GNOME Bugzilla – Bug 781431
heap-use-after free under update_current_date() at src/gcal-window.c:474
Last modified: 2017-04-18 12:57:51 UTC
This is git master at commit 3be142a. I started in Year view, then switched to the Week view, then closed the window. It resulted in 2 critical warnings on console: > (gnome-calendar:16270): Gtk-CRITICAL **: gtk_widget_get_realized: assertion > 'GTK_IS_WIDGET (widget)' failed (the first came from update_grid_scroll_position (self=0x6250000713d0) at views/gcal-week-view.c:116) followed by this abort with address sanitizer: ==16270==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190007ed520 at pc 0x0000004c3768 bp 0x7fffffffd5c0 sp 0x7fffffffd5b0 READ of size 8 at 0x6190007ed520 thread T0 #0 0x4c3767 in update_current_date .../gnome-calendar/src/gcal-window.c:474 #1 0x7ffff27c7c19 in g_timeout_dispatch .../glib-2.50.2/glib/gmain.c:4674 #2 0x7ffff27c0abc in g_main_dispatch .../glib-2.50.2/glib/gmain.c:3203 #3 0x7ffff27c4f4c in g_main_context_dispatch .../glib-2.50.2/glib/gmain.c:3856 #4 0x7ffff27c5522 in g_main_context_iterate .../glib-2.50.2/glib/gmain.c:3929 #5 0x7ffff27c565a in g_main_context_iteration .../glib-2.50.2/glib/gmain.c:3990 #6 0x7ffff371d473 in g_application_run .../glib-2.50.2/gio/gapplication.c:2405 #7 0x433d7d in main .../gnome-calendar/src/main.c:44 #8 0x7ffff0eb2400 in __libc_start_main (/lib64/libc.so.6+0x20400) #9 0x419849 in _start (/build/test-any/bin/gnome-calendar+0x419849) 0x6190007ed520 is located 928 bytes inside of 1072-byte region [0x6190007ed180,0x6190007ed5b0) freed by thread T0 here: #0 0x7ffff6efbb00 in free (/usr/lib64/libasan.so.3+0xc6b00) #1 0x7ffff27db47c in g_free .../glib-2.50.2/glib/gmem.c:189 #2 0x7ffff2826eff in g_slice_free1 .../glib-2.50.2/glib/gslice.c:1136 #3 0x7ffff2ecc94f in g_type_free_instance .../glib-2.50.2/gobject/gtype.c:1943 #4 0x7ffff2e90841 in g_object_unref .../glib-2.50.2/gobject/gobject.c:3215 #5 0x7ffff5b35ec9 in gtk_main_do_event (/lib64/libgtk-3.so.0+0x22aec9) previously allocated by thread T0 here: #0 0x7ffff6efbe60 in malloc (/usr/lib64/libasan.so.3+0xc6e60) #1 0x7ffff27db313 in g_malloc .../glib-2.50.2/glib/gmem.c:94 #2 0x7ffff2826c0c in g_slice_alloc .../glib-2.50.2/glib/gslice.c:1025 #3 0x7ffff2826c4c in g_slice_alloc0 .../glib-2.50.2/glib/gslice.c:1051 #4 0x7ffff2ecb3ac in g_type_create_instance .../glib-2.50.2/gobject/gtype.c:1848 #5 0x7ffff2e87dc3 in g_object_new_internal .../glib-2.50.2/gobject/gobject.c:1783 #6 0x7ffff2e89c6c in g_object_new_valist .../glib-2.50.2/gobject/gobject.c:2042 #7 0x7ffff2e873d3 in g_object_new .../glib-2.50.2/gobject/gobject.c:1626 #8 0x4caeae in gcal_window_new_with_view_and_date .../gnome-calendar/src/gcal-window.c:1641 #9 0x4739e0 in gcal_application_activate .../gnome-calendar/src/gcal-application.c:214 #10 0x7ffff2e77f8e in g_cclosure_marshal_VOID__VOID .../glib-2.50.2/gobject/gmarshal.c:875 #11 0x7ffff2e70c76 in g_type_class_meta_marshal .../glib-2.50.2/gobject/gclosure.c:997 #12 0x7ffff2e6fb48 in g_closure_invoke .../glib-2.50.2/gobject/gclosure.c:804 #13 0x7ffff2ebc9b4 in signal_emit_unlocked_R .../glib-2.50.2/gobject/gsignal.c:3673 #14 0x7ffff2eba41b in g_signal_emit_valist .../glib-2.50.2/gobject/gsignal.c:3391 #15 0x7ffff2ebb217 in g_signal_emit .../glib-2.50.2/gobject/gsignal.c:3447 #16 0x7ffff371be83 in g_application_activate .../glib-2.50.2/gio/gapplication.c:2148 #17 0x474756 in gcal_application_command_line .../gnome-calendar/src/gcal-application.c:321 #18 0x7fffe6623c57 in ffi_call_unix64 (/lib64/libffi.so.6+0x5c57) #19 0x7fffffffcf2f (<unknown module>)
Created attachment 349997 [details] [review] window: attach update date timeout to window So we can properly remove the timeout source whenever the window is finalized.
Thanks for the report. Attachment 349997 [details] pushed as 141f8d8 - window: attach update date timeout to window