GNOME Bugzilla – Bug 532375
strdup() / g_free() confusion
Last modified: 2008-05-10 01:14:10 UTC
Valgrind gave this while using an LD_PRELOAD module to override GMemVTable: ==21254== Invalid free() / delete / delete[] ==21254== at 0x4023B7A: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==21254== by 0x402984F: mp_free (mp.c:458) ==21254== by 0x51E6425: g_free (in /usr/lib/libglib-2.0.so.0.1600.3) ==21254== by 0x8A21CCC: (within /usr/lib/gio/modules/libgiohal-volume-monitor.so) ==21254== by 0x5175D92: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1600.3) ==21254== by 0x8A22A87: (within /usr/lib/gio/modules/libgiohal-volume-monitor.so) ==21254== by 0x8A2C505: (within /usr/lib/gio/modules/libgiohal-volume-monitor.so) ==21254== by 0x41451F8: (within /usr/lib/libgio-2.0.so.0.0.0) ==21254== by 0x520696B: g_once_impl (in /usr/lib/libglib-2.0.so.0.1600.3) ==21254== by 0x414509E: (within /usr/lib/libgio-2.0.so.0.0.0) ==21254== by 0x4145802: g_volume_monitor_get (in /usr/lib/libgio-2.0.so.0.0.0) ==21254== by 0x8017E5B: (within /usr/lib/gtk-2.0/2.10.0/filesystems/libgio.so) ==21254== Address 0x78b91c4 is 4 bytes before a block of size 80 alloc'd ==21254== at 0x4024D5E: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==21254== by 0x52F6CDF: strdup (in /lib/libc-2.8.so) ==21254== by 0x8A5903B: libhal_get_all_devices_with_properties (in /usr/lib/libhal.so.1.0.0) ==21254== by 0x8A22A5B: (within /usr/lib/gio/modules/libgiohal-volume-monitor.so) ==21254== by 0x8A2C505: (within /usr/lib/gio/modules/libgiohal-volume-monitor.so) ==21254== by 0x41451F8: (within /usr/lib/libgio-2.0.so.0.0.0) ==21254== by 0x520696B: g_once_impl (in /usr/lib/libglib-2.0.so.0.1600.3) ==21254== by 0x414509E: (within /usr/lib/libgio-2.0.so.0.0.0) ==21254== by 0x4145802: g_volume_monitor_get (in /usr/lib/libgio-2.0.so.0.0.0) ==21254== by 0x8017E5B: (within /usr/lib/gtk-2.0/2.10.0/filesystems/libgio.so) ==21254== by 0x5193DB4: g_type_create_instance (in /usr/lib/libgobject-2.0.so.0.1600.3) ==21254== by 0x51793A4: (within /usr/lib/libgobject-2.0.so.0.1600.3) It turns out that: 1. libhal_get_all_devices_with_properties() returns strdup()ed udis. 2. gvfs/hal/hal-device.c:hal_device_new_from_udi_and_properties() steals those strings instead of g_strdup()ing them... 3. ... but hal_device_finalize() does g_free() on the udi. The attached patch fixes this by g_strdup()ing the strings instead of stealing them.
Created attachment 110655 [details] [review] gvfs-bgo532375-strdup-gfree-confusion.diff
CCing Andrei Soare, my Summer of Code student who found this bug.
Comment on attachment 110655 [details] [review] gvfs-bgo532375-strdup-gfree-confusion.diff Nice catch, please commit on both gnome-2-22 and trunk. Thanks!
Thanks, committed to both branches. 2008-05-09 Federico Mena Quintero <federico@novell.com> http://bugzilla.gnome.org/show_bug.cgi?id=532375 - Fix strdup() / g_free() confusion. * hal/hal-device.c (hal_device_new_from_udi_and_properties): g_strdup() the UDI. We can't just steal it, since it comes from libhal, which uses strdup() (and we do g_free() in our finalizer).