g_slice_new() is freed with g_free()
Status: RESOLVED NOTGNOME
Product: pango
Classification: Platform
Component: general
1.20.x
Other All
: Normal critical
: ---
Assigned To: pango-maint
pango-maint
Depends on:
Blocks:
 
 
Reported: 2008-07-07 13:35 UTC by Alban Crequy
Modified: 2008-07-09 15:22 UTC
See Also:
GNOME target: ---
GNOME version: 2.21/2.22

Attachments
Fix for pango 1.20.4 (840 bytes, patch)
2008-07-07 14:14 UTC, Alban Crequy 		rejected Details | Review

Description Alban Crequy 2008-07-07 13:35:17 UTC 
Steps to reproduce:
Randomly, with:
1. Use tic tac tube from darcs get http://darcs.collabora.co.uk/darcs/user/elliot/tictactube/
2. Start a game between 2 players, using Telepathy and Empathy



Stack trace:
== Allocation

./pango/pango-context.c:807:state->embedding_levels = pango_log2vis_get_embedding_levels (text + start_index, length, &base_dir);
-> pango_log2vis_get_embedding_levels
-> #define fribidi_log2vis_get_embedding_levels_new_utf8 _pango_fribidi_log2vis_get_embedding_levels_new_utf8 
-> _pango_fribidi_log2vis_get_embedding_levels_new_utf8
-> new_type_link
-> g_slice_alloc0

== Free

./pango/pango-context.c:1409:itemize_state_finish()
-> g_free (state->embedding_levels);


Other information:
Comment 1 Alban Crequy 2008-07-07 14:14:17 UTC 
Created attachment 114121 [details] [review]
Fix for pango 1.20.4
Comment 2 Alban Crequy 2008-07-09 12:23:38 UTC 
FYI I also reported this bug in Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489815
Comment 3 Behdad Esfahbod 2008-07-09 15:22:13 UTC 
This makes absolutely no sense.  The g_slice'd memory is not returned by fribidi_log2vis_get_embedding_levels_new_utf8.  This is the code interesting code:

FRIBIDI_API FriBidiLevel *
fribidi_log2vis_get_embedding_levels_new_utf8 ( /* input */
                                       const char *str,
                                       int bytelen,
                                       FriBidiCharType *pbase_dir)
{
  TypeLink *type_rl_list, *pp;
  FriBidiLevel max_level, *embedding_level_list;
  FriBidiStrIndex len;

  DBG ("Entering fribidi_log2vis_get_embedding_levels()\n");

  if (bytelen == 0)
    {
      DBG ("Leaving fribidi_log2vis_get_embedding_levels()\n");
      return NULL;
    }

  if (!fribidi_analyse_string_utf8 (str, bytelen, pbase_dir,
                          /* output */
                          &len, &type_rl_list, &max_level))
    {
     /* unidirectional.  return all-zero or all-one embedding levels */

     if (max_level)
       {
         embedding_level_list = g_new (FriBidiLevel, len);
         /* assumes sizeof(FriBidiLevel) == 1, which is true! */
         memset (embedding_level_list, max_level, len);
         return embedding_level_list;
       }
     else
       {
         return g_new0 (FriBidiLevel, len);
       }
    }

  embedding_level_list = g_new (FriBidiLevel, len);
  for (pp = type_rl_list->next; pp->next; pp = pp->next)
    {
      FriBidiStrIndex i, pos = RL_POS (pp), len = RL_LEN (pp);
      FriBidiLevel level = RL_LEVEL (pp);
      for (i = 0; i < len; i++)
        embedding_level_list[pos + i] = level;
    }

  free_rl_list (type_rl_list);

  DBG ("Leaving fribidi_log2vis_get_embedding_levels()\n");
  return embedding_level_list;
}


Your program is corrupting memory somewhere AFAIC.