GNOME Bugzilla – Bug 677156
Occasional crash on json_builder_end_object
Last modified: 2012-05-31 22:34:18 UTC
When the inner mode is JSON_BUILDER_MODE_OBJECT, the struct attribute "member_name" is usually NULL, but json_builder_state_free would call g_free on it anyways This patch makes json_builder_state_free call g_free on member_name only when that needs to happen, specifically under JSON_BUILDER_MODE_MEMBER
Created attachment 215303 [details] [review] Fix
Review of attachment 215303 [details] [review]: it's perfectly fine to call g_free() on a pointer to NULL. are you sure that the member_name member is really NULL?
also, could you add a test case that triggers the issue to the JsonBuilder test suite?
Here's what the error looks like on Mac OS X. Granted it's lacking debugging symbols in the relevant area. I'm looking into getting that in to confirm the object state. The submitted fix was just me eyeballing json_builder_state_free looking for where free is called (late last night). (61028) malloc: *** error for object 0x1: pointer being freed was not allocated *** set a breakpoint in malloc_error_break to debug Program received signal SIGABRT, Aborted. 0x00007fff84d550b6 in __kill () (gdb) bt
+ Trace 230290
I'm running into some weirdness getting json-glib recompiled from source for debugging purposes: $ ./autogen.sh /opt/local/bin/gnome-autogen.sh checking for autoconf >= 2.53... testing autoconf2.50... not found. testing autoconf... found 2.69 checking for automake >= 1.11... testing automake-1.11... not found. ***Error***: You must have automake >= 1.11 installed to build JSON-GLib. Download the appropriate package for from your distribution. For example, you can install it with http://ftp.gnu.org/pub/gnu/automake/automake-1.11.tar.gz $ automake --version automake (GNU automake) 1.12 Copyright (C) 2011 Free Software Foundation, Inc. License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl-2.0.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. In the meantime if you guys have a better debugging setup, here's a simplified program that triggers the issue on my machine: $ cat a.c #include <stdio.h> #include <glib.h> #include <json-glib/json-glib.h> int main(int rgc, char ** argv) { JsonBuilder *builder; JsonNode * root; JsonGenerator *gen; gchar *text; unsigned int i = 0; g_type_init(); for (i=1;; i++) { printf("Attempt [%u]\n", i); builder = json_builder_new(); json_builder_begin_object(builder); // Explicitly empty object - no data was inserted into the builder json_builder_end_object(builder); gen = json_generator_new(); root = json_builder_get_root(builder); json_generator_set_root(gen, root); text = json_generator_to_data(gen, NULL); g_free(text); json_node_free(root); g_object_unref(gen); g_object_unref(builder); } return 0; } $ gcc -Wall `pkg-config --cflags --libs json-glib-1.0` -O0 -g a.c (gdb) r Starting program: /Users/mina/a.out Attempt [1] Attempt [2] Attempt [3] Attempt [4] Attempt [5] Attempt [6] Attempt [7] Attempt [8] Attempt [9] Attempt [10] Attempt [11] a.out(63001) malloc: *** error for object 0x1: pointer being freed was not allocated *** set a breakpoint in malloc_error_break to debug Program received signal SIGABRT, Aborted. 0x00007fff84d550b6 in __kill () (gdb) bt
+ Trace 230291
I'm starting to think this is hairier than it initially appears. My example program above has the same predictable crash, always at attempt #11, on both Mac OS X (10.6.8) machines I use. I've tried it on a colleague's Mac OS X 10.6.8, and it does not crash. I've tried it on a colleague's Mac OS X 10.7.4 Build 11E53, and it does not crash. I've tried it on a linux 2.6 64bit machine, and it does not crash. I've tried it on a linux 3.2 32bit machine, and it does not crash. So, it seems that there's something specific about the 2 mac laptops I use that causes this. I'll post back here once I have more debugging info from these machines.
Please disregard this ticket. Apologies for the hasty patch. The crash on both my machines was due to an older version of json-glib ( 0.12.4 ) When I downloaded and sandboxed latest source (0.14.2) to compile for debugging, the problem disappeared. I upgraded the main installed version on the machine to 0.14.2, the problem also disappeared. So either way, with the latest stable 0.14.2 there is no crash on all machines I have access to. If you feel there's value in debugging 0.12.4 let me know and I'll provide more info. If not, please close the ticket. Thank you.
ah, yes - I think this is a duplicate of bug 651271. *** This bug has been marked as a duplicate of bug 651271 ***