GNOME Bugzilla – Bug 676023
Invalid read when preparing the aggregator
Last modified: 2012-05-14 23:22:51 UTC
Created attachment 213993 [details] test app Try running this test app in valgrind with Folks master: ==17086== Invalid read of size 4 ==17086== at 0x5279E6F: tp_proxy_prepare_async (proxy.c:1931) ==17086== by 0x4C286C1: _tpf_persona_store_notify_connection_cb_async_co (tpf-persona-store.vala:672) ==17086== by 0x4C28293: _tpf_persona_store_notify_connection_cb_async (tpf-persona-store.vala:41) ==17086== by 0x4C2818B: _tpf_persona_store_notify_connection_cb (tpf-persona-store.vala:663) ==17086== by 0x4C26AE9: tpf_persona_store_real_prepare_co (tpf-persona-store.vala:507) ==17086== by 0x4C25F03: tpf_persona_store_real_prepare (tpf-persona-store.vala:41) ==17086== by 0x4EA2122: folks_persona_store_prepare (persona-store.vala:281) ==17086== by 0x4E8F1D1: _folks_individual_aggregator_backend_persona_store_added_cb (individual-aggregator.vala:794) ==17086== by 0x4E8DFC1: _folks_individual_aggregator_add_backend_co (individual-aggregator.vala:666) ==17086== by 0x4E8DAE5: _folks_individual_aggregator_add_backend (individual-aggregator.vala:76) ==17086== by 0x4E8E213: _folks_individual_aggregator_backend_available_cb (individual-aggregator.vala:693) ==17086== by 0x4E8B0F4: __folks_individual_aggregator_backend_available_cb_folks_backend_store_backend_available (individual-aggregator.vala:363) ==17086== by 0x5570B80: g_cclosure_marshal_VOID__OBJECTv (gmarshal.c:1312) ==17086== by 0x556C223: _g_closure_invoke_va (gclosure.c:840) ==17086== by 0x5587BFF: g_signal_emit_valist (gsignal.c:3207) ==17086== by 0x5588F0E: g_signal_emit_by_name (gsignal.c:3389) ==17086== by 0x4E60E1C: _folks_backend_store_backend_load_if_needed_co (backend-store.vala:362) ==17086== by 0x4E60B0D: _folks_backend_store_backend_load_if_needed_ready (backend-store.vala:358) ==17086== by 0x5B8AAB8: g_simple_async_result_complete (gsimpleasyncresult.c:767) ==17086== by 0x8B20791: folks_backends_tp_backend_real_prepare_co (tp-backend.vala:88) ==17086== Address 0x6666b60 is 0 bytes after a block of size 16 alloc'd ==17086== at 0x4A05BB4: calloc (vg_replace_malloc.c:467) ==17086== by 0x58107AB: standard_calloc (gmem.c:104) ==17086== by 0x581083D: g_malloc0 (gmem.c:189) ==17086== by 0x5810AFA: g_malloc0_n (gmem.c:385) ==17086== by 0x4C2861B: _tpf_persona_store_notify_connection_cb_async_co (tpf-persona-store.vala:672) ==17086== by 0x4C28293: _tpf_persona_store_notify_connection_cb_async (tpf-persona-store.vala:41) ==17086== by 0x4C2818B: _tpf_persona_store_notify_connection_cb (tpf-persona-store.vala:663) ==17086== by 0x4C26AE9: tpf_persona_store_real_prepare_co (tpf-persona-store.vala:507) ==17086== by 0x4C25F03: tpf_persona_store_real_prepare (tpf-persona-store.vala:41) ==17086== by 0x4EA2122: folks_persona_store_prepare (persona-store.vala:281) ==17086== by 0x4E8F1D1: _folks_individual_aggregator_backend_persona_store_added_cb (individual-aggregator.vala:794) ==17086== by 0x4E8DFC1: _folks_individual_aggregator_add_backend_co (individual-aggregator.vala:666) ==17086== by 0x4E8DAE5: _folks_individual_aggregator_add_backend (individual-aggregator.vala:76) ==17086== by 0x4E8E213: _folks_individual_aggregator_backend_available_cb (individual-aggregator.vala:693) ==17086== by 0x4E8B0F4: __folks_individual_aggregator_backend_available_cb_folks_backend_store_backend_available (individual-aggregator.vala:363) ==17086== by 0x5570B80: g_cclosure_marshal_VOID__OBJECTv (gmarshal.c:1312) ==17086== by 0x556C223: _g_closure_invoke_va (gclosure.c:840) ==17086== by 0x5587BFF: g_signal_emit_valist (gsignal.c:3207) ==17086== by 0x5588F0E: g_signal_emit_by_name (gsignal.c:3389) ==17086== by 0x4E60E1C: _folks_backend_store_backend_load_if_needed_co (backend-store.vala:362) ==17086== ==17086== Invalid read of size 4 ==17086== at 0x528E945: _tp_quark_array_copy (util.c:1066) ==17086== by 0x527705A: tp_proxy_prepare_request_new (proxy.c:361) ==17086== by 0x5279EEA: tp_proxy_prepare_async (proxy.c:1986) ==17086== by 0x4C286C1: _tpf_persona_store_notify_connection_cb_async_co (tpf-persona-store.vala:672) ==17086== by 0x4C28293: _tpf_persona_store_notify_connection_cb_async (tpf-persona-store.vala:41) ==17086== by 0x4C2818B: _tpf_persona_store_notify_connection_cb (tpf-persona-store.vala:663) ==17086== by 0x4C26AE9: tpf_persona_store_real_prepare_co (tpf-persona-store.vala:507) ==17086== by 0x4C25F03: tpf_persona_store_real_prepare (tpf-persona-store.vala:41) ==17086== by 0x4EA2122: folks_persona_store_prepare (persona-store.vala:281) ==17086== by 0x4E8F1D1: _folks_individual_aggregator_backend_persona_store_added_cb (individual-aggregator.vala:794) ==17086== by 0x4E8DFC1: _folks_individual_aggregator_add_backend_co (individual-aggregator.vala:666) ==17086== by 0x4E8DAE5: _folks_individual_aggregator_add_backend (individual-aggregator.vala:76) ==17086== by 0x4E8E213: _folks_individual_aggregator_backend_available_cb (individual-aggregator.vala:693) ==17086== by 0x4E8B0F4: __folks_individual_aggregator_backend_available_cb_folks_backend_store_backend_available (individual-aggregator.vala:363) ==17086== by 0x5570B80: g_cclosure_marshal_VOID__OBJECTv (gmarshal.c:1312) ==17086== by 0x556C223: _g_closure_invoke_va (gclosure.c:840) ==17086== by 0x5587BFF: g_signal_emit_valist (gsignal.c:3207) ==17086== by 0x5588F0E: g_signal_emit_by_name (gsignal.c:3389) ==17086== by 0x4E60E1C: _folks_backend_store_backend_load_if_needed_co (backend-store.vala:362) ==17086== by 0x4E60B0D: _folks_backend_store_backend_load_if_needed_ready (backend-store.vala:358) ==17086== Address 0x6666b60 is 0 bytes after a block of size 16 alloc'd ==17086== at 0x4A05BB4: calloc (vg_replace_malloc.c:467) ==17086== by 0x58107AB: standard_calloc (gmem.c:104) ==17086== by 0x581083D: g_malloc0 (gmem.c:189) ==17086== by 0x5810AFA: g_malloc0_n (gmem.c:385) ==17086== by 0x4C2861B: _tpf_persona_store_notify_connection_cb_async_co (tpf-persona-store.vala:672) ==17086== by 0x4C28293: _tpf_persona_store_notify_connection_cb_async (tpf-persona-store.vala:41) ==17086== by 0x4C2818B: _tpf_persona_store_notify_connection_cb (tpf-persona-store.vala:663) ==17086== by 0x4C26AE9: tpf_persona_store_real_prepare_co (tpf-persona-store.vala:507) ==17086== by 0x4C25F03: tpf_persona_store_real_prepare (tpf-persona-store.vala:41) ==17086== by 0x4EA2122: folks_persona_store_prepare (persona-store.vala:281) ==17086== by 0x4E8F1D1: _folks_individual_aggregator_backend_persona_store_added_cb (individual-aggregator.vala:794) ==17086== by 0x4E8DFC1: _folks_individual_aggregator_add_backend_co (individual-aggregator.vala:666) ==17086== by 0x4E8DAE5: _folks_individual_aggregator_add_backend (individual-aggregator.vala:76) ==17086== by 0x4E8E213: _folks_individual_aggregator_backend_available_cb (individual-aggregator.vala:693) ==17086== by 0x4E8B0F4: __folks_individual_aggregator_backend_available_cb_folks_backend_store_backend_available (individual-aggregator.vala:363) ==17086== by 0x5570B80: g_cclosure_marshal_VOID__OBJECTv (gmarshal.c:1312) ==17086== by 0x556C223: _g_closure_invoke_va (gclosure.c:840) ==17086== by 0x5587BFF: g_signal_emit_valist (gsignal.c:3207) ==17086== by 0x5588F0E: g_signal_emit_by_name (gsignal.c:3389) ==17086== by 0x4E60E1C: _folks_backend_store_backend_load_if_needed_co (backend-store.vala:362) ==17086==
Fixed in master, thanks. commit 6b29928ae3e979b488802e60deb29a02450f30f2 Author: Philip Withnall <philip@tecnocode.co.uk> Date: Tue May 15 00:21:46 2012 +0100 Bug 676023 — Invalid read when preparing the aggregator Properly 0-terminate an array passed to tp_proxy_prepare_async(). Closes: https://bugzilla.gnome.org/show_bug.cgi?id=676023 NEWS | 1 + backends/telepathy/lib/tpf-persona-store.vala | 3 ++- 2 files changed, 3 insertions(+), 1 deletions(-)