Bug 360736 – crash due to incorrect free call

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 360736 - crash due to incorrect free call


Summary:	crash due to incorrect free call


Status:	RESOLVED FIXED

Product:	vino
Classification:	Applications
Component:	Server
Version:	2.16.x
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Vino Maintainer(s)
QA Contact:	Vino Maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2006-10-08 20:15 UTC by Sebastien Bacher
Modified:	2006-10-10 10:46 UTC

See Also:
GNOME target:	---
GNOME version:	2.15/2.16

Attachments
fixes the issue (1018 bytes, patch) 2006-10-08 20:19 UTC, Sebastien Bacher	none	Details \| Review

Description Sebastien Bacher 2006-10-08 20:15:54 UTC

That crash has been mentionned on https://launchpad.net/distros/ubuntu/+source/vino/+bug/64461

Steps to get the issue:
* open vino-preferences dialog
* change the password
* close the dialog and open it again
* unset the preference to share the desktop

Log from valgrind:

"==2515== Invalid free() / delete / delete[]
==2515==    at 0x4A20423: free (vg_replace_malloc.c:233)
==2515==    by 0x40AE9B: vino_prefs_vnc_password_changed (vino-prefs.c:226)
==2515==    by 0x56C019C: notify_listeners_callback (gconf-client.c:2384)
==2515==    by 0x56ABE10: notify_listener_list (gconf-listeners.c:589)
==2515==    by 0x56AC010: ltable_notify (gconf-listeners.c:655)
==2515==    by 0x56AB406: gconf_listeners_notify (gconf-listeners.c:184)
==2515==    by 0x56C0225: notify_one_entry (gconf-client.c:2409)
==2515==    by 0x56C0305: gconf_client_flush_notifies (gconf-client.c:2449)
==2515==    by 0x56BFFB0: notify_idle_callback (gconf-client.c:2343)
==2515==    by 0x5DD1C83: g_main_context_dispatch (gmain.c:2045)
==2515==    by 0x5DD4ACC: g_main_context_iterate (gmain.c:2677)
==2515==    by 0x5DD4DD9: g_main_loop_run (gmain.c:2881)
==2515==  Address 0xA914728 is 0 bytes inside a block of size 13 free'd
==2515==    at 0x4A20423: free (vg_replace_malloc.c:233)
==2515==    by 0x40B10A: vino_prefs_init (vino-prefs.c:309)
==2515==    by 0x40A4B6: main (vino-main.c:85)"

Comment 1 Sebastien Bacher 2006-10-08 20:19:15 UTC

Created attachment 74313 [details] [review]
fixes the issue

vino_vnc_password is not set to NULL after being freed so it can be freed again. The patch also drops not required if calls since g_free(var) does nothing when var = NULL

Comment 2 Kjartan Maraas 2006-10-10 10:01:35 UTC

I just reverted the broken leak fix I introduced.

Comment 3 Sebastien Bacher 2006-10-10 10:46:30 UTC

what was wrong about the patch?