Bug 764985 – rusage tracer: crash when freeing memory

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 764985 - rusage tracer: crash when freeing memory


Summary:	rusage tracer: crash when freeing memory


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gstreamer (core)
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	1.8.4
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Duplicates:	772845 (view as bug list)
Depends on:
Blocks:

Reported:	2016-04-13 09:37 UTC by Guillaume Desmottes
Modified:	2016-10-17 20:18 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
rusage: properly free the queue memory (955 bytes, patch) 2016-04-13 09:39 UTC, Guillaume Desmottes	committed	Details \| Review

Description Guillaume Desmottes 2016-04-13 09:37:54 UTC

==25091== Invalid free() / delete / delete[] / realloc()
==25091==    at 0x4C29D6A: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==25091==    by 0x590E79E: g_free (gmem.c:192)
==25091==    by 0x592644C: g_slice_free1 (gslice.c:1112)
==25091==    by 0xEC1B50C: free_trace_values (gstrusage.c:89)
==25091==    by 0xEC1B50C: free_thread_stats (gstrusage.c:149)
==25091==    by 0x58F7079: g_hash_table_remove_all_nodes.part.0 (ghash.c:548)
==25091==    by 0x58F7FC2: g_hash_table_remove_all_nodes (ghash.c:1425)
==25091==    by 0x58F7FC2: g_hash_table_remove_all (ghash.c:1428)
==25091==    by 0x58F7FFD: g_hash_table_destroy (ghash.c:1122)
==25091==    by 0xEC1C1F7: gst_rusage_tracer_finalize (gstrusage.c:266)
==25091==    by 0x547DADE: g_object_unref (gobject.c:3174)
==25091==    by 0x4ED9D33: _priv_gst_tracing_deinit (gsttracerutils.c:150)
==25091==    by 0x4E619B4: gst_deinit (gst.c:967)
==25091==    by 0x4037F8: main (gst-launch.c:1229)

Comment 1 Guillaume Desmottes 2016-04-13 09:39:13 UTC

Created attachment 325850 [details] [review]
rusage: properly free the queue memory

The queue is allocated on the stack so we should not use g_queue_free()
to clear it.

Comment 2 Sebastian Dröge (slomo) 2016-04-13 09:41:19 UTC

Attachment 325850 [details] pushed as e0757e1 - rusage: properly free the queue memory

Comment 3 Sebastian Dröge (slomo) 2016-04-13 09:42:35 UTC

Review of attachment 325850 [details] [review]:

::: plugins/tracers/gstrusage.c
@@ +87,3 @@
 {
+  g_queue_foreach (&self->values, (GFunc) free_trace_value, NULL);
+  g_queue_clear (&self->values);

It's more efficient to do

while ((item = g_queue_pop_head (&self->values)))
  free_tracer_value (item);

btw. Your solution iterates the queue twice but that shouldn't matter too much here.

Comment 4 Sebastian Dröge (slomo) 2016-10-17 09:18:29 UTC

*** Bug 772845 has been marked as a duplicate of this bug. ***

Comment 5 Tim-Philipp Müller 2016-10-17 20:18:56 UTC

Cherry-picked into 1.8 branch.