GNOME Bugzilla – Bug 569240
Crasher when using markers
Last modified: 2009-01-26 20:48:18 UTC
In gnome-volume-control (see bug 565144), the use of markers will cause crash on exit. ==29746== Invalid free() / delete / delete[] ==29746== at 0x4A0609F: free (vg_replace_malloc.c:323) ==29746== by 0x4FC0D85: _gtk_range_set_stop_values (gtkrange.c:3605) ==29746== by 0x4FE0CB3: gtk_scale_finalize (gtkscale.c:1176) ==29746== by 0x343560D958: g_object_unref (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x4EB6432: gtk_box_forall (gtkbox.c:1249) ==29746== by 0x4EEDB75: gtk_container_destroy (gtkcontainer.c:1066) ==29746== by 0x343560B77E: g_closure_invoke (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x34356229F6: (within /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x3435623D08: g_signal_emit_valist (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x3435624272: g_signal_emit (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x4FA89DD: gtk_object_dispose (gtkobject.c:421) ==29746== by 0x343560DD4F: g_object_run_dispose (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== Address 0xfae1f08 is 0 bytes inside a block of size 24 free'd ==29746== at 0x4A0609F: free (vg_replace_malloc.c:323) ==29746== by 0x4FC31AD: gtk_range_destroy (gtkrange.c:1227) ==29746== by 0x343560B77E: g_closure_invoke (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x34356229F6: (within /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x3435623D08: g_signal_emit_valist (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x3435624272: g_signal_emit (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x4FA89DD: gtk_object_dispose (gtkobject.c:421) ==29746== by 0x343560DD4F: g_object_run_dispose (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x4EB6432: gtk_box_forall (gtkbox.c:1249) ==29746== by 0x4EEDB75: gtk_container_destroy (gtkcontainer.c:1066) ==29746== by 0x343560B77E: g_closure_invoke (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x34356229F6: (within /lib64/libgobject-2.0.so.0.1902.0) ==29746== ==29746== Invalid free() / delete / delete[] ==29746== at 0x4A0609F: free (vg_replace_malloc.c:323) ==29746== by 0x4FC0DB9: _gtk_range_set_stop_values (gtkrange.c:3608) ==29746== by 0x4FE0CB3: gtk_scale_finalize (gtkscale.c:1176) ==29746== by 0x343560D958: g_object_unref (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x4EB6432: gtk_box_forall (gtkbox.c:1249) ==29746== by 0x4EEDB75: gtk_container_destroy (gtkcontainer.c:1066) ==29746== by 0x343560B77E: g_closure_invoke (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x34356229F6: (within /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x3435623D08: g_signal_emit_valist (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x3435624272: g_signal_emit (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x4FA89DD: gtk_object_dispose (gtkobject.c:421) ==29746== by 0x343560DD4F: g_object_run_dispose (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== Address 0xfae1f50 is 0 bytes inside a block of size 12 free'd ==29746== at 0x4A0609F: free (vg_replace_malloc.c:323) ==29746== by 0x4FC31C0: gtk_range_destroy (gtkrange.c:1228) ==29746== by 0x343560B77E: g_closure_invoke (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x34356229F6: (within /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x3435623D08: g_signal_emit_valist (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x3435624272: g_signal_emit (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x4FA89DD: gtk_object_dispose (gtkobject.c:421) ==29746== by 0x343560DD4F: g_object_run_dispose (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x4EB6432: gtk_box_forall (gtkbox.c:1249) ==29746== by 0x4EEDB75: gtk_container_destroy (gtkcontainer.c:1066) ==29746== by 0x343560B77E: g_closure_invoke (in /lib64/libgobject-2.0.so.0.1902.0) ==29746== by 0x34356229F6: (within /lib64/libgobject-2.0.so.0.1902.0) Attached patch fixes the crash.
Created attachment 127283 [details] [review] gtk-2.15.1-scale-marks-crasher.patch
Thanks, please commit
2009-01-26 Bastien Nocera <hadess@hadess.net> Bug 569240 - Crasher when using markers * gtk/gtkrange.c (gtk_range_destroy): Avoid crashes when destroying a GtkRange with markers