After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 773860 - Invalid free() / delete / delete[] / realloc() when editing title of a task in "Unscheduled" view
Invalid free() / delete / delete[] / realloc() when editing title of a task i...
Status: RESOLVED FIXED
Product: gnome-todo
Classification: Other
Component: General
3.22.x
Other Linux
: Normal normal
: ---
Assigned To: GNOME To Do maintainer(s)
GNOME To Do maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2016-11-02 18:55 UTC by Christian Stadelmann
Modified: 2017-02-07 16:44 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
full backtrace by gdb from gnome-todo running inside valgrind (31.05 KB, text/plain)
2016-11-02 18:55 UTC, Christian Stadelmann 		  Details
gtd-panel-today: fix crash due g_list_free on NULL (886 bytes, patch)
2016-11-02 20:19 UTC, Victor Toso 		committed Details | Review

Description Christian Stadelmann 2016-11-02 18:55:15 UTC 
Created attachment 338989 [details]
full backtrace by gdb from gnome-todo running inside valgrind

Steps to reproduce:
1. start gnome-todo from valgrind:
$ valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --vgdb-error=0 /usr/bin/gnome-todo

2. attach gdb to valgrind as told by valgrind:
(gdb) target remote | vgdb

3. continue gdb:
(gdb) continue

4. in gnome-todo, switch to "Unscheduled" view
5. edit any task title

What happens:
Valgrind:
==3887== Invalid free() / delete / delete[] / realloc()
==3887==    at 0x4C2ED4A: free (vg_replace_malloc.c:530)
==3887==    by 0x9A726BD: g_free (gmem.c:189)
==3887==    by 0x9A8B733: g_slice_free_chain_with_offset (gslice.c:1232)
==3887==    by 0x136E98: gtd_panel_today_count_tasks (gtd-panel-today.c:91)
==3887==    by 0x97E03E4: g_closure_invoke (gclosure.c:804)
==3887==    by 0x97F2431: signal_emit_unlocked_R (gsignal.c:3635)
==3887==    by 0x97FB05E: g_signal_emit_valist (gsignal.c:3391)
==3887==    by 0x97FB43E: g_signal_emit (gsignal.c:3447)
==3887==    by 0x97E03E4: g_closure_invoke (gclosure.c:804)
==3887==    by 0x97F2431: signal_emit_unlocked_R (gsignal.c:3635)
==3887==    by 0x97FB05E: g_signal_emit_valist (gsignal.c:3391)
==3887==    by 0x97FB43E: g_signal_emit (gsignal.c:3447)
==3887==  Address 0x2a8ad010 is 496 bytes inside a block of size 848 alloc'd
==3887==    at 0x4C2DB9D: malloc (vg_replace_malloc.c:299)
==3887==    by 0x9A725A8: g_malloc (gmem.c:94)
==3887==    by 0x9A8AB02: g_slice_alloc (gslice.c:1025)
==3887==    by 0x9A8B12D: g_slice_alloc0 (gslice.c:1051)
==3887==    by 0x9803839: g_type_create_instance (gtype.c:1839)
==3887==    by 0x97E569A: g_object_new_internal (gobject.c:1783)
==3887==    by 0x97E70AC: g_object_newv (gobject.c:1930)
==3887==    by 0x6145BC9: _gtk_builder_construct (gtkbuilder.c:717)
==3887==    by 0x6147224: builder_construct.isra.5 (gtkbuilderparser.c:139)
==3887==    by 0x6147C60: parse_child (gtkbuilderparser.c:522)
==3887==    by 0x6147C60: start_element (gtkbuilderparser.c:970)
==3887==    by 0x9A70412: emit_start_element (gmarkup.c:1042)
==3887==    by 0x9A714FA: g_markup_parse_context_parse (gmarkup.c:1389)

Gdb:
(gdb) bt

+ Trace 236811

  • #0 _vgr10050ZU_VgSoSynsomalloc_free
    at m_replacemalloc/vg_replace_malloc.c line 530
  • #1 g_free
    at gmem.c line 189
  • #2 g_slice_free_chain_with_offset
    at gslice.c line 1232
  • #3 g_list_free
    at glist.c line 182
  • #4 gtd_panel_today_count_tasks
    at gtd-panel-today.c line 91
  • #8 <emit signal ??? on instance 0x2a6f3bd0 [GtdManager]>
    at gsignal.c line 3447
  • #12 <emit signal ??? on instance 0x2abd8fa0 [GtdTaskListEds]>
    at gsignal.c line 3447
  • #16 <emit signal notify:title on instance 0x2f4aaa70 [GtdTask]>
    at gsignal.c line 3447
  • #17 g_object_dispatch_properties_changed
    at gobject.c line 1064
  • #18 g_object_notify_queue_thaw
    at gobject.c line 296
  • #19 g_object_set_property
    at gobject.c line 2374
  • #20 on_target_notify
    at gbinding.c line 362
  • #24 <emit signal notify:text on instance 0x2943c350 [GtkEntry]>
    at gsignal.c line 3447
  • #25 g_object_dispatch_properties_changed
    at gobject.c line 1064
  • #26 g_object_notify_queue_thaw
    at gobject.c line 296
  • #27 g_object_thaw_notify
    at gobject.c line 1301
  • #28 end_change
    at gtkentry.c line 2856
  • #32 <emit signal 0x63eb97a "delete-text" on instance 0x2943c350 [GtkEntry]>
    at gsignal.c line 3487
  • #33 gtk_entry_delete_text
    at gtkentry.c line 5092
  • #34 gtk_entry_cut_clipboard
    at gtkentry.c line 5834 

A full backtrace is attached.

Affected version:
gtk3-3.22.2-1.fc25.x86_64
glib2-2.50.1-1.fc25.x86_64
gnome-todo-3.22.0-1.fc25.x86_64
Comment 1 Victor Toso 2016-11-02 20:13:32 UTC 
A few extra steps were necessary to me

(In reply to Christian Stadelmann from comment #0)
> 4. in gnome-todo, switch to "Unscheduled" view
> 5. edit any task title

6. mark a task for today
7. go to the today pane and edit the task
8. close gnome-todo

patch fixing this issue to be attached in a few ;)
Comment 2 Victor Toso 2016-11-02 20:19:10 UTC 
Created attachment 338993 [details] [review]
gtd-panel-today: fix crash due g_list_free on NULL
Comment 3 Georges Basile Stavracas Neto 2016-11-03 15:44:53 UTC 
Review of attachment 338993 [details] [review]:

LGTM
Comment 4 Victor Toso 2016-11-03 15:58:59 UTC 
Attachment 338993 [details] pushed as f14b056 - gtd-panel-today: fix crash due g_list_free on NULL