the hue of death: setting color property crashes application

[gregory benison]

In the latest guile-gnome, setting a "color" property can cause a crash:

G_SLICE=debug-blocks guile-gnome-2
> (use-modules (oop goops)(gnome gtk))
> (set (make <gtk-color-button>) 'color "red")
GSlice: MemChecker: attempt to release non-allocated block: 0x81a50a8 size=12
Aborted

Without 'debug-blocks', the crash is delayed, but will happen
eventually because the heap is corrupted.

The cause is a GdkColor* being allocated with g_new0(), but freed with
g_slice_free1() rather than g_free():

- scm_scm_to_gdk_color() allocates a GdkColor* using g_new0().
- The new GdkColor* is packaged into a GValue*
- g_object_set_property() is called
- scm_set_gobject_property calls g_value_unset() on the GValue*
- g_value_unset() calls gdk_color_free() which calls g_slice_free1()

gdk_color_free() switched from using g_free() to g_slice_free1() with gtk+-2.10.

Changing scm_scm_to_gdk_color() to use g_slice_new0() makes the bug go
away, but I don't like that solution because it sets things up for
another bug if future versions of GDK switch to use g_frobnitz_free()
or whatever.

It would be better to use a gdk_color_new() function, but
unfortunately there is none in GDK.  One can easily be made, though,
from gdk_color_copy().  The attached patch does that (and fixes the
crash).

A similar issue may affect scm_scm_to_gdk_rectangle().

-- 

======================
Gregory Benison
Oregon State University
gbenison at gmail dot com
======================

gdk_color.patch
Description: Text Data