GNOME Bugzilla – Bug 770078
Invalid free (memory corruption) in OptionGroup caused by wrong command line arguments
Last modified: 2016-09-13 07:10:07 UTC
Created attachment 333549 [details] failed program Compile attached program and run under valgrind using arguments "-t x -txxx x". valgrind ./a.out -t x -txxx x Memcheck, a memory error detector Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info Command: ./a.out -t x -t1 x Invalid free() / delete / delete[] / realloc() at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4E7ED18: Glib::OptionGroup::CppOptionEntry::release_c_arg() (optiongroup.cc:684) by 0x4E7ED50: Glib::OptionGroup::release_gobject() (optiongroup.cc:332) by 0x4E7EEA6: Glib::OptionGroup::~OptionGroup() (optiongroup.cc:344) by 0x40137C: MyOptionGroup::~MyOptionGroup() (in /home/andrey/tmp/test/a.out) by 0x401132: main (in /home/andrey/tmp/test/a.out) Address 0x6e80710 is 0 bytes inside a block of size 5 free'd at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x60417EF: parse_arg.isra.11 (goption.c:1284) by 0x6042043: parse_short_option (goption.c:1558) by 0x6043528: g_option_context_parse (goption.c:2066) by 0x4E7DD9A: Glib::OptionContext::parse(int&, char**&) (optioncontext.cc:212) by 0x401126: main (in /home/andrey/tmp/test/a.out) Reproducible with git-master of glib and glibmm as of 18-August-2016. The bug was initially found under OpenWrt with musl libc where it causes segfault.
This is a bug in glib. It was reported more than 5 years ago! See bug 646926.
Bug 646926 has been fixed, fixing this bug too.