GNU bug report logs - #41239
GTK builds crashing in XTread_socket after deleting a frame

Previous Next

Full log

Message #34 received at 41239 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Noam Postavsky <npostavs <at> gmail.com>
Cc: rudalics <at> gmx.at, 41239 <at> debbugs.gnu.org
Subject: Re: bug#41239: GTK builds crashing in XTread_socket after deleting
 a frame
Date: Wed, 20 May 2020 19:07:50 +0300

> From: Noam Postavsky <npostavs <at> gmail.com>
> Cc: martin rudalics <rudalics <at> gmx.at>,  41239 <at> debbugs.gnu.org
> Date: Tue, 19 May 2020 21:50:35 -0400
> 
> > Once again, all the crashes are inside memory-allocation functions,
> > which suggests some kind of memory corruption.  Did someone try to run
> > this scenario under valgrind?
> 
> I've tried it now, log attached (minus what I believe are some false
> positives that printed during startup).  This is against latest master

Thanks.  This seems to say that we cause some memory allocation in
functions called by xg_prepare_tooltip, but the allocated memory
region is not large enough, and that causes invalid reads beyond end
of allocated region when we call xg_free_frame_widgets (as side effect
of deleting the tooltip frame, I suppose).

Can someone spot where we pass some wrong parameters to GTK/GIO
functions in xg_prepare_tooltip?  Or something we do wrong in
xg_free_frame_widgets?  Failing that, I guess we will need to step
through the GTK functions mentioned by valgrind and see what's going
on there.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.