After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 569240 - Crasher when using markers
Crasher when using markers
Status: RESOLVED FIXED
Product: gtk+
Classification: Platform
Component: Widget: Other
unspecified
Other Linux
: Normal normal
: ---
Assigned To: gtk-bugs
gtk-bugs
Depends on:
Blocks: 565144
 
 
Reported: 2009-01-26 19:32 UTC by Bastien Nocera
Modified: 2009-01-26 20:48 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
gtk-2.15.1-scale-marks-crasher.patch (418 bytes, patch)
2009-01-26 19:33 UTC, Bastien Nocera
committed Details | Review

Description Bastien Nocera 2009-01-26 19:32:39 UTC
In gnome-volume-control (see bug 565144), the use of markers will cause crash on exit.

==29746== Invalid free() / delete / delete[]
==29746==    at 0x4A0609F: free (vg_replace_malloc.c:323)
==29746==    by 0x4FC0D85: _gtk_range_set_stop_values (gtkrange.c:3605)
==29746==    by 0x4FE0CB3: gtk_scale_finalize (gtkscale.c:1176)
==29746==    by 0x343560D958: g_object_unref (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x4EB6432: gtk_box_forall (gtkbox.c:1249)
==29746==    by 0x4EEDB75: gtk_container_destroy (gtkcontainer.c:1066)
==29746==    by 0x343560B77E: g_closure_invoke (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x34356229F6: (within /lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x3435623D08: g_signal_emit_valist (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x3435624272: g_signal_emit (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x4FA89DD: gtk_object_dispose (gtkobject.c:421)
==29746==    by 0x343560DD4F: g_object_run_dispose (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==  Address 0xfae1f08 is 0 bytes inside a block of size 24 free'd
==29746==    at 0x4A0609F: free (vg_replace_malloc.c:323)
==29746==    by 0x4FC31AD: gtk_range_destroy (gtkrange.c:1227)
==29746==    by 0x343560B77E: g_closure_invoke (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x34356229F6: (within /lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x3435623D08: g_signal_emit_valist (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x3435624272: g_signal_emit (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x4FA89DD: gtk_object_dispose (gtkobject.c:421)
==29746==    by 0x343560DD4F: g_object_run_dispose (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x4EB6432: gtk_box_forall (gtkbox.c:1249)
==29746==    by 0x4EEDB75: gtk_container_destroy (gtkcontainer.c:1066)
==29746==    by 0x343560B77E: g_closure_invoke (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x34356229F6: (within /lib64/libgobject-2.0.so.0.1902.0)
==29746== 
==29746== Invalid free() / delete / delete[]
==29746==    at 0x4A0609F: free (vg_replace_malloc.c:323)
==29746==    by 0x4FC0DB9: _gtk_range_set_stop_values (gtkrange.c:3608)
==29746==    by 0x4FE0CB3: gtk_scale_finalize (gtkscale.c:1176)
==29746==    by 0x343560D958: g_object_unref (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x4EB6432: gtk_box_forall (gtkbox.c:1249)
==29746==    by 0x4EEDB75: gtk_container_destroy (gtkcontainer.c:1066)
==29746==    by 0x343560B77E: g_closure_invoke (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x34356229F6: (within /lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x3435623D08: g_signal_emit_valist (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x3435624272: g_signal_emit (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x4FA89DD: gtk_object_dispose (gtkobject.c:421)
==29746==    by 0x343560DD4F: g_object_run_dispose (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==  Address 0xfae1f50 is 0 bytes inside a block of size 12 free'd
==29746==    at 0x4A0609F: free (vg_replace_malloc.c:323)
==29746==    by 0x4FC31C0: gtk_range_destroy (gtkrange.c:1228)
==29746==    by 0x343560B77E: g_closure_invoke (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x34356229F6: (within /lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x3435623D08: g_signal_emit_valist (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x3435624272: g_signal_emit (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x4FA89DD: gtk_object_dispose (gtkobject.c:421)
==29746==    by 0x343560DD4F: g_object_run_dispose (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x4EB6432: gtk_box_forall (gtkbox.c:1249)
==29746==    by 0x4EEDB75: gtk_container_destroy (gtkcontainer.c:1066)
==29746==    by 0x343560B77E: g_closure_invoke (in
/lib64/libgobject-2.0.so.0.1902.0)
==29746==    by 0x34356229F6: (within /lib64/libgobject-2.0.so.0.1902.0)

Attached patch fixes the crash.
Comment 1 Bastien Nocera 2009-01-26 19:33:18 UTC
Created attachment 127283 [details] [review]
gtk-2.15.1-scale-marks-crasher.patch
Comment 2 Matthias Clasen 2009-01-26 19:55:32 UTC
Thanks, please commit
Comment 3 Bastien Nocera 2009-01-26 20:48:18 UTC
2009-01-26  Bastien Nocera  <hadess@hadess.net>

	Bug 569240 - Crasher when using markers

	* gtk/gtkrange.c (gtk_range_destroy): Avoid crashes when destroying
	a GtkRange with markers