Bug 630532 – invalid drop point in drag-data-received callback

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 630532 - invalid drop point in drag-data-received callback


Summary:	invalid drop point in drag-data-received callback


Status:	RESOLVED FIXED

Product:	gtk+
Classification:	Platform
Component:	Widget: Other
Version:	2.90.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtk-bugs
QA Contact:	gtk-bugs

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-09-24 16:37 UTC by Christian Persch
Modified:	2010-09-24 17:27 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Christian Persch 2010-09-24 16:37:44 UTC

Valgrinding nautilus with gtk+ (master + rendering-cleanup-next), I found this while dragging a selection of files around:

==2222== Conditional jump or move depends on uninitialised value(s)
==2222==    at 0x48BF208: param_double_validate (gparamspecs.c:585)
==2222==    by 0x48BC076: g_param_value_validate (gparam.c:650)
==2222==    by 0x48B5B3A: object_set_property (gobject.c:1161)
==2222==    by 0x48B6F68: g_object_set_valist (gobject.c:1689)
==2222==    by 0x816FDCF: eel_canvas_item_set_valist (eel-canvas.c:483)
==2222==    by 0x816FD13: eel_canvas_item_set (eel-canvas.c:464)
==2222==    by 0x8145353: set_shadow_position (nautilus-icon-dnd.c:169)
==2222==    by 0x8145BD8: nautilus_icon_container_position_shadow (nautilus-icon-dnd.c:339)
==2222==    by 0x8145CAD: nautilus_icon_container_dropped_icon_feedback (nautilus-icon-dnd.c:368)
==2222==    by 0x8148805: drag_data_received_callback (nautilus-icon-dnd.c:1656)
==2222==    by 0x41B53EE: _gtk_marshal_VOID__OBJECT_INT_INT_BOXED_UINT_UINT (gtkmarshalers.c:2234)
==2222==    by 0x48B2058: g_closure_invoke (gclosure.c:766)
==2222==    by 0x48CAD23: signal_emit_unlocked_R (gsignal.c:3252)
==2222==    by 0x48CA072: g_signal_emit_valist (gsignal.c:2983)
==2222==    by 0x48CA4C9: g_signal_emit_by_name (gsignal.c:3077)
==2222==    by 0x4345A1F: gtk_drag_selection_received (gtkdnd.c:1771)
==2222==  Uninitialised value was created by a heap allocation
==2222==    at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==2222==    by 0x493A6F0: g_malloc (gmem.c:164)
==2222==    by 0x493AA37: g_malloc_n (gmem.c:381)
==2222==    by 0x4345F7D: gtk_drag_get_dest_info (gtkdnd.c:1975)
==2222==    by 0x4345334: _gtk_drag_dest_handle_event (gtkdnd.c:1567)
==2222==    by 0x41B0CBB: gtk_main_do_event (gtkmain.c:1779)
==2222==    by 0x4489D48: gdk_event_source_dispatch (gdkeventsource.c:302)

gtk_drag_get_dest_info doesn't initialise drop_x, drop_y, and later these are passed to the callback.

Comment 1 Matthias Clasen 2010-09-24 17:27:16 UTC

commit bc6a3f8cd8c3ead617f9860b1d8ad177b49f606c
Author: Matthias Clasen <mclasen@redhat.com>
Date:   Fri Sep 24 13:23:47 2010 -0400

    DND: don't use uninitialized memory
    
    The dest_x/y members of GtkDragDestInfo were not initialized.
    At the same time, switch some of the small temporary structs
    to g_slice allocation.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=630532