Bug 570473 – gthumb write to freed memory

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 570473 - gthumb write to freed memory


Summary:	gthumb write to freed memory


Status:	RESOLVED FIXED

Product:	gthumb
Classification:	Other
Component:	general
Version:	2.10.x
Hardware:	Other opensolaris

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Paolo Bacchilega
QA Contact:	Paolo Bacchilega

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2009-02-04 08:24 UTC by jerry tan
Modified:	2009-02-13 18:32 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
patch for this. (503 bytes, patch) 2009-02-04 08:36 UTC, jerry tan	committed	Details \| Review

Description jerry tan 2009-02-04 08:24:16 UTC

export GNOME_DISABLE_CRASH_DIALOG=1
export LD_PRELOAD=libumem.so
export UMEM_DEBUG=audit=50,guards
export UMEM_LOGGING=transaction,fail

gthumb --veiewer 37902.strip.print.gif

select quit
a core file is generated.

Comment 1 jerry tan 2009-02-04 08:34:26 UTC

The root cause is here:

In image_loader_finalize__step2(), it calls g_free(priv) to free ImageLoaderPrivateData.

But in image_loader_stop__final_step(), 
after call image_loader_finalize__step2() by idle_call_exec, 
it still set "priv->interrupted = FALSE;" 

that's why libumem report error.

Comment 2 jerry tan 2009-02-04 08:36:49 UTC

Created attachment 127911 [details] [review]
patch for this.

Comment 3 Michael Chudobiak 2009-02-13 18:32:00 UTC

Patch committed, thanks!

- Mike