Summary: | Double-free in account preferences | ||||||
---|---|---|---|---|---|---|---|
Product: | Claws Mail (GTK 2) | Reporter: | Michael Schwendt <mschwendt> | ||||
Component: | UI | Assignee: | users | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | ||||||
Priority: | P3 | ||||||
Version: | 3.9.2 | ||||||
Hardware: | PC | ||||||
OS: | Linux | ||||||
Attachments: |
|
Description
Michael Schwendt
2013-07-08 12:52:05 UTC
Created attachment 1282 [details]
gdb.txt (2 traces)
true, happends without any plugins loaded.
prefswindow.c:177:prefs window closed
prefs_account.c:3699:called inc_unlock (lock count 1)
prefs_account.c:3675:Opening account preferences window...
prefs_account.c:3677:called inc_lock (lock count 2)
==3639== Invalid free() / delete / delete[] / realloc()
==3639== at 0x402A24C: free (vg_replace_malloc.c:446)
==3639== by 0x4B8356A: standard_free (gmem.c:98)
==3639== by 0x4B836DF: g_free (gmem.c:252)
==3639== by 0x815A8D1: prefs_set_default (prefs_gtk.c:433)
==3639== by 0x813D3AD: prefs_account_new (prefs_account.c:3440)
==3639== by 0x813DEC4: prefs_account_open (prefs_account.c:3682)
==3639== by 0x8082D79: account_add (account.c:413)
==3639== by 0x4AF4A36: g_cclosure_marshal_VOID__VOIDv (gmarshal.c:115)
==3639== by 0x4AF2F00: _g_closure_invoke_va (gclosure.c:840)
==3639== by 0x4B0C6FD: g_signal_emit_valist (gsignal.c:3234)
==3639== by 0x4B0D2B2: g_signal_emit (gsignal.c:3384)
==3639== by 0x410FD49: gtk_button_clicked (gtkbutton.c:1128)
==3639== Address 0x1053c758 is 0 bytes inside a block of size 1 free'd
==3639== at 0x402A24C: free (vg_replace_malloc.c:446)
==3639== by 0x4B8356A: standard_free (gmem.c:98)
==3639== by 0x4B836DF: g_free (gmem.c:252)
==3639== by 0x815B069: prefs_free (prefs_gtk.c:531)
==3639== by 0x813DBC2: prefs_account_free (prefs_account.c:3607)
==3639== by 0x813DF05: prefs_account_open (prefs_account.c:3704)
==3639== by 0x8082D79: account_add (account.c:413)
==3639== by 0x4AF49CE: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
==3639== by 0x4AF2C55: g_closure_invoke (gclosure.c:777)
==3639== by 0x4B04ED6: signal_emit_unlocked_R (gsignal.c:3584)
==3639== by 0x4B0D0DA: g_signal_emit_valist (gsignal.c:3328)
==3639== by 0x4B0D2B2: g_signal_emit (gsignal.c:3384)
Also all dictionaries are loaded twice
gtkaspell.c:1590:Aspell: found dictionary de de
gtkaspell.c:1590:Aspell: found dictionary de_AT de_AT
gtkaspell.c:1590:Aspell: found dictionary de_CH de_CH
gtkaspell.c:1590:Aspell: found dictionary de_DE de_DE
gtkaspell.c:1590:Aspell: found dictionary en_US en_US
gtkaspell.c:1590:Aspell: found dictionary de de
gtkaspell.c:1590:Aspell: found dictionary de_AT de_AT
gtkaspell.c:1590:Aspell: found dictionary de_CH de_CH
gtkaspell.c:1590:Aspell: found dictionary de_DE de_DE
gtkaspell.c:1590:Aspell: found dictionary en_US en_US
Changes related to this bug have been committed. Please check latest Git and update the bug accordingly. You can also get the patch from: http://git.claws-mail.org/ http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=306bf2ef35f2d074d786a85bcf5454cfc5f4b2e1 Author: Paul <paul@claws-mail.org> Date: Mon Jul 8 17:05:09 2013 +0100 fix bug 2957, 'Double-free in account preferences' @kardan: please try to keep these bug reports succinct and to the point. Everything necessary to reproduce the bug was given by Michael. There was no need to add an attachment or any further comments, it was easily reproducible. It was nothing to do with plugins, and the dictionaries are loaded twice because there are 2 options where a dictionary is selected. thanks for the hint. If I add too much information, this is because I do not know, if this important information. Like this valgrind trace after applying the patch. 1. create new account 2. cancel 3. new prefswindow.c:711:0,000000 prefswindow.c:177:prefs window closed prefs_account.c:3699:called inc_unlock (lock count 1) prefs_account.c:3675:Opening account preferences window... prefs_account.c:3677:called inc_lock (lock count 2) ==26498== Invalid free() / delete / delete[] / realloc() ==26498== at 0x402A24C: free (vg_replace_malloc.c:446) ==26498== by 0x4C1A56A: standard_free (gmem.c:98) ==26498== by 0x4C1A6DF: g_free (gmem.c:252) ==26498== by 0x8162C71: prefs_set_default (in /usr/bin/claws-mail) ==26498== by 0x814621D: prefs_account_new (in /usr/bin/claws-mail) ==26498== by 0x8146D2C: prefs_account_open (in /usr/bin/claws-mail) ==26498== by 0x808D289: account_add (in /usr/bin/claws-mail) ==26498== by 0x4B8AA36: g_cclosure_marshal_VOID__VOIDv (gmarshal.c:115) ==26498== by 0x4B88F00: _g_closure_invoke_va (gclosure.c:840) ==26498== by 0x4BA26FD: g_signal_emit_valist (gsignal.c:3234) ==26498== by 0x4BA32B2: g_signal_emit (gsignal.c:3384) ==26498== by 0x410FD49: gtk_button_clicked (gtkbutton.c:1128) ==26498== Address 0x741cbd0 is 0 bytes inside a block of size 1 free'd ==26498== at 0x402A24C: free (vg_replace_malloc.c:446) ==26498== by 0x4C1A56A: standard_free (gmem.c:98) ==26498== by 0x4C1A6DF: g_free (gmem.c:252) ==26498== by 0x8163468: prefs_free (in /usr/bin/claws-mail) ==26498== by 0x8146A32: prefs_account_free (in /usr/bin/claws-mail) ==26498== by 0x8146D6D: prefs_account_open (in /usr/bin/claws-mail) ==26498== by 0x808D289: account_add (in /usr/bin/claws-mail) ==26498== by 0x4B8A9CE: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==26498== by 0x4B88C55: g_closure_invoke (gclosure.c:777) ==26498== by 0x410FD49: gtk_button_clicked (gtkbutton.c:1128) ==26498== Address 0x741cbd0 is 0 bytes inside a block of size 1 free'd ==26498== at 0x402A24C: free (vg_replace_malloc.c:446) ==26498== by 0x4C1A56A: standard_free (gmem.c:98) ==26498== by 0x4C1A6DF: g_free (gmem.c:252) ==26498== by 0x8163468: prefs_free (in /usr/bin/claws-mail) ==26498== by 0x8146A32: prefs_account_free (in /usr/bin/claws-mail) ==26498== by 0x8146D6D: prefs_account_open (in /usr/bin/claws-mail) ==26498== by 0x808D289: account_add (in /usr/bin/claws-mail) ==26498== by 0x4B8A9CE: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==26498== by 0x4B88C55: g_closure_invoke (gclosure.c:777) ==26498== by 0x4B9AED6: signal_emit_unlocked_R (gsignal.c:3584) ==26498== by 0x4BA30DA: g_signal_emit_valist (gsignal.c:3328) ==26498== by 0x4BA32B2: g_signal_emit (gsignal.c:3384) Is this with Paul's second commit or with just the first one? It seems to match the valgrind output you've attached in comment 1. With the complete fix, I cannot reproduce the crashes anymore: http://pkgs.fedoraproject.org/cgit/claws-mail.git/plain/claws-mail-3.9.2-account-double-free.patch?id=c90b105f83e34af9ff49779ab00b9fcfedc173c2 With the 2nd. The bug is fixed, the mem error still happens. |