GNOME Bugzilla – Bug 680380
attempt to release non-allocated block (Glib/Gtk3)
Last modified: 2012-08-16 18:51:38 UTC
Hi, I don't know if this problem is in Glib bindings or Gtk3 or something else, however the bug is caused directly by a function from Glib, let me try here (also I don't see Gtk3 component under gnome-perl). I make a little app with Perl, using Gtk3 and I get "random" memory corruption. While I was trying to debug it, I found this helpful way: ran it with G_SLICE=debug-blocks and the script aborts with such message: GSlice: MemChecker: attempt to release non-allocated block: 0x<address> size=16 which looks like a bug. Please see a minimal script that can be used to reproduce the issue (100% reproducible on my system). It also contains C code doing similar and the latter works without problem. Thanks! glib (library) 2.32.1 Perl 5.12.4 Glib 1.260 and 1.261 Cairo::Gobject 1.001 Glib::Object::Introspection 0.009 and 0.010 Gtk3 0.006 and 0.007 Glib-1.261/GBoxed.xs - function default_boxed_destroy: I removed the "NOISY" thing to get the additional message here and got: $ G_SLICE=debug-blocks perl test.pl default_boxed_destroy wrapper 0x9467ed0 --- GtkTreeIter 0x946a460 GSlice: MemChecker: attempt to release non-allocated block: 0x946a460 size=16 also, a backstrace with that test.pl: G_SLICE=debug-blocks gdb perl Using host libthread_db library "/lib/libthread_db.so.1". GSlice: MemChecker: attempt to release non-allocated block: 0x889bab8 size=16 Program received signal SIGABRT, Aborted. 0xb7fde430 in __kernel_vsyscall () (gdb) bt
+ Trace 230551
Created attachment 219390 [details] test script
Nice catch! For some reason, valgrind doesn't see this. The problem is that for caller-allocated out-arguments (like GtkTreeIter), we always use malloc(): <http://git.gnome.org/browse/perl-Glib-Object-Introspection/tree/gperl-i11n-invoke-c.c#n280>. But GtkTreeIter is set up to allocate and free itself via GSlice. I think we will need to change allocate_out_mem() to use g_boxed_copy() on the memory that was allocated with malloc(); afterwards, we can free() the original memory block. This will ensure that the right allocator is used.
Created attachment 221184 [details] [review] Use the correct allocator for caller-allocated boxed out-args Previously, we simply always used malloc(). But for a boxed type, which has an associated custom free function, this might not be the correct allocator. For example, GtkTreeIter uses GSlice. Make an extra copy of the malloc()-ed block to ensure consistency.
Can you try the above patch to see if it fixes the issue for you too?
Great work! I have tried the patch with 0.010 and 0.011 and with both versions the issues are fixed: it doesn't crash with 'debug-blocks', and also memory corruption (with messages like: ***MEMORY-ERROR***: XXXX.pl[XXXX]: GSlice: assertion failed: sinfo->n_allocated > 0) I mentioned above seems to be gone.
Alright, committed. Thanks for the report. Attachment 221184 [details] pushed as 1e4f04c - Use the correct allocator for caller-allocated boxed out-args