Re: [Evolution-hackers] [patch] segfault in gal_a11y_e_cell_popup_new
- From: Milan Crha <mcrha redhat com>
- To: evolution-hackers gnome org
- Subject: Re: [Evolution-hackers] [patch] segfault in gal_a11y_e_cell_popup_new
- Date: Tue, 01 Nov 2011 07:04:07 +0100
On Mon, 2011-10-31 at 21:22 +0100, Thomas Mittelstaedt wrote:
> Just had a segfault in gal_a11y_e_cell_popup_new. Turned out that
> the cast
> popupcell= E_CELL_POPUP (cell_view->ecell);
>
> would turn up a broken pointer, crashing afterward.
Hi,
it depends on the brokenness kind, if either the cell_view is already
freed, or the cell_view->ecell is pointing to already freed memory. In
both cases you are trying to access maybe-overwritten memory and read
from it, which can do pretty much anything.
> I inserted the following on my side:
>
> ECellPopup *popupcell = NULL;
> ECellView* child_view = NULL;
>
> if (E_IS_CELL_POPUP(cell_view->ecell)) {
> popupcell = E_CELL_POPUP(cell_view->ecell);
> }
That it didn't crash for you is probably just a coincidence, that the
memory (allocated on GSlice) wasn't overwritten yet. You can check with
valgrind, using command like this:
$ G_SLICE=always-malloc valgrind --num-callers=50 evolution &>log.txt
I suppose yours "Just had a segfault" also means that you do not face it
every day, it just happened today, thus you do not have a reproducer for
this?
Bye,
Milan
[Date Prev][
Date Next] [Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
