After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 690091 - Avoid possible double free
Avoid possible double free
Status: RESOLVED FIXED
Product: gnome-control-center
Classification: Core
Component: Printers
3.6.x
Other Linux
: Normal normal
: ---
Assigned To: Marek Kašík
Control-Center Maintainers
Depends on:
Blocks:
 
 
Reported: 2012-12-12 11:41 UTC by Marek Kašík
Modified: 2012-12-12 12:36 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
printers: Avoid possible crash (1.38 KB, patch)
2012-12-12 11:41 UTC, Marek Kašík
committed Details | Review

Description Marek Kašík 2012-12-12 11:41:57 UTC
Created attachment 231344 [details] [review]
printers: Avoid possible crash

It can happen that "data->ppd_file_name" is unlinked and freed in install_missing_executables_cb() and again in get_missing_executables_cb().
You can reproduce this by adding new printer in Printers panel when runnnig gnome-control-center in valgrind and looking for errors.

==28050== 2 errors in context 6 of 6:
==28050== Invalid read of size 8
==28050==    at 0x13A90B3A: get_missing_executables_cb (pp-new-printer.c:1164)
==28050==    by 0x320B06DFF6: g_simple_async_result_complete (gsimpleasyncresult.c:775)
==28050==    by 0x320B0BE901: g_dbus_connection_call_done (gdbusconnection.c:5339)
==28050==    by 0x320B06DFF6: g_simple_async_result_complete (gsimpleasyncresult.c:775)
==28050==    by 0x320B06E0F8: complete_in_idle_cb (gsimpleasyncresult.c:787)
==28050==    by 0x3205C47A74: g_main_context_dispatch (gmain.c:2715)
==28050==    by 0x3205C47DA7: g_main_context_iterate.isra.24 (gmain.c:3290)
==28050==    by 0x3205C47E63: g_main_context_iteration (gmain.c:3351)
==28050==    by 0x320B09A7EB: g_application_run (gapplication.c:1624)
==28050==    by 0x408244: main (control-center.c:259)
==28050==  Address 0x1bedb548 is 24 bytes inside a block of size 48 free'd
==28050==    at 0x4A077A6: free (vg_replace_malloc.c:446)
==28050==    by 0x3205C4D7BE: g_free (gmem.c:252)
==28050==    by 0x13A90338: install_missing_executables_cb (pp-new-printer.c:940)
==28050==    by 0x13A90AEA: get_missing_executables_cb (pp-new-printer.c:1158)
==28050==    by 0x320B06DFF6: g_simple_async_result_complete (gsimpleasyncresult.c:775)
==28050==    by 0x320B0BE901: g_dbus_connection_call_done (gdbusconnection.c:5339)
==28050==    by 0x320B06DFF6: g_simple_async_result_complete (gsimpleasyncresult.c:775)
==28050==    by 0x320B06E0F8: complete_in_idle_cb (gsimpleasyncresult.c:787)
==28050==    by 0x3205C47A74: g_main_context_dispatch (gmain.c:2715)
==28050==    by 0x3205C47DA7: g_main_context_iterate.isra.24 (gmain.c:3290)
==28050==    by 0x3205C47E63: g_main_context_iteration (gmain.c:3351)
==28050==    by 0x320B09A7EB: g_application_run (gapplication.c:1624)
==28050==    by 0x408244: main (control-center.c:259)

The problem is present since 3.6. Attached patch fixes it for me.

Marek
Comment 1 Bastien Nocera 2012-12-12 12:04:58 UTC
Review of attachment 231344 [details] [review]:

Looks good.
Comment 2 Marek Kašík 2012-12-12 12:36:14 UTC
Comment on attachment 231344 [details] [review]
printers: Avoid possible crash

Thank you for the review. I've committed it to the master and 3.6.