gcmd-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gcmd-dev] Nasty memory bug


From: A. Gordon
Subject: [gcmd-dev] Nasty memory bug
Date: Mon, 20 Mar 2006 00:18:26 +0200
User-agent: Thunderbird 1.5 (X11/20051201)

Hello,

While exploring the samba network related bugs (162399, 132949, 150029), I came across this nasty one:

at function "gnome_cmd_dir_indicator_set_dir" ("gnome-cmd-dir-indicator.c", line 613), Two member variables (slashCharPosition, slashPixelPosition) are always free'd, but only malloc'd if numSlashes>0.
when they are free'd they aren't NULL'd...
If there are no slashes in the path (which happen if you're browsing SMB), numSlashes becomes zero, and a second call to the same function would free an unallocated memory (this itself does not crash gcmd - the crash happens later on, usually when glib detects a double-link list corruption).

I believe most crashes that happen while browsing SMB are related to this nastiness, but I'm still exploring SMB browsing, so I'm not marking the bugs as fixed just yet.

The file "dir_indicator_free_bug.patch" fixes this bug.
The file "malloc_free_replace.patch" goes further and replaces every malloc/free with g_malloc/g_free.

Big thanks to Pavel who suggested using (the very long due) valgrind.


Assaf.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]