GNOME Bugzilla – Bug 511208
e-d-s free-memory read/write ...
Last modified: 2008-04-03 08:11:52 UTC
BNC bug http://bugzilla.gnome.org/show_bug.cgi?id=324810 Valgrind traces libecal-Message: get_period_list(): Unknown value for period 20068; using DATETIME (evolution-data-server:6154): libsoup-CRITICAL **: soup_soap_parameter_get_first_child_by_name: assertion `param != NULL' failed [ ten copies of the above ] libecalbackendgroupwise-Message: e-cal-backend-groupwise.c:1526: Starting query (#t) libecalbackendgroupwise-Message: e-cal-backend-groupwise.c:1480: Getting object list (#t) libecalbackendgroupwise-Message: e-cal-backend-groupwise.c:1526: Starting query ((and (occur-in-time-range? (make-time "20070722T230000Z") (make-time "20070727T230000Z")) #t)) libecalbackendgroupwise-Message: e-cal-backend-groupwise.c:1480: Getting object list ((and (occur-in-time-range? (make-time "20070722T230000Z") (make-time "20070727T230000Z")) #t)) ==6154== ==6154== Thread 1: ==6154== Invalid read of size 1 ==6154== at 0x436AF98: icalparser_string_line_generator (icalparser.c:1075) ==6154== by 0x436B27C: icalparser_get_line (icalparser.c:473) ==6154== by 0x436C0A3: icalparser_parse (icalparser.c:585) ==6154== by 0x436C331: icalparser_parse_string (icalparser.c:1118) ==6154== by 0x42F87E7: e_cal_backend_cache_get_components (e-cal-backend-cache.c:436) ==6154== by 0x52C85DE: e_cal_backend_groupwise_get_object_list (e-cal-backend-groupwise.c:1492) ==6154== by 0x52C8A96: e_cal_backend_groupwise_start_query (e-cal-backend-groupwise.c:1528) ==6154== by 0x42F60BE: e_cal_backend_start_query (e-cal-backend.c:691) ==6154== by 0x4302828: impl_EDataCalView_start (e-data-cal-view.c:255) ==6154== by 0x42F03A5: _ORBIT_skel_small_GNOME_Evolution_Calendar_CalView_start (Evolution-DataServer-Calendar-common.c:16) ==6154== by 0x4AD36A6: (within /opt/gnome/lib/libORBit-2.so.0.0.0) ==6154== by 0x4AD9874: ORBit_OAObject_invoke (in /opt/gnome/lib/libORBit-2.so.0.0.0) ==6154== Address 0x18177090 is not stack'd, malloc'd or (recently) free'd ==6154== ==6154== Invalid read of size 1 ==6154== at 0x402231A: index (mc_replace_strmem.c:160) ==6154== by 0x436AFC3: icalparser_string_line_generator (icalparser.c:1079) ==6154== by 0x436B27C: icalparser_get_line (icalparser.c:473) ==6154== by 0x436C0A3: icalparser_parse (icalparser.c:585) ==6154== by 0x436C331: icalparser_parse_string (icalparser.c:1118) ==6154== by 0x42F87E7: e_cal_backend_cache_get_components (e-cal-backend-cache.c:436) ==6154== by 0x52C85DE: e_cal_backend_groupwise_get_object_list (e-cal-backend-groupwise.c:1492) ==6154== by 0x52C8A96: e_cal_backend_groupwise_start_query (e-cal-backend-groupwise.c:1528) ==6154== by 0x42F60BE: e_cal_backend_start_query (e-cal-backend.c:691) ==6154== by 0x4302828: impl_EDataCalView_start (e-data-cal-view.c:255) ==6154== by 0x42F03A5: _ORBIT_skel_small_GNOME_Evolution_Calendar_CalView_start (Evolution-DataServer-Calendar-common.c:16) ==6154== by 0x4AD36A6: (within /opt/gnome/lib/libORBit-2.so.0.0.0) ==6154== Address 0x18177090 is not stack'd, malloc'd or (recently) free'd ==6154== ==6154== Invalid read of size 1 ==6154== at 0x4022326: index (mc_replace_strmem.c:160) ==6154== by 0x436AFC3: icalparser_string_line_generator (icalparser.c:1079) ==6154== by 0x436B27C: icalparser_get_line (icalparser.c:473) ==6154== by 0x436C0A3: icalparser_parse (icalparser.c:585) ==6154== by 0x436C331: icalparser_parse_string (icalparser.c:1118) ==6154== by 0x42F87E7: e_cal_backend_cache_get_components (e-cal-backend-cache.c:436) ==6154== by 0x52C85DE: e_cal_backend_groupwise_get_object_list (e-cal-backend-groupwise.c:1492) ==6154== by 0x52C8A96: e_cal_backend_groupwise_start_query (e-cal-backend-groupwise.c:1528) ==6154== by 0x42F60BE: e_cal_backend_start_query (e-cal-backend.c:691) ==6154== by 0x4302828: impl_EDataCalView_start (e-data-cal-view.c:255) ==6154== by 0x42F03A5: _ORBIT_skel_small_GNOME_Evolution_Calendar_CalView_start (Evolution-DataServer-Calendar-common.c:16) ==6154== by 0x4AD36A6: (within /opt/gnome/lib/libORBit-2.so.0.0.0) ==6154== Address 0x18177091 is not stack'd, malloc'd or (recently) free'd ==6154== ==6154== Invalid read of size 1 ==6154== at 0x4023617: strncpy (mc_replace_strmem.c:291) ==6154== by 0x436AFED: icalparser_string_line_generator (string3.h:143) ==6154== by 0x436B27C: icalparser_get_line (icalparser.c:473) ==6154== by 0x436C0A3: icalparser_parse (icalparser.c:585) ==6154== by 0x436C331: icalparser_parse_string (icalparser.c:1118) ==6154== by 0x42F87E7: e_cal_backend_cache_get_components (e-cal-backend-cache.c:436) ==6154== by 0x52C85DE: e_cal_backend_groupwise_get_object_list (e-cal-backend-groupwise.c:1492) ==6154== by 0x52C8A96: e_cal_backend_groupwise_start_query (e-cal-backend-groupwise.c:1528) ==6154== by 0x42F60BE: e_cal_backend_start_query (e-cal-backend.c:691) ==6154== by 0x4302828: impl_EDataCalView_start (e-data-cal-view.c:255) ==6154== by 0x42F03A5: _ORBIT_skel_small_GNOME_Evolution_Calendar_CalView_start (Evolution-DataServer-Calendar-common.c:16) ==6154== by 0x4AD36A6: (within /opt/gnome/lib/libORBit-2.so.0.0.0) ==6154== Address 0x18177090 is not stack'd, malloc'd or (recently) free'd ==6154== ==6154== Invalid read of size 1 ==6154== at 0x4023626: strncpy (mc_replace_strmem.c:291) ==6154== by 0x436AFED: icalparser_string_line_generator (string3.h:143) ==6154== by 0x436B27C: icalparser_get_line (icalparser.c:473) ==6154== by 0x436C0A3: icalparser_parse (icalparser.c:585) ==6154== by 0x436C331: icalparser_parse_string (icalparser.c:1118) ==6154== by 0x42F87E7: e_cal_backend_cache_get_components (e-cal-backend-cache.c:436) ==6154== by 0x52C85DE: e_cal_backend_groupwise_get_object_list (e-cal-backend-groupwise.c:1492) ==6154== by 0x52C8A96: e_cal_backend_groupwise_start_query (e-cal-backend-groupwise.c:1528) ==6154== by 0x42F60BE: e_cal_backend_start_query (e-cal-backend.c:691) ==6154== by 0x4302828: impl_EDataCalView_start (e-data-cal-view.c:255) ==6154== by 0x42F03A5: _ORBIT_skel_small_GNOME_Evolution_Calendar_CalView_start (Evolution-DataServer-Calendar-common.c:16) ==6154== by 0x4AD36A6: (within /opt/gnome/lib/libORBit-2.so.0.0.0) ==6154== Address 0x18177091 is not stack'd, malloc'd or (recently) free'd ==6154== ==6154== Invalid read of size 1 ==6154== at 0x40224D8: strlen (mc_replace_strmem.c:242) ==6154== by 0x436B010: icalparser_string_line_generator (icalparser.c:1082) ==6154== by 0x436B27C: icalparser_get_line (icalparser.c:473) ==6154== by 0x436C0A3: icalparser_parse (icalparser.c:585) ==6154== by 0x436C331: icalparser_parse_string (icalparser.c:1118) ==6154== by 0x42F87E7: e_cal_backend_cache_get_components (e-cal-backend-cache.c:436) ==6154== by 0x52C85DE: e_cal_backend_groupwise_get_object_list (e-cal-backend-groupwise.c:1492) ==6154== by 0x52C8A96: e_cal_backend_groupwise_start_query (e-cal-backend-groupwise.c:1528) ==6154== by 0x42F60BE: e_cal_backend_start_query (e-cal-backend.c:691) ==6154== by 0x4302828: impl_EDataCalView_start (e-data-cal-view.c:255) ==6154== by 0x42F03A5: _ORBIT_skel_small_GNOME_Evolution_Calendar_CalView_start (Evolution-DataServer-Calendar-common.c:16) ==6154== by 0x4AD36A6: (within /opt/gnome/lib/libORBit-2.so.0.0.0) ==6154== Address 0x92f9ec8 is 0 bytes inside a block of size 21 free'd ==6154== at 0x402124F: free (vg_replace_malloc.c:320) ==6154== by 0x4B92891: g_free (gmem.c:187) ==6154== by 0x43D5AE3: e_xmlhash_remove (e-xml-hash-utils.c:252) ==6154== by 0x43C5F36: e_file_cache_remove_object (e-file-cache.c:426) ==6154== by 0x43C6143: e_file_cache_replace_object (e-file-cache.c:404) ==6154== by 0x42F7D89: e_cal_backend_cache_put_server_utc_time (e-cal-backend-cache.c:786) ==6154== by 0x52CBE6B: get_deltas (e-cal-backend-groupwise.c:436) ==6154== by 0x52CCAFD: cache_init (e-cal-backend-groupwise.c:750) ==6154== by 0x4BA99DE: g_thread_create_proxy (gthread.c:564) ==6154== by 0x4C2E2AA: start_thread (in /lib/libpthread-2.4.so) ==6154== by 0x4CFCA4D: clone (in /lib/libc-2.4.so) ==6154== ==6154== Invalid read of size 1 ==6154== at 0x40224E3: strlen (mc_replace_strmem.c:242) ==6154== by 0x436B010: icalparser_string_line_generator (icalparser.c:1082) ==6154== by 0x436B27C: icalparser_get_line (icalparser.c:473) ==6154== by 0x436C0A3: icalparser_parse (icalparser.c:585) ==6154== by 0x436C331: icalparser_parse_string (icalparser.c:1118) ==6154== by 0x42F87E7: e_cal_backend_cache_get_components (e-cal-backend-cache.c:436) ==6154== by 0x52C85DE: e_cal_backend_groupwise_get_object_list (e-cal-backend-groupwise.c:1492) ==6154== by 0x52C8A96: e_cal_backend_groupwise_start_query (e-cal-backend-groupwise.c:1528) ==6154== by 0x42F60BE: e_cal_backend_start_query (e-cal-backend.c:691) ==6154== by 0x4302828: impl_EDataCalView_start (e-data-cal-view.c:255) ==6154== by 0x42F03A5: _ORBIT_skel_small_GNOME_Evolution_Calendar_CalView_start (Evolution-DataServer-Calendar-common.c:16) ==6154== by 0x4AD36A6: (within /opt/gnome/lib/libORBit-2.so.0.0.0) ==6154== Address 0x92f9ec9 is 1 bytes inside a block of size 21 free'd ==6154== at 0x402124F: free (vg_replace_malloc.c:320) ==6154== by 0x4B92891: g_free (gmem.c:187) ==6154== by 0x43D5AE3: e_xmlhash_remove (e-xml-hash-utils.c:252) ==6154== by 0x43C5F36: e_file_cache_remove_object (e-file-cache.c:426) ==6154== by 0x43C6143: e_file_cache_replace_object (e-file-cache.c:404) ==6154== by 0x42F7D89: e_cal_backend_cache_put_server_utc_time (e-cal-backend-cache.c:786) ==6154== by 0x52CBE6B: get_deltas (e-cal-backend-groupwise.c:436) ==6154== by 0x52CCAFD: cache_init (e-cal-backend-groupwise.c:750) ==6154== by 0x4BA99DE: g_thread_create_proxy (gthread.c:564) ==6154== by 0x4C2E2AA: start_thread (in /lib/libpthread-2.4.so) ==6154== by 0x4CFCA4D: clone (in /lib/libc-2.4.so) (evolution-data-server:6154): GLib-CRITICAL **: g_ascii_strcasecmp: assertion `s1 != NULL' failed (evolution-data-server:6154): GLib-CRITICAL **: g_ascii_strcasecmp: assertion `s1 != NULL' failed (evolution-data-server:6154): GLib-CRITICAL **: g_ascii_strcasecmp: assertion `s1 != NULL' failed (evolution-data-server:6154): GLib-CRITICAL **: g_ascii_strcasecmp: assertion `s1 != NULL' failed (evolution-data-server:6154): GLib-CRITICAL **: g_ascii_strcasecmp: assertion `s1 != NULL' failed
==26379== ==26379== Invalid read of size 1 ==26379== at 0x4434926: make_segment (icalparser.c:215) ==26379== by 0x4434B03: icalparser_get_param_name (icalparser.c:271) ==26379== by 0x4434EED: icalparser_add_line (icalparser.c:835) ==26379== by 0x44355E5: icalparser_parse (icalparser.c:587) ==26379== by 0x4435881: icalparser_parse_string (icalparser.c:1121) ==26379== by 0x43BFC38: e_cal_backend_cache_get_components (e-cal-backend-cache.c:492) ==26379== by 0x52B829E: e_cal_backend_groupwise_get_object_list (e-cal-backend-groupwise.c:1614) ==26379== by 0x52B8756: e_cal_backend_groupwise_start_query (e-cal-backend-groupwise.c:1650) ==26379== by 0x43BD367: e_cal_backend_start_query (e-cal-backend.c:693) ==26379== by 0x43CA8F7: impl_EDataCalView_start (e-data-cal-view.c:254) ==26379== by 0x43B7415: _ORBIT_skel_small_GNOME_Evolution_Calendar_CalView_start (Evolution-DataServer-Calendar-common.c:16) ==26379== by 0x4B1A007: ORBit_POAObject_invoke (poa.c:1142) ==26379== Address 0x78C2FC7 is 1 bytes before a block of size 200 alloc'd ==26379== at 0x4022825: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==26379== by 0x44333A1: icalmemory_tmp_buffer (icalmemory.c:187) ==26379== by 0x4434904: make_segment (icalparser.c:208) ==26379== by 0x4434B03: icalparser_get_param_name (icalparser.c:271) ==26379== by 0x4434EED: icalparser_add_line (icalparser.c:835) ==26379== by 0x44355E5: icalparser_parse (icalparser.c:587) ==26379== by 0x4435881: icalparser_parse_string (icalparser.c:1121) ==26379== by 0x43BFC38: e_cal_backend_cache_get_components (e-cal-backend-cache.c:492) ==26379== by 0x52B829E: e_cal_backend_groupwise_get_object_list (e-cal-backend-groupwise.c:1614) ==26379== by 0x52B8756: e_cal_backend_groupwise_start_query (e-cal-backend-groupwise.c:1650) ==26379== by 0x43BD367: e_cal_backend_start_query (e-cal-backend.c:693) ==26379== by 0x43CA8F7: impl_EDataCalView_start (e-data-cal-view.c:254) ==26379== A similar stack trace which I found while trying to reproduce this bug.
Created attachment 103414 [details] [review] Fixes the trace at comment #1
Chen there is a leak in your fix. + dn = g_strndup (display_name, (dn - display_name)); + dn = g_strdelimit (dn, "\"", ' '); the first g_strdup is leaked. Otherwise looks fine to commit. Fix that and commit dude.
(In reply to comment #3) > Chen there is a leak in your fix. > > + dn = g_strndup (display_name, (dn - display_name)); > + dn = g_strdelimit (dn, "\"", ' '); > > the first g_strdup is leaked. Otherwise looks fine to commit. Fix that and > commit dude. This is not a leak since g_strdelimit modifies the characters in the string in place.
Fix has been committed.
Bumping version to a stable release.
As per comment#5 fix has been committed.