GNOME Bugzilla – Bug 315008
Invalid read / crash in nautilus
Last modified: 2005-09-13 19:31:19 UTC
Valgrind reported this when right clicking on an mpeg file and mucking around in the different tabs there: ==4029== Invalid read of size 4 ==4029== at 0x1D999D4C: gst_element_get_factory (gstelement.c:3093) ==4029== by 0x1D819228: bacon_video_widget_signal_idler (bacon-video-widget-gst.c:839) ==4029== by 0x1C88D8B7: g_idle_dispatch (gmain.c:3813) ==4029== by 0x1C88B715: g_main_context_dispatch (gmain.c:1934) ==4029== by 0x1C88E4E5: g_main_context_iterate (gmain.c:2565) ==4029== by 0x1C88E9E6: g_main_loop_run (gmain.c:2769) ==4029== by 0x1BEAEB38: gtk_main (gtkmain.c:976) ==4029== by 0x8071F09: main (nautilus-main.c:435) ==4029== Address 0x1E41F028 is 0 bytes inside a block of size 12 free'd ==4029== at 0x1B90237F: free (vg_replace_malloc.c:235) ==4029== by 0x1C891CED: g_free (gmem.c:187) ==4029== by 0x1C2B2B79: gnome_vfs_uri_get_parent (gnome-vfs-uri.c:1333) ==4029== by 0x1B9468A0: nautilus_file_get_internal (nautilus-file.c:375) ==4029== by 0x1B9390E9: nautilus_directory_get_existing_corresponding_file (nautilus-directory.c:461) ==4029== by 0x1B939114: nautilus_directory_get_corresponding_file (nautilus-directory.c:439) ==4029== by 0x1B946EF4: nautilus_file_get_parent (nautilus-file.c:616) ==4029== by 0x80AFB6A: fm_list_model_get_value (fm-list-model.c:315) ==4029== by 0x1BF4F404: gtk_tree_model_get_value (gtktreemodel.c:1077) ==4029== by 0x1BF75F7A: gtk_tree_view_column_cell_set_cell_data (gtktreeviewcolumn.c:2548) ==4029== by 0x1BF66EB3: gtk_tree_view_expose (gtktreeview.c:3617) ==4029== by 0x1BEB0BAE: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:83) ==4029== by 0x1C81E34C: g_type_class_meta_marshal (gclosure.c:569) ==4029== by 0x1C81E935: g_closure_invoke (gclosure.c:492) ==4029== by 0x1C82CCEA: signal_emit_unlocked_R (gsignal.c:2523) ==4029== by 0x1C82DBDF: g_signal_emit_valist (gsignal.c:2254) ==4029== by 0x1C82E1B6: g_signal_emit (gsignal.c:2288) ==4029== by 0x1BF8282D: gtk_widget_event_internal (gtkwidget.c:3735) ==4029== by 0x1BEAF98B: gtk_main_do_event (gtkmain.c:1355) ==4029== by 0x1C076DF5: gdk_window_process_updates_internal (gdkwindow.c:2215) ==4029== by 0x1C076ED9: gdk_window_process_all_updates (gdkwindow.c:2268) ==4029== by 0x1BE32FFA: gtk_container_idle_sizer (gtkcontainer.c:1117) ==4029== by 0x1C88D8B7: g_idle_dispatch (gmain.c:3813) ==4029== by 0x1C88B715: g_main_context_dispatch (gmain.c:1934) ==4029== by 0x1C88E4E5: g_main_context_iterate (gmain.c:2565) ==4029== by 0x1C88E9E6: g_main_loop_run (gmain.c:2769) ==4029== by 0x1BEAEB38: gtk_main (gtkmain.c:976) ==4029== by 0x8071F09: main (nautilus-main.c:435)
Created attachment 51645 [details] [review] blind shot of a patch This *seems* to have cured the problem for me, but this is just a shot in the dark...
If you want to try to reproduce you can get the file in question here: http://www.gnome.org/~kmaraas/poolshot.mpg
+ new_uri->text = NULL; new_uri->text = new_uri_text; How can this ever affect anything at all? Furthermore, this seems like a bug in the video thumbnailer, not gnome-vfs. It seems like its keeping around a reference to the string of a GnomeVFSUri it doesn't own.
It can't of course :-) I'll look into it some more when I have time.
Looks the same problem as this later one. *** This bug has been marked as a duplicate of 314803 ***