After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 668675 - GtkTimeline: protect the timeline from unref
GtkTimeline: protect the timeline from unref
Status: RESOLVED FIXED
Product: gtk+
Classification: Platform
Component: .General
unspecified
Other All
: Normal normal
: ---
Assigned To: gtk-bugs
gtk-bugs
: 654020 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2012-01-25 16:38 UTC by Allison Karlitskaya (desrt)
Modified: 2012-01-26 09:47 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
GtkTimeline: protect the timeline from unref (1.29 KB, patch)
2012-01-25 16:38 UTC, Allison Karlitskaya (desrt)
committed Details | Review

Description Allison Karlitskaya (desrt) 2012-01-25 16:38:16 UTC
==24215== Invalid read of size 1
==24215==    at 0x58F1507: gtk_timeline_run_frame (gtktimeline.c:340)
==24215==    by 0x5D506EE: gdk_threads_dispatch (gdk.c:745)
==24215==    by 0x7C5672A: g_timeout_dispatch (gmain.c:3857)
==24215==    by 0x7C55AE9: g_main_context_dispatch (gmain.c:2513)
==24215==    by 0x7C55EAF: g_main_context_iterate.isra.23 (gmain.c:3121)
==24215==    by 0x7C55F73: g_main_context_iteration (gmain.c:3182)
==24215==    by 0x7708773: g_application_run (gapplication.c:1496)
==24215==    by 0x42A971: main (nautilus-main.c:101)
==24215==  Address 0x266cb174 is 84 bytes inside a block of size 88 free'd
==24215==    at 0x4C2882E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24215==    by 0x79F104A: g_type_free_instance (gtype.c:1937)
==24215==    by 0x79F5152: g_value_unset (gvalue.c:276)
==24215==    by 0x79E98DA: g_signal_emit_valist (gsignal.c:3063)
==24215==    by 0x79E9A61: g_signal_emit (gsignal.c:3090)
==24215==    by 0x58F1506: gtk_timeline_run_frame (gtktimeline.c:337)
==24215==    by 0x5D506EE: gdk_threads_dispatch (gdk.c:745)
==24215==    by 0x7C5672A: g_timeout_dispatch (gmain.c:3857)
==24215==    by 0x7C55AE9: g_main_context_dispatch (gmain.c:2513)
==24215==    by 0x7C55EAF: g_main_context_iterate.isra.23 (gmain.c:3121)
==24215==    by 0x7C55F73: g_main_context_iteration (gmain.c:3182)
==24215==    by 0x7708773: g_application_run (gapplication.c:1496)
==24215==    by 0x42A971: main (nautilus-main.c:101)
Comment 1 Allison Karlitskaya (desrt) 2012-01-25 16:38:18 UTC
Created attachment 206104 [details] [review]
GtkTimeline: protect the timeline from unref

The timeline frame function emits several signals, assuming that the
timeline will exist after these signals return.  This assumption can be
invalid if signal handlers unref the timeline.
Comment 2 Matthias Clasen 2012-01-26 01:25:35 UTC
Review of attachment 206104 [details] [review]:

Makes sense
Comment 3 Matthias Clasen 2012-01-26 01:28:08 UTC
Review of attachment 206104 [details] [review]:

Makes sense
Comment 4 Matthias Clasen 2012-01-26 01:28:11 UTC
Review of attachment 206104 [details] [review]:

Makes sense
Comment 5 Matthias Clasen 2012-01-26 01:28:58 UTC
Review of attachment 206104 [details] [review]:

Grr splinter
Comment 6 Matthias Clasen 2012-01-26 01:29:17 UTC
Review of attachment 206104 [details] [review]:

Grr splinter
Comment 7 Allison Karlitskaya (desrt) 2012-01-26 01:29:52 UTC
Attachment 206104 [details] pushed as e2750a4 - GtkTimeline: protect the timeline from unref
Comment 8 Sebastien Bacher 2012-01-26 09:47:42 UTC
*** Bug 654020 has been marked as a duplicate of this bug. ***