GNOME Bugzilla – Bug 572121
Invalid read of size 1
Last modified: 2009-02-23 10:05:55 UTC
Running valgrind-check produces following: ==8326== Invalid read of size 1 ==8326== at 0x48EC95A: global_context_finalized (closure.c:110) ==8326== by 0x48EDB66: keep_alive_finalize (keep-alive.c:133) ==8326== by 0x41861C7: js_FinalizeObject (jsobj.c:2874) ==8326== by 0x416EDC9: js_GC (jsgc.c:3328) ==8326== by 0x41542CD: js_DestroyContext (jscntxt.c:421) ==8326== by 0x414BE46: JS_DestroyContext (jsapi.c:1035) ==8326== by 0x402C1BB: gjs_context_dispose (context.c:240) ==8326== by 0x405882B: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1600.6) ==8326== by 0x40ACA5F: g_dataset_id_set_data_full (in /usr/lib/libglib-2.0.so.0.1600.6) ==8326== by 0x402DFF4: gjs_runtime_set_data (jsapi-util.c:56) ==8326== by 0x402E07B: gjs_runtime_clear_load_context (jsapi-util.c:102) ==8326== by 0x402C1E4: gjs_context_dispose (context.c:250) ==8326== Address 0x4ec0e3c is 28 bytes inside a block of size 32 free'd ==8326== at 0x402265C: free (vg_replace_malloc.c:323) ==8326== by 0x40C7B50: g_free (in /usr/lib/libglib-2.0.so.0.1600.6) ==8326== by 0x4056536: g_closure_unref (in /usr/lib/libgobject-2.0.so.0.1600.6) ==8326== by 0x48EC7C4: invalidate_js_pointers (closure.c:89) ==8326== by 0x48EC959: global_context_finalized (closure.c:107) ==8326== by 0x48EDB66: keep_alive_finalize (keep-alive.c:133) ==8326== by 0x41861C7: js_FinalizeObject (jsobj.c:2874) ==8326== by 0x416EDC9: js_GC (jsgc.c:3328) ==8326== by 0x41542CD: js_DestroyContext (jscntxt.c:421) ==8326== by 0x414BE46: JS_DestroyContext (jsapi.c:1035) ==8326== by 0x402C1BB: gjs_context_dispose (context.c:240) ==8326== by 0x405882B: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1600.6)
Created attachment 128899 [details] [review] gi: don't access memory after it's freed When 'unref_on_global_object_finalized' is FALSE, the Closure was freed before the if leading to 'Invalid read of size 1'
Fixed in f9fe8a92e16158ee1b298bbb30f027d7d4bf5167