GNOME Bugzilla – Bug 658644
Invalid read when leaving a muc
Last modified: 2011-09-09 10:58:14 UTC
- Open a XMPP chat room - Leave it - Enjoy this valgrind error It has been introduced with bug #657086 ==12650== Invalid read of size 4 ==12650== at 0xE0A1481: g_hash_table_maybe_resize (ghash.c:584) ==12650== by 0xE0A2098: g_hash_table_remove_internal (ghash.c:1176) ==12650== by 0xE0A20D8: g_hash_table_remove (ghash.c:1203) ==12650== by 0x449D51: contact_list_store_remove_contact (empathy-contact-list-store.c:1168) ==12650== by 0x44933A: contact_list_store_remove_contact_and_disconnect (empathy-contact-list-store.c:915) ==12650== by 0x4493DD: contact_list_store_members_changed_cb (empathy-contact-list-store.c:935) ==12650== by 0x48E0CA: _empathy_marshal_VOID__OBJECT_OBJECT_UINT_STRING_BOOLEAN (empathy-marshal.c:167) ==12650== by 0xD3EB5C2: g_closure_invoke (gclosure.c:773) ==12650== by 0xD407112: signal_emit_unlocked_R (gsignal.c:3271) ==12650== by 0xD406054: g_signal_emit_valist (gsignal.c:3002) ==12650== by 0xD4067AA: g_signal_emit_by_name (gsignal.c:3096) ==12650== by 0x487B20: tp_chat_group_members_changed_cb (empathy-tp-chat.c:1156) ==12650== by 0xC30005A: _tp_marshal_VOID__STRING_BOXED_BOXED_BOXED_BOXED_UINT_UINT (signals-marshal.c:1845) ==12650== by 0xD3EB5C2: g_closure_invoke (gclosure.c:773) ==12650== by 0xD407112: signal_emit_unlocked_R (gsignal.c:3271) ==12650== by 0xD406054: g_signal_emit_valist (gsignal.c:3002) ==12650== by 0xD4067AA: g_signal_emit_by_name (gsignal.c:3096) ==12650== by 0xC24F245: handle_members_changed (channel-group.c:1083) ==12650== by 0xC24F3EC: tp_channel_group_members_changed_cb (channel-group.c:1128) ==12650== by 0xC226B13: _tp_cli_channel_interface_group_invoke_callback_for_members_changed (tp-cli-channel-body.h:2919) ==12650== Address 0x1c474750 is 16 bytes inside a block of size 88 free'd ==12650== at 0x4C282ED: free (vg_replace_malloc.c:366) ==12650== by 0xE0BDDD9: g_free (gmem.c:263) ==12650== by 0xE0D741F: g_slice_free1 (gslice.c:907) ==12650== by 0xE0A1D8D: g_hash_table_unref (ghash.c:977) ==12650== by 0xE0A1DD6: g_hash_table_destroy (ghash.c:998) ==12650== by 0x447CE1: contact_list_store_dispose (empathy-contact-list-store.c:398) ==12650== by 0xD3F4FE5: g_object_unref (gobject.c:2709) ==12650== by 0xA13CE17: gtk_tree_row_reference_free (gtktreemodel.c:2439) ==12650== by 0xE0C81CB: g_queue_foreach (gqueue.c:230) ==12650== by 0x4479E8: g_queue_free_full_row_ref (empathy-contact-list-store.c:328) ==12650== by 0xE0A1069: g_hash_table_remove_node (ghash.c:443) ==12650== by 0xE0A208C: g_hash_table_remove_internal (ghash.c:1175) ==12650== by 0xE0A20D8: g_hash_table_remove (ghash.c:1203) ==12650== by 0x449D51: contact_list_store_remove_contact (empathy-contact-list-store.c:1168) ==12650== by 0x44933A: contact_list_store_remove_contact_and_disconnect (empathy-contact-list-store.c:915) ==12650== by 0x4493DD: contact_list_store_members_changed_cb (empathy-contact-list-store.c:935) ==12650== by 0x48E0CA: _empathy_marshal_VOID__OBJECT_OBJECT_UINT_STRING_BOOLEAN (empathy-marshal.c:167) ==12650== by 0xD3EB5C2: g_closure_invoke (gclosure.c:773) ==12650== by 0xD407112: signal_emit_unlocked_R (gsignal.c:3271) ==12650== by 0xD406054: g_signal_emit_valist (gsignal.c:3002)
Created attachment 196086 [details] [review] contact_list_store_remove_contact: ensure that the store stays alive during the process
Created attachment 196087 [details] [review] individual_store_remove_individual: ensure that the store stays alive during the process
+1
Attachment 196086 [details] pushed as 683c882 - contact_list_store_remove_contact: ensure that the store stays alive during the process Attachment 196087 [details] pushed as 56f569b - individual_store_remove_individual: ensure that the store stays alive during the process
Alban: you may be interested backporting those fixes to Meego.