[Evolution-hackers] camel_store_delete_folder() - possible segv errors...
- From: Jules Colding <colding omesc com>
- To: Evolution Hackers <evolution-hackers gnome org>
- Subject: [Evolution-hackers] camel_store_delete_folder() - possible segv errors...
- Date: Thu, 16 Feb 2006 14:55:55 +0100
Hi,
I am seeing up-source Camel code accessing and using memory previously
freed. The scenario is:
1) My provider implementation of delete_folder() is invoked.
2) The code goes something like this:
brutus_delete_folder(CamelStore *store,
const char *folder_name,
CamelException *ex))
{
CamelFolderInfo *fi = folder_info_for_folder_to_be_deleted(folder_name);
// the folder is deleted on the remote server
// an event is sent
camel_object_trigger_event(store, "folder_deleted", fi);
// the memory associated with fi and all sub-folders are freed
brutus_delete_branch(fi);
}
3) I am then seeing up-source Camel code accessing the "fi->full_name"
CamelFolderInfo member as well as "fi" itself. This happens regardless
of whether an event has been sent or not.
These memory locations has previously been freed by my call to
brutus_delete_branch() thus making Valgrind report a lot of illegal
reads of size 1 and 8. The appended (and commented) Valgrind output is
typical of the situation.
The above observations leads me to believe that something in Evolution
or e-d-s is using a cached reference to "fi", which naturally is being
invalidated when a folder is deleted.
Any suggestions on how to fix this?
Thanks a lot in advance,
jules
PS: e-d-s and Evolution are both from the gnome-2-12 CVS branch as of
today
################# Valgrind output #################
==14802==
==14802== Invalid read of size 1
==14802== at 0xAAF45C0: g_str_hash (in /usr/lib64/libglib-2.0.so.0.800.5)
==14802== by 0xAACFDC4: g_hash_table_lookup (in /usr/lib64/libglib-2.0.so.0.800.5)
==14802== by 0x578155A: camel_object_bag_get (camel-object.c:2104)
==14802== by 0xCEB33DA: cs_delete_cached_folder (camel-store.c:356)
==14802== by 0xCEB3584: camel_store_delete_folder (camel-store.c:414)
==14802== by 0xDA7461F: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xDA747DE: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA78F043: (within /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790306: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790672: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== Address 0x1152FAC0 is 0 bytes inside a block of size 61 free'd
==14802== at 0x4A19823: free (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==14802== by 0xF291282: brutus_folder_info_free (camel-brutus-store.c:199) // <== this is where I am doing "g_free(fi->full_name)"
==14802== by 0xF291374: brutus_delete_branch (camel-brutus-store.c:245)
==14802== by 0xF298FED: brutus_delete_folder (camel-brutus-store.c:2269)
==14802== by 0xCEB356A: camel_store_delete_folder (camel-store.c:411)
==14802== by 0xDA7461F: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xDA747DE: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA78F043: (within /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790306: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790672: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802==
==14802== Invalid read of size 1
==14802== at 0xAAF45E0: g_str_hash (in /usr/lib64/libglib-2.0.so.0.800.5)
==14802== by 0xAACFDC4: g_hash_table_lookup (in /usr/lib64/libglib-2.0.so.0.800.5)
==14802== by 0x578155A: camel_object_bag_get (camel-object.c:2104)
==14802== by 0xCEB33DA: cs_delete_cached_folder (camel-store.c:356)
==14802== by 0xCEB3584: camel_store_delete_folder (camel-store.c:414)
==14802== by 0xDA7461F: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xDA747DE: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA78F043: (within /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790306: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790672: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== Address 0x1152FAC1 is 1 bytes inside a block of size 61 free'd
==14802== at 0x4A19823: free (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==14802== by 0xF291282: brutus_folder_info_free (camel-brutus-store.c:199) // <== this is where I am doing "g_free(fi->full_name)"
==14802== by 0xF291374: brutus_delete_branch (camel-brutus-store.c:245)
==14802== by 0xF298FED: brutus_delete_folder (camel-brutus-store.c:2269)
==14802== by 0xCEB356A: camel_store_delete_folder (camel-store.c:411)
==14802== by 0xDA7461F: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xDA747DE: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA78F043: (within /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790306: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790672: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802==
==14802== Invalid read of size 1
==14802== at 0x4A1AE23: strcmp (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==14802== by 0xAAF45A8: g_str_equal (in /usr/lib64/libglib-2.0.so.0.800.5)
==14802== by 0xAACFE0D: g_hash_table_lookup (in /usr/lib64/libglib-2.0.so.0.800.5)
==14802== by 0x578155A: camel_object_bag_get (camel-object.c:2104)
==14802== by 0xCEB33DA: cs_delete_cached_folder (camel-store.c:356)
==14802== by 0xCEB3584: camel_store_delete_folder (camel-store.c:414)
==14802== by 0xDA7461F: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xDA747DE: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA78F043: (within /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790306: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790672: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== Address 0x1152FAC0 is 0 bytes inside a block of size 61 free'd
==14802== at 0x4A19823: free (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==14802== by 0xF291282: brutus_folder_info_free (camel-brutus-store.c:199) // <== this is where I am doing "g_free(fi->full_name)"
==14802== by 0xF291374: brutus_delete_branch (camel-brutus-store.c:245)
==14802== by 0xF298FED: brutus_delete_folder (camel-brutus-store.c:2269)
==14802== by 0xCEB356A: camel_store_delete_folder (camel-store.c:411)
==14802== by 0xDA7461F: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xDA747DE: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA78F043: (within /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790306: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790672: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802==
==14802== Invalid read of size 8
==14802== at 0xDA74630: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xDA747DE: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA78F043: (within /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790306: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790672: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA78F043: (within /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790306: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790672: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0x8D4A4C7: (within /usr/lib64/libgtk-x11-2.0.so.0.800.8)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== Address 0x1152FA18 is 0 bytes inside a block of size 64 free'd
==14802== at 0x4A19823: free (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==14802== by 0xF2912A4: brutus_folder_info_free (camel-brutus-store.c:202) // <== this is where I am doing "g_free(fi)"
==14802== by 0xF291374: brutus_delete_branch (camel-brutus-store.c:245)
==14802== by 0xF298FED: brutus_delete_folder (camel-brutus-store.c:2269)
==14802== by 0xCEB356A: camel_store_delete_folder (camel-store.c:411)
==14802== by 0xDA7461F: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xDA747DE: (within /usr/lib64/evolution/2.4/components/libevolution-mail.so)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA78F043: (within /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790306: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA790672: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802== by 0xA77BAB8: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.800.5)
==14802==
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
