[gtkmm] [PATCH] Invalid memory write in gtkmm-2.2.10

From: Andris Pavenis <pavenis latnet lv>
To: gtkmm-list <gtkmm-list gnome org>
Subject: [gtkmm] [PATCH] Invalid memory write in gtkmm-2.2.10
Date: Fri, 26 Mar 2004 19:02:57 +0200

Found using Valgrind an attempt to write to freed memery area in my application
which uses gtkmm-2.2.10 (I removed parts of Valgrind output, which are not related
to this problem). It looks very similar as similar fixes for current CVS version of glibmm.

==23438== Invalid write of size 4
==23438==    at 0x3C5E51E8: (anonymous namespace)::SourceConnectionNode::notify(bool) (in /usr/lib/libglibmm-2.0.so.1.5.9)
==23438==    by 0x3C607999: SigC::SlotNode::notify(bool) (slot.cc:74)
==23438==    by 0x3C608982: SigC::ObjectSlotNode::notify(bool) (object_slot.cc:24)
==23438==    by 0x3C608E03: SigC::Control_::destroy() (object.cc:70)
==23438==    by 0x3C609068: SigC::ObjectBase::~ObjectBase() (object.cc:116)
....

It was freed directly before atempt to store there data 

==23438==  Address 0x3CE218E4 is 24 bytes inside a block of size 28 free'd
==23438==    at 0x3C01D9B5: operator delete(void*) (vg_replace_malloc.c:129)
==23438==    by 0x3C5E7B74: (anonymous namespace)::SourceConnectionNode::~SourceConnectionNode() (in /usr/lib/libglibmm-2.0.so.1.5.9)
==23438==    by 0x3C5E5241: (anonymous namespace)::SourceConnectionNode::destroy_notify_callback(void*) (in /usr/lib/libglibmm-2.0.so.1.5.9)
==23438==    by 0x3C787F07: g_source_callback_unref (gmain.c:1189)
==23438==    by 0x3C7876D0: g_source_destroy_internal (gmain.c:974)
==23438==    by 0x3C787823: g_source_destroy (gmain.c:1010)
==23438==    by 0x3C5E51E7: (anonymous namespace)::SourceConnectionNode::notify(bool) (in /usr/lib/libglibmm-2.0.so.1.5.9)
==23438==    by 0x3C607999: SigC::SlotNode::notify(bool) (slot.cc:74)
==23438==    by 0x3C608982: SigC::ObjectSlotNode::notify(bool) (object_slot.cc:24)
==23438==    by 0x3C608E03: SigC::Control_::destroy() (object.cc:70)
==23438==    by 0x3C609068: SigC::ObjectBase::~ObjectBase() (object.cc:116)
...

Rebuild gtkmm-2.2.10 after following small patch:
--- gtkmm-2.2.10/glib/glibmm/main.cc~1	2002-10-27 16:31:32.000000000 +0200
+++ gtkmm-2.2.10/glib/glibmm/main.cc	2004-03-26 13:48:37.000000000 +0200
@@ -61,8 +61,9 @@ void SourceConnectionNode::notify(bool f
 
   if(source_)
   {
-    g_source_destroy(source_);
+    GSource* tmp_ = source_;
     source_ = 0;
+    g_source_destroy(tmp_);
   }
 }
 

That fixed the problem. 

Andris

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]