After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 312448 - Double free or corruption choosing a recent image that no longer exists
Double free or corruption choosing a recent image that no longer exists
Status: RESOLVED FIXED
Product: eog
Classification: Core
Component: general
git master
Other All
: High critical
: ---
Assigned To: EOG Maintainers
EOG Maintainers
Depends on:
Blocks:
 
 
Reported: 2005-08-03 09:07 UTC by Jesús Corrius
Modified: 2005-10-24 02:37 UTC
See Also:
GNOME target: ---
GNOME version: 2.11/2.12

Attachments
test case. (786 bytes, patch)
2005-10-23 14:17 UTC, Claudio Saavedra 		none Details | Review

Description Jesús Corrius 2005-08-03 09:07:26 UTC 
Please describe the problem:
When I select an item in the recent file menú that no longer exists, I get the
"File does not exist" dialog and then the following message in my terminal:

*** glibc detected *** double free or corruption (fasttop): 0x083e2108 ***

Then the aplication freezes.

Steps to reproduce:
1. Open an image
2. Close it
3. Delete the image using nautilus 
4. Select the deleted image from the recent items list.


Actual results:
The application freezes

Expected results:
Nothing

Does this happen every time?
Yes

Other information:
Comment 1 Brent Smith (smitten) 2005-08-03 18:05:30 UTC 
I can confirm this using jhbuild GNOME 2.11.90.  Setting priority and severity
appropriately.
Comment 2 Emmanuel Touzery 2005-10-17 06:32:17 UTC 
I also got that on EOG in ubuntu 5.10 (released version). I got a stacktrace in GDB:

*** glibc detected *** double free or corruption (!prev): 0x082b4d58 ***

Program received signal SIGABRT, Aborted.

+ Trace 63568

Thread NaN (LWP 11217)

  • #0 __kernel_vsyscall
  • #1 raise
    from /lib/tls/i686/cmov/libc.so.6
  • #2 abort
    from /lib/tls/i686/cmov/libc.so.6
  • #3 __fsetlocking
    from /lib/tls/i686/cmov/libc.so.6
  • #4 malloc_trim
    from /lib/tls/i686/cmov/libc.so.6
  • #5 free
    from /lib/tls/i686/cmov/libc.so.6
  • #6 g_free
    from /usr/lib/libglib-2.0.so.0
  • #7 _start
  • #8 ??
  • #9 ??
  • #10 ??
  • #11 ??
    from /usr/lib/libgobject-2.0.so.0
  • #12 ??
    from /usr/lib/libgobject-2.0.so.0
  • #13 _start
  • #14 ??
  • #15 g_cclosure_marshal_VOID__POINTER
    from /usr/lib/libgobject-2.0.so.0
  • #16 g_cclosure_marshal_VOID__POINTER
    from /usr/lib/libgobject-2.0.so.0
  • #17 g_cclosure_new_swap
    from /usr/lib/libgobject-2.0.so.0
  • #18 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #19 g_signal_stop_emission
    from /usr/lib/libgobject-2.0.so.0
  • #20 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #21 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #22 eog_window_get_type
  • #23 g_cclosure_marshal_VOID__BOXED
    from /usr/lib/libgobject-2.0.so.0
  • #24 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #25 g_signal_stop_emission
    from /usr/lib/libgobject-2.0.so.0
  • #26 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #27 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #28 egg_recent_view_gtk_get_type
  • #29 g_cclosure_marshal_VOID__VOID
    from /usr/lib/libgobject-2.0.so.0
  • #30 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #31 g_signal_stop_emission
    from /usr/lib/libgobject-2.0.so.0
  • #32 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #33 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #34 gtk_widget_activate
    from /usr/lib/libgtk-x11-2.0.so.0
  • #35 gtk_menu_shell_activate_item
    from /usr/lib/libgtk-x11-2.0.so.0
  • #36 gtk_menu_shell_activate_item
    from /usr/lib/libgtk-x11-2.0.so.0
  • #37 gtk_menu_reorder_child
    from /usr/lib/libgtk-x11-2.0.so.0
  • #38 _gtk_marshal_BOOLEAN__BOXED
    from /usr/lib/libgtk-x11-2.0.so.0
  • #39 g_cclosure_new_swap
    from /usr/lib/libgobject-2.0.so.0
  • #40 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #41 g_signal_stop_emission
    from /usr/lib/libgobject-2.0.so.0
  • #42 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #43 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #44 gtk_widget_activate
    from /usr/lib/libgtk-x11-2.0.so.0
  • #45 gtk_propagate_event
    from /usr/lib/libgtk-x11-2.0.so.0
  • #46 gtk_main_do_event
    from /usr/lib/libgtk-x11-2.0.so.0
  • #47 _gdk_events_queue
    from /usr/lib/libgdk-x11-2.0.so.0
  • #48 g_main_context_dispatch
    from /usr/lib/libglib-2.0.so.0
  • #49 g_main_context_check
    from /usr/lib/libglib-2.0.so.0
  • #50 g_main_loop_run
    from /usr/lib/libglib-2.0.so.0
  • #51 gtk_main
    from /usr/lib/libgtk-x11-2.0.so.0
  • #52 main 






Comment 3


Claudio Saavedra





          2005-10-23 14:16:41 UTC
        



I've reproduced the bug in CVS HEAD version. I did a little test and found that
a list is corrupted during after the emision of the "open_uri_list" signal,
probably while the dialog "File not found" is shown.

I get the following output when applying the attached patch.

<output>
claudio@dijkstra:~/cvs/gnome2head/eog/shell$ ./eog
setting window size: 768/620
data: file:///home/claudio/P1030175.JPG
pre-clean: \uffff\uffff:///home/claudio/P1030175.JPG
*** glibc detected *** double free or corruption (fasttop): 0x08292ca0 ***
</output>

Commenting out the line 2196 in eog-window.c, so the data in the list doesn't
get freed, evitates the program to crash.







Comment 4


Claudio Saavedra





          2005-10-23 14:17:46 UTC
        



Created attachment 53787 [details] [review]
test case.






Comment 5


Lucas Rocha





          2005-10-24 02:37:23 UTC
        



Fixed in HEAD and gnome-2-12 branch. Thanks!