GNOME Bugzilla – Bug 702598
Invalid read of size 4 in gtk_icon_info_get_embedded_rect
Last modified: 2013-06-19 09:19:33 UTC
Valgrind reports those warnings on nautilus 3.6 and gtk 3.8: ==7817== Invalid read of size 4 ==7817== at 0x422E7C3: gtk_icon_info_get_embedded_rect (gtkicontheme.c:4561) ==7817== by 0x8118E20: nautilus_icon_info_lookup (nautilus-icon-info.c:147) ==7817== by 0x81113E4: nautilus_file_get_icon (nautilus-file.c:4390) ==7817== by 0x8073332: nautilus_canvas_view_container_get_icon_images (nautilus-canvas-view-container.c:95) ==7817== by 0x80CDF2E: nautilus_canvas_container_update_icon (nautilus-canvas-container.c:6082) ==7817== by 0x80CE820: nautilus_canvas_container_request_update (nautilus-canvas-container.c:6613) ==7817== by 0x55B91EE: ffi_call (in /usr/lib/i386-linux-gnu/libffi.so.6.0.1) ==7817== by 0x4CEA278: g_cclosure_marshal_generic (gclosure.c:1454) ==7817== by 0x4CE8523: g_type_class_meta_marshal (gclosure.c:970) ==7817== by 0x4CE99FD: g_closure_invoke (gclosure.c:777) ==7817== by 0x4CFCBFF: signal_emit_unlocked_R (gsignal.c:3620) ==7817== by 0x4D04D48: g_signal_emit_valist (gsignal.c:3326) ==7817== by 0x4D04F92: g_signal_emit (gsignal.c:3382) ==7817== by 0x80AFECC: display_pending_callback (nautilus-view.c:3483) ==7817== by 0x4D76250: g_timeout_dispatch (gmain.c:4417) ==7817== by 0x4D755CD: g_main_context_dispatch (gmain.c:3058) ==7817== by 0x4D75977: g_main_context_iterate.isra.21 (gmain.c:3705) ==7817== by 0x4D75A37: g_main_context_iteration (gmain.c:3766) ==7817== by 0x4C06143: g_application_run (gapplication.c:1624) ==7817== by 0x8068677: main (nautilus-main.c:103) ==7817== Address 0xb85d2d8 is 0 bytes inside a block of size 32 free'd ==7817== at 0x402AC38: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==7817== by 0x4D7B40F: g_free (gmem.c:197) ==7817== by 0x4D91EFA: g_slice_free1 (gslice.c:1124) ==7817== by 0x42287E9: icon_data_free (gtkicontheme.c:2971) ==7817== by 0x4D63E6B: g_hash_table_remove_all_nodes (ghash.c:500) ==7817== by 0x4D64D3E: g_hash_table_remove_all (ghash.c:1347) ==7817== by 0x4D64DBF: g_hash_table_destroy (ghash.c:1051) ==7817== by 0x42286E1: theme_dir_destroy (gtkicontheme.c:2360) ==7817== by 0x4D71CD7: g_list_foreach (glist.c:949) ==7817== by 0x4D71D1B: g_list_free_full (glist.c:187) ==7817== by 0x4228693: theme_destroy (gtkicontheme.c:2346) ==7817== by 0x4D71CD7: g_list_foreach (glist.c:949) ==7817== by 0x4D71D1B: g_list_free_full (glist.c:187) ==7817== by 0x42282D8: blow_themes (gtkicontheme.c:843) ==7817== by 0x422B9A5: ensure_valid_themes (gtkicontheme.c:1402) ==7817== by 0x422BB71: gtk_icon_theme_has_icon (gtkicontheme.c:1970) ==7817== by 0x4150A73: gtk_action_group_add_actions_full (gtkactiongroup.c:1188) ==7817== by 0x4150BAA: gtk_action_group_add_actions (gtkactiongroup.c:1105) ==7817== by 0x80BBED9: nautilus_window_initialize_menus (nautilus-window-menus.c:695) ==7817== by 0x80C1D6C: nautilus_window_constructed (nautilus-window.c:1146) ==7817== by 0x4CEECDD: g_object_new_internal (gobject.c:1777) ==7817== by 0x4CF10BE: g_object_new_valist (gobject.c:1994) ==7817== by 0x4CF130F: g_object_new (gobject.c:1551) ==7817== by 0x80C28C7: nautilus_window_new (nautilus-window.c:2037) ==7817== by 0x806B2DF: nautilus_application_create_window (nautilus-application.c:527) ==7817== by 0x806B4A0: open_window (nautilus-application.c:634) ==7817== by 0x806B609: nautilus_application_open (nautilus-application.c:677) ==7817== by 0x55B948D: ffi_call_SYSV (in /usr/lib/i386-linux-gnu/libffi.so.6.0.1) ==7817== by 0x55B91EE: ffi_call (in /usr/lib/i386-linux-gnu/libffi.so.6.0.1) ==7817== by 0x4CEA5E0: g_cclosure_marshal_generic_va (gclosure.c:1550) ==7817== by 0x4CE83D6: g_type_class_meta_marshalv (gclosure.c:997) ==7817== by 0x4CE9C3D: _g_closure_invoke_va (gclosure.c:840) ==7817== by 0x4D0480C: g_signal_emit_valist (gsignal.c:3234) ==7817== by 0x4D05450: g_signal_emit_by_name (gsignal.c:3422) ==7817== by 0x4C075DA: g_application_impl_method_call (gapplicationimpl-dbus.c:205) ==7817== by 0x4C2D901: call_in_idle_cb (gdbusconnection.c:4806) ==7817== by 0x4D722CF: g_idle_dispatch (gmain.c:5209) ==7817== by 0x4D755CD: g_main_context_dispatch (gmain.c:3058) ==7817== by 0x4D75977: g_main_context_iterate.isra.21 (gmain.c:3705) ==7817== ==7817== Invalid read of size 4 ==7817== at 0x422E8B9: gtk_icon_info_get_attach_points (gtkicontheme.c:4610) ==7817== by 0x14944E6F: ??? ==7817== Address 0xb85d2f0 is 24 bytes inside a block of size 32 free'd ==7817== at 0x402AC38: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==7817== by 0x4D7B40F: g_free (gmem.c:197) ==7817== by 0x4D91EFA: g_slice_free1 (gslice.c:1124) ==7817== by 0x42287E9: icon_data_free (gtkicontheme.c:2971) ==7817== by 0x4D63E6B: g_hash_table_remove_all_nodes (ghash.c:500) ==7817== by 0x4D64D3E: g_hash_table_remove_all (ghash.c:1347) ==7817== by 0x4D64DBF: g_hash_table_destroy (ghash.c:1051) ==7817== by 0x42286E1: theme_dir_destroy (gtkicontheme.c:2360) ==7817== by 0x4D71CD7: g_list_foreach (glist.c:949) ==7817== by 0x4D71D1B: g_list_free_full (glist.c:187) ==7817== by 0x4228693: theme_destroy (gtkicontheme.c:2346) ==7817== by 0x4D71CD7: g_list_foreach (glist.c:949) ==7817== by 0x4D71D1B: g_list_free_full (glist.c:187) ==7817== by 0x42282D8: blow_themes (gtkicontheme.c:843) ==7817== by 0x422B9A5: ensure_valid_themes (gtkicontheme.c:1402) ==7817== by 0x422BB71: gtk_icon_theme_has_icon (gtkicontheme.c:1970) ==7817== by 0x4150A73: gtk_action_group_add_actions_full (gtkactiongroup.c:1188) ==7817== by 0x4150BAA: gtk_action_group_add_actions (gtkactiongroup.c:1105) ==7817== by 0x80BBED9: nautilus_window_initialize_menus (nautilus-window-menus.c:695) ==7817== by 0x80C1D6C: nautilus_window_constructed (nautilus-window.c:1146) ==7817== by 0x4CEECDD: g_object_new_internal (gobject.c:1777) ==7817== by 0x4CF10BE: g_object_new_valist (gobject.c:1994) ==7817== by 0x4CF130F: g_object_new (gobject.c:1551) ==7817== by 0x80C28C7: nautilus_window_new (nautilus-window.c:2037) ==7817== by 0x806B2DF: nautilus_application_create_window (nautilus-application.c:527) ==7817== by 0x806B4A0: open_window (nautilus-application.c:634) ==7817== by 0x806B609: nautilus_application_open (nautilus-application.c:677) ==7817== by 0x55B948D: ffi_call_SYSV (in /usr/lib/i386-linux-gnu/libffi.so.6.0.1) ==7817== by 0x55B91EE: ffi_call (in /usr/lib/i386-linux-gnu/libffi.so.6.0.1) ==7817== by 0x4CEA5E0: g_cclosure_marshal_generic_va (gclosure.c:1550) ==7817== by 0x4CE83D6: g_type_class_meta_marshalv (gclosure.c:997) ==7817== by 0x4CE9C3D: _g_closure_invoke_va (gclosure.c:840) ==7817== by 0x4D0480C: g_signal_emit_valist (gsignal.c:3234) ==7817== by 0x4D05450: g_signal_emit_by_name (gsignal.c:3422) ==7817== by 0x4C075DA: g_application_impl_method_call (gapplicationimpl-dbus.c:205) ==7817== by 0x4C2D901: call_in_idle_cb (gdbusconnection.c:4806) ==7817== by 0x4D722CF: g_idle_dispatch (gmain.c:5209) ==7817== by 0x4D755CD: g_main_context_dispatch (gmain.c:3058) ==7817== by 0x4D75977: g_main_context_iterate.isra.21 (gmain.c:3705) The issue didn't seem to happen with gtk 3.6 and is still there with nautilus 3.8 [1] as well, which seems to indicate that's a gtk issue [1] https://retrace.fedoraproject.org/faf/problems/935024/
Created attachment 247234 [details] [review] IconCache: Keep a ref on the GtkIconData The icon data in GttkIconInfo->data is currently owned by the IconThemeDir->icon_data hashtable. However, on e.g. a theme change blow_themes() destroys the dirs and thus the data, meaning any outstanding GtkIconInfo points to stale data. We solve this by adding a refcount to GtkIconData and reffing it from GtkIconInfo.
Created attachment 247235 [details] [review] IconTheme: Clear caches when reloading theme When we're reloading the theme in ensure_valid_themes (due to noticing that a theme dir has changed) we need to also clear the icon cache as it will not be valid for the new theme. We already do this in do_theme_change(), but ensure_valid_themes() was missing this.
Attachment 247234 [details] pushed as 280d606 - IconCache: Keep a ref on the GtkIconData Attachment 247235 [details] pushed as 1ee3671 - IconTheme: Clear caches when reloading theme