Bug 613811 – *** glibc detected *** gedit: free(): invalid pointer: 0x04bd184e ***

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 613811 - *** glibc detected *** gedit: free(): invalid pointer: 0x04bd184e ***


Summary:	* glibc detected * gedit: free(): invalid pointer: 0x04bd184e ***


Status:	RESOLVED NOTGNOME

Product:	gedit
Classification:	Applications
Component:	general
Version:	2.29.x
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Gedit maintainers
QA Contact:	Gedit maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-03-24 14:55 UTC by Pedro Villavicencio
Modified:	2010-03-29 13:55 UTC

See Also:
GNOME target:	---
GNOME version:	2.29/2.30

Description Pedro Villavicencio 2010-03-24 14:55:47 UTC

this report has been filed here:

https://bugs.edge.launchpad.net/ubuntu/+source/gedit/+bug/544917

"I tried to install the Devhelp completion plugin from : http://github.com/nacho/devhelp. Did "./autogen --prefix=/usr ; make ; sudo make install", and it appears in Gedit. When I activate it, it still works fine. But as soon as I start typing a word, it crashes with this error. Attached is the backtrace."

Valgrind log:

http://launchpadlibrarian.net/41777134/valgrind-logs-gedit.tar.gz

"======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b581)[0xdf4581]
/lib/tls/i686/cmov/libc.so.6(+0x6cdd8)[0xdf5dd8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0xdf8ebd]
/lib/libglib-2.0.so.0(g_free+0x36)[0x8aedb6]
/usr/lib/libgtksourceview-2.0.so.0(+0x4471c)[0xa9d71c]
/usr/lib/libgtk-x11-2.0.so.0(gtk_tree_view_column_cell_set_cell_data+0x1c2)[0x65f952]
/usr/lib/libgtk-x11-2.0.so.0(+0x280362)[0x656362]
/usr/lib/libgtk-x11-2.0.so.0(+0x280608)[0x656608]
/usr/lib/libgtk-x11-2.0.so.0(+0x280e67)[0x656e67]
/usr/lib/libgtk-x11-2.0.so.0(+0x281135)[0x657135]
/usr/lib/libgobject-2.0.so.0(g_cclosure_marshal_VOID__BOXED+0x9c)[0x806a6c]
/usr/lib/libgobject-2.0.so.0(+0x9859)[0x7f6859]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0xd8)[0x7f8118]
/usr/lib/libgobject-2.0.so.0(+0x221ba)[0x80f1ba]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x784)[0x810f84]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_by_name+0x175)[0x811275]
/usr/lib/libgtk-x11-2.0.so.0(+0x1d5348)[0x5ab348]
/usr/lib/libgtk-x11-2.0.so.0(+0x1d561f)[0x5ab61f]
/usr/lib/libgtk-x11-2.0.so.0(gtk_widget_size_request+0x8b)[0x6778eb]
/usr/lib/libgtk-x11-2.0.so.0(+0x1c9a35)[0x59fa35]
/usr/lib/libgobject-2.0.so.0(g_cclosure_marshal_VOID__BOXED+0x9c)[0x806a6c]
/usr/lib/libgobject-2.0.so.0(+0x9859)[0x7f6859]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0xd8)[0x7f8118]
/usr/lib/libgobject-2.0.so.0(+0x221ba)[0x80f1ba]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x784)[0x810f84]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_by_name+0x175)[0x811275]
/usr/lib/libgtk-x11-2.0.so.0(+0x1d5348)[0x5ab348]
/usr/lib/libgtk-x11-2.0.so.0(+0x1d561f)[0x5ab61f]
/usr/lib/libgtk-x11-2.0.so.0(gtk_widget_size_request+0x8b)[0x6778eb]
/usr/lib/libgtk-x11-2.0.so.0(+0x7b278)[0x451278]
/usr/lib/libgobject-2.0.so.0(g_cclosure_marshal_VOID__BOXED+0x9c)[0x806a6c]
/usr/lib/libgobject-2.0.so.0(+0x9859)[0x7f6859]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0xd8)[0x7f8118]
/usr/lib/libgobject-2.0.so.0(+0x221ba)[0x80f1ba]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x784)[0x810f84]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_by_name+0x175)[0x811275]
/usr/lib/libgtk-x11-2.0.so.0(+0x1d5348)[0x5ab348]
/usr/lib/libgtk-x11-2.0.so.0(+0x1d561f)[0x5ab61f]
/usr/lib/libgtk-x11-2.0.so.0(gtk_widget_size_request+0x8b)[0x6778eb]
/usr/lib/libgtk-x11-2.0.so.0(+0x2b4135)[0x68a135]
/usr/lib/libgobject-2.0.so.0(g_cclosure_marshal_VOID__BOXED+0x9c)[0x806a6c]
/usr/lib/libgobject-2.0.so.0(+0x9859)[0x7f6859]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x1b2)[0x7f81f2]
/usr/lib/libgobject-2.0.so.0(+0x221ba)[0x80f1ba]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x784)[0x810f84]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_by_name+0x175)[0x811275]
/usr/lib/libgtk-x11-2.0.so.0(+0x1d5348)[0x5ab348]
/usr/lib/libgtk-x11-2.0.so.0(+0x1d561f)[0x5ab61f]
/usr/lib/libgtk-x11-2.0.so.0(gtk_widget_size_request+0x8b)[0x6778eb]
/usr/lib/libgtk-x11-2.0.so.0(+0x2af1d4)[0x6851d4]
/usr/lib/libgtk-x11-2.0.so.0(gtk_window_get_size+0xbf)[0x685c6f]
/usr/lib/libgtksourceview-2.0.so.0(gtk_source_completion_utils_move_to_iter+0xf0)[0xaa4fc0]
/usr/lib/libgtksourceview-2.0.so.0(+0x43de3)[0xa9cde3]
/usr/lib/libgobject-2.0.so.0(g_cclosure_marshal_VOID__VOID+0x7c)[0x8063dc]
/usr/lib/libgobject-2.0.so.0(+0x9859)[0x7f6859]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x1b2)[0x7f81f2]
/usr/lib/libgobject-2.0.so.0(+0x22566)[0x80f566]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x784)[0x810f84]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x26)[0x8116e6]
/usr/lib/libgtksourceview-2.0.so.0(+0x443e6)[0xa9d3e6]
/usr/lib/libgtk-x11-2.0.so.0(+0x1536f9)[0x5296f9]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x1b2)[0x7f81f2]
/usr/lib/libgobject-2.0.so.0(+0x22c50)[0x80fc50]
======= Memory map: ========
00110000-001af000 r-xp 00000000 08:01 942783 /usr/lib/libgdk-x11-2.0.so.0.1907.0
001af000-001b0000 ---p 0009f000 08:01 942783 /usr/lib/libgdk-x11-2.0.so.0.1907.0
001b0000-001b2000 r--p 0009f000 08:01 942783 /usr/lib/libgdk-x11-2.0.so.0.1907.0
001b2000-001b3000 rw-p 000a1000 08:01 942783 /usr/lib/libgdk-x11-2.0.so.0.1907.0
001b3000-001b6000 r-xp 00000000 08:01 935942 /usr/lib/libgmodule-2.0.so.0.2305.0
001b6000-001b7000 r--p 00002000 08:01 935942 /usr/lib/libgmodule-2.0.so.0.2305.0
001b7000-001b8000 rw-p 00003000 08:01 935942 /usr/lib/libgmodule-2.0.so.0.2305.0
001b8000-001bc000 r-xp 00000000 08:01 935943 /usr/lib/libgthread-2.0.so.0.2305.0
001bc000-001bd000 r--p 00003000 08:01 935943 /usr/lib/libgthread-2.0.so.0.2305.0
001bd000-001be000 rw-p 00004000 08:01 935943 /usr/lib/libgthread-2.0.so.0.2305.0
001be000-001c5000 r-xp 00000000 08:01 949794 /usr/lib/libSM.so.6.0.1
001c5000-001c6000 r--p 00006000 08:01 949794 /usr/lib/libSM.so.6.0.1
001c6000-001c7000 rw-p 00007000 08:01 949794 /usr/lib/libSM.so.6.0.1
001c7000-001d1000 r-xp 00000000 08:01 957395 /usr/lib/libpangocairo-1.0.so.0.2600.2
001d1000-001d2000 r--p 00009000 08:01 957395 /usr/lib/libpangocairo-1.0.so.0.2600.2
001d2000-001d3000 rw-p 0000a000 08:01 957395 /usr/lib/libpangocairo-1.0.so.0.2600.2
001d3000-001d5000 r-xp 00000000 08:01 957427 /usr/lib/libXcomposite.so.1.0.0
001d5000-001d6000 r--p 00001000 08:01 957427 /usr/lib/libXcomposite.so.1.0.0
001d6000-001d7000 rw-p 00002000 08:01 957427 /usr/lib/libXcomposite.so.1.0.0
001d7000-001d9000 r-xp 00000000 08:01 957438 /usr/lib/libXdamage.so.1.1.0
001d9000-001da000 r--p 00001000 08:01 957438 /usr/lib/libXdamage.so.1.1.0
001da000-001db000 rw-p 00002000 08:01 957438 /usr/lib/libXdamage.so.1.1.0
001db000-001dc000 r-xp 00000000 00:00 0 [vdso]
001dc000-0027c000 r-xp 00000000 08:01 935944 /usr/lib/libgio-2.0.so.0.2305.0
0027c000-0027d000 ---p 000a0000 08:01 935944 /usr/lib/libgio-2.0.so.0.2305.0
0027d000-0027e000 r--p 000a0000 08:01 935944 /usr/lib/libgio-2.0.so.0.2305.0
0027e000-0027f000 rw-p 000a1000 08:01 935944 /usr/lib/libgio-2.0.so.0.2305.0
0027f000-00280000 rw-p 00000000 00:00 0
00280000-00295000 r-xp 00000000 08:01 1581568 /lib/tls/i686/cmov/libpthread-2.11.1.so
00295000-00296000 r--p 00014000 08:01 1581568 /lib/tls/i686/cmov/libpthread-2.11.1.so
00296000-00297000 rw-p 00015000 08:01 1581568 /lib/tls/i686/cmov/libpthread-2.11.1.so
00297000-00299000 rw-p 00000000 00:00 0
00299000-002ae000 r-xp 00000000 08:01 949788 /usr/lib/libICE.so.6.3.0
002ae000-002af000 r--p 00014000 08:01 949788 /usr/lib/libICE.so.6.3.0
002af000-002b0000 rw-p 00015000 08:01 949788 /usr/lib/libICE.so.6.3.0
002b0000-002b2000 rw-p 00000000 00:00 0
002b2000-002b4000 r-xp 00000000 08:01 957444 /usr/lib/libXinerama.so.1.0.0
002b4000-002b5000 r--p 00001000 08:01 957444 /usr/lib/libXinerama.so.1.0.0
002b5000-002b6000 rw-p 00002000 08:01 957444 /usr/lib/libXinerama.so.1.0.0
002b6000-002ce000 r-xp 00000000 08:01 942784 /usr/lib/libgdk_pixbuf-2.0.so.0.1907.0
002ce000-002cf000 r--p 00018000 08:01 942784 /usr/lib/libgdk_pixbuf-2.0.so.0.1907.0
002cf000-002d0000 rw-p 00019000 08:01 942784 /usr/lib/libgdk_pixbuf-2.0.so.0.1907.0
002d0000-00347000 r-xp 00000000 08:01 928683 /usr/lib/libcairo.so.2.10800.10
00347000-00349000 r--p 00076000 08:01 928683 /usr/lib/libcairo.so.2.10800.10
00349000-0034a000 rw-p 00078000 08:01 928683 /usr/lib/libcairo.so.2.10800.10
0034a000-0038a000 r-xp 00000000 08:01 957394 /usr/lib/libpango-1.0.so.0.2600.2
0038a000-0038b000 ---p 00040000 08:01 957394 /usr/lib/libpango-1.0.so.0.2600.2
0038b000-0038c000 r--p 00040000 08:01 957394 /usr/lib/libpango-1.0.so.0.2600.2
0038c000-0038d000 rw-p 00041000 08:01 957394 /usr/lib/libpango-1.0.so.0.2600.2
0038d000-003a9000 r-xp 00000000 08:01 936331 /usr/lib/libdbus-glib-1.so.2.1.0
003a9000-003aa000 r--p 0001b000 08:01 936331 /usr/lib/libdbus-glib-1.so.2.1.0
003aa000-003ab000 rw-p 0001c000 08:01 936331 /usr/lib/libdbus-glib-1.so.2.1.0
003ab000-003af000 r-xp 00000000 08:01 949961 /usr/lib/libXfixes.so.3.1.0
003af000-003b0000 r--p 00003000 08:01 949961 /usr/lib/libXfixes.so.3.1.0
003b0000-003b1000 rw-p 00004000 08:01 949961 /usr/lib/libXfixes.so.3.1.0
003b1000-003b7000 r-xp 00000000 08:01 924124 /usr/lib/libXrandr.so.2.2.0
003b7000-003b8000 r--p 00005000 08:01 924124 /usr/lib/libXrandr.so.2.2.0
003b8000-003b9000 rw-p 00006000 08:01 924124 /usr/lib/libXrandr.so.2.2.0
003b9000-003d4000 r-xp 00000000 08:01 1580718 /lib/ld-2.11.1.so
003d4000-003d5000 r--p 0001a000 08:01 1580718 /lib/ld-2.11.1.soAbandon (core dumped)"

Comment 1 Paolo Borelli 2010-03-27 11:36:58 UTC

That completion plugin has not been updated to the latest api changes: it should be modified to return duplicated strings instead of pointers to internal memory. This is the cause of the memory corruption and the crash.

Comment 2 Ignacio Casal Quinteiro (nacho) 2010-03-29 13:55:11 UTC

For the record. I've just fixed this.