GNOME Bugzilla – Bug 569480
trash backend crashes due to invalid write
Last modified: 2009-01-30 22:39:54 UTC
using the current jaunty version: uri: file:///media/example/.Trash-1000/files/$recycle.bin ==31673== ==31673== Invalid write of size 1 ==31673== at 0x80635C1: trash_item_escape_name (trashitem.c:131) ==31673== by 0x80637B3: trash_item_new (trashitem.c:209) ==31673== by 0x8063B35: trash_root_add_item (trashitem.c:372) ==31673== by 0x8064AC6: trash_dir_set_files (trashdir.c:72) ==31673== by 0x8064C5F: trash_dir_enumerate (trashdir.c:131) ==31673== by 0x8064E2F: trash_dir_created (trashdir.c:185) ==31673== by 0x80652F4: dir_watch_recursive_create (dirwatch.c:170) ==31673== by 0x80652F4: dir_watch_recursive_create (dirwatch.c:170) ==31673== by 0x80653F9: dir_watch_new (dirwatch.c:215) ==31673== by 0x8065478: dir_watch_new (dirwatch.c:227) ==31673== by 0x8065478: dir_watch_new (dirwatch.c:227) ==31673== by 0x8065030: trash_dir_new (trashdir.c:288) ==31673== by 0x80640F5: trash_mount_insert (trashwatcher.c:162) ==31673== by 0x806424C: trash_watcher_remount (trashwatcher.c:218) ==31673== by 0x40E8BB3: g_cclosure_marshal_VOID__VOID (gmarshal.c:77) ==31673== by 0x40DACAA: g_closure_invoke (gclosure.c:767) ==31673== by 0x40F2694: signal_emit_unlocked_R (gsignal.c:3244) ==31673== by 0x40F3DAD: g_signal_emit_valist (gsignal.c:2977) ==31673== by 0x40F4255: g_signal_emit (gsignal.c:3034) ==31673== by 0x40A832C: mtab_file_changed (gunixmounts.c:1218) ==31673== by 0x40B75AD: _gio_marshal_VOID__OBJECT_OBJECT_ENUM (gio-marshal.c:198) ==31673== by 0x40DACAA: g_closure_invoke (gclosure.c:767) ==31673== by 0x40F2694: signal_emit_unlocked_R (gsignal.c:3244) ==31673== by 0x40F3DAD: g_signal_emit_valist (gsignal.c:2977) ==31673== by 0x40F4255: g_signal_emit (gsignal.c:3034) ==31673== by 0x408D405: emit_cb (gfilemonitor.c:334) ==31673== by 0x417FCC0: g_idle_dispatch (gmain.c:3922) ==31673== by 0x4181BF7: g_main_context_dispatch (gmain.c:1814) ==31673== by 0x41852A2: g_main_context_iterate (gmain.c:2448) ==31673== by 0x41857C1: g_main_loop_run (gmain.c:2656) ==31673== by 0x80505F3: daemon_main (daemon-main.c:270) ==31673== by 0x805065B: main (daemon-main-generic.c:39) ==31673== Address 0x44b868c is 52 bytes inside a block of size 53 free'd ==31673== at 0x4025B4A: free (vg_replace_malloc.c:323) ==31673== by 0x418A2D5: g_free (gmem.c:190) ==31673== by 0x80635BD: trash_item_escape_name (trashitem.c:130) ==31673== by 0x80637B3: trash_item_new (trashitem.c:209) ==31673== by 0x8063B35: trash_root_add_item (trashitem.c:372) ==31673== by 0x8064AC6: trash_dir_set_files (trashdir.c:72) ==31673== by 0x8064C5F: trash_dir_enumerate (trashdir.c:131) ==31673== by 0x8064E2F: trash_dir_created (trashdir.c:185) ==31673== by 0x80652F4: dir_watch_recursive_create (dirwatch.c:170) ==31673== by 0x80652F4: dir_watch_recursive_create (dirwatch.c:170) ==31673== by 0x80653F9: dir_watch_new (dirwatch.c:215) ==31673== by 0x8065478: dir_watch_new (dirwatch.c:227) ==31673== by 0x8065478: dir_watch_new (dirwatch.c:227) ==31673== by 0x8065030: trash_dir_new (trashdir.c:288) ==31673== by 0x80640F5: trash_mount_insert (trashwatcher.c:162) ==31673== by 0x806424C: trash_watcher_remount (trashwatcher.c:218) ==31673== by 0x40E8BB3: g_cclosure_marshal_VOID__VOID (gmarshal.c:77) ==31673== by 0x40DACAA: g_closure_invoke (gclosure.c:767) ==31673== by 0x40F2694: signal_emit_unlocked_R (gsignal.c:3244) ==31673== by 0x40F3DAD: g_signal_emit_valist (gsignal.c:2977) ==31673== by 0x40F4255: g_signal_emit (gsignal.c:3034) ==31673== by 0x40A832C: mtab_file_changed (gunixmounts.c:1218) ==31673== by 0x40B75AD: _gio_marshal_VOID__OBJECT_OBJECT_ENUM (gio-marshal.c:198) ==31673== by 0x40DACAA: g_closure_invoke (gclosure.c:767) ==31673== by 0x40F2694: signal_emit_unlocked_R (gsignal.c:3244) ==31673== by 0x40F3DAD: g_signal_emit_valist (gsignal.c:2977) ==31673== by 0x40F4255: g_signal_emit (gsignal.c:3034) ==31673== by 0x408D405: emit_cb (gfilemonitor.c:334) ==31673== by 0x417FCC0: g_idle_dispatch (gmain.c:3922) ==31673== by 0x4181BF7: g_main_context_dispatch (gmain.c:1814) ==31673== by 0x41852A2: g_main_context_iterate (gmain.c:2448) ==31673== by 0x41857C1: g_main_loop_run (gmain.c:2656) ==31673== by 0x80505F3: daemon_main (daemon-main.c:270) ==31673== by 0x805065B: main (daemon-main-generic.c:39) ==31673== ==31673== Conditional jump or move depends on uninitialised value(s) ==31673== at 0x41A56D5: g_str_hash (gstring.c:98) ==31673== by 0x417351A: g_hash_table_lookup (ghash.c:195) ==31673== by 0x8063B5B: trash_root_add_item (trashitem.c:376) ==31673== by 0x8064AC6: trash_dir_set_files (trashdir.c:72) ==31673== by 0x8064C5F: trash_dir_enumerate (trashdir.c:131) ==31673== by 0x8064E2F: trash_dir_created (trashdir.c:185) ==31673== by 0x80652F4: dir_watch_recursive_create (dirwatch.c:170) ==31673== by 0x80652F4: dir_watch_recursive_create (dirwatch.c:170) ==31673== by 0x80653F9: dir_watch_new (dirwatch.c:215) ==31673== by 0x8065478: dir_watch_new (dirwatch.c:227) ==31673== by 0x8065478: dir_watch_new (dirwatch.c:227) ==31673== by 0x8065030: trash_dir_new (trashdir.c:288) ==31673== by 0x80640F5: trash_mount_insert (trashwatcher.c:162) ==31673== by 0x806424C: trash_watcher_remount (trashwatcher.c:218) ==31673== by 0x40E8BB3: g_cclosure_marshal_VOID__VOID (gmarshal.c:77) ==31673== by 0x40DACAA: g_closure_invoke (gclosure.c:767) ==31673== by 0x40F2694: signal_emit_unlocked_R (gsignal.c:3244) ==31673== by 0x40F3DAD: g_signal_emit_valist (gsignal.c:2977) ==31673== by 0x40F4255: g_signal_emit (gsignal.c:3034) ==31673== by 0x40A832C: mtab_file_changed (gunixmounts.c:1218) ==31673== by 0x40B75AD: _gio_marshal_VOID__OBJECT_OBJECT_ENUM (gio-marshal.c:198) ==31673== by 0x40DACAA: g_closure_invoke (gclosure.c:767) ==31673== by 0x40F2694: signal_emit_unlocked_R (gsignal.c:3244) ==31673== by 0x40F3DAD: g_signal_emit_valist (gsignal.c:2977) ==31673== by 0x40F4255: g_signal_emit (gsignal.c:3034) ==31673== by 0x408D405: emit_cb (gfilemonitor.c:334) ==31673== by 0x417FCC0: g_idle_dispatch (gmain.c:3922) ==31673== by 0x4181BF7: g_main_context_dispatch (gmain.c:1814) ==31673== by 0x41852A2: g_main_context_iterate (gmain.c:2448) ==31673== by 0x41857C1: g_main_loop_run (gmain.c:2656) ==31673== by 0x80505F3: daemon_main (daemon-main.c:270) ==31673== by 0x805065B: main (daemon-main-generic.c:39)
"the current jaunty version" is utterly useless in this bug tracker...
the bug and comments were for desrt, we discussed the issue on IRC
(In reply to comment #1) > "the current jaunty version" is utterly useless in this bug tracker... Matthias: I've been in contact with seb about this bug and he explicitly got this valgrind log at my request. He knew that I'd understand "jaunty version" to mean "my new trash backend code". It solves a bug that we were trying quite hard to track down. In any case. Stupidest bug of all time. *doh* Index: daemon/trashlib/trashitem.c =================================================================== --- daemon/trashlib/trashitem.c (revision 2183) +++ daemon/trashlib/trashitem.c (working copy) @@ -127,7 +127,7 @@ } g_free (uri); - *src = '\0'; + *dest = '\0'; return escaped; } Committed revision 2184.
*** Bug 568422 has been marked as a duplicate of this bug. ***