View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002037 | gnunet-gtk | gnunet-fs-gtk | public | 2011-12-26 18:08 | 2011-12-26 22:28 |
| Reporter | Christian Grothoff | Assigned To | Christian Grothoff | ||
| Priority | high | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Target Version | 0.9.1 | Fixed in Version | 0.9.1 | ||
| Summary | 0002037: use after free upon close of master publish dialog (valgrind) | ||||
| Description | =24385== Invalid read of size 4 ==24385== at 0x5AB9F5B: GNUNET_FS_uri_destroy (fs_uri.c:690) ==24385== by 0x41A83F: free_pseudonym_tree_store (gnunet-fs-gtk-main_window_file_publish.c:1655) ==24385== by 0x41A883: free_pseudonym_tree_store (gnunet-fs-gtk-main_window_file_publish.c:1667) ==24385== by 0x41ACAB: hide_master_publish_dialog (gnunet-fs-gtk-main_window_file_publish.c:1778) ==24385== by 0x41AD81: GNUNET_GTK_master_publish_dialog_execute_button_clicked_cb (gnunet-fs-gtk-main_window_file_publish.c:1801) ==24385== by 0x7CCD47D: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.2400.2) ==24385== by 0x7CE33F6: ??? (in /usr/lib/libgobject-2.0.so.0.2400.2) ==24385== by 0x7CE4A75: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.2400.2) ==24385== by 0x7CE4FC2: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.2400.2) ==24385== by 0x5D5B284: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2000.1) ==24385== by 0x7CCD47D: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.2400.2) ==24385== by 0x7CE2CC0: ??? (in /usr/lib/libgobject-2.0.so.0.2400.2) ==24385== Address 0x12ff3f90 is 0 bytes inside a block of size 2 alloc'd ==24385== at 0x4C244E8: malloc (vg_replace_malloc.c:236) ==24385== by 0x855D534: g_malloc (in /lib/libglib-2.0.so.0.2400.2) ==24385== by 0x8574DDD: g_strdup (in /lib/libglib-2.0.so.0.2400.2) ==24385== by 0x7CF3CEC: ??? (in /usr/lib/libgobject-2.0.so.0.2400.2) ==24385== by 0x5EDF72E: gtk_tree_model_get_valist (in /usr/lib/libgtk-x11-2.0.so.0.2000.1) ==24385== by 0x5EDF978: gtk_tree_model_get (in /usr/lib/libgtk-x11-2.0.so.0.2000.1) ==24385== by 0x41A82A: free_pseudonym_tree_store (gnunet-fs-gtk-main_window_file_publish.c:1653) ==24385== by 0x41A883: free_pseudonym_tree_store (gnunet-fs-gtk-main_window_file_publish.c:1667) ==24385== by 0x41ACAB: hide_master_publish_dialog (gnunet-fs-gtk-main_window_file_publish.c:1778) ==24385== by 0x41AD81: GNUNET_GTK_master_publish_dialog_execute_button_clicked_cb (gnunet-fs-gtk-main_window_file_publish.c:1801) ==24385== by 0x7CCD47D: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.2400.2) ==24385== by 0x7CE33F6: ??? (in /usr/lib/libgobject-2.0.so.0.2400.2) | ||||
| Tags | No tags attached. | ||||
|
|
The GNUNET_GTK_pseudonym_tree_store has a 'char *' for the 3rd column (uri-as-string), but this code treats it as if it was a 'struct GNUNET_FS_Uri' when cleaning up. Fixed in SVN 18831. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2011-12-26 18:08 | Christian Grothoff | New Issue | |
| 2011-12-26 20:42 | Christian Grothoff | Note Added: 0005210 | |
| 2011-12-26 20:42 | Christian Grothoff | Status | new => resolved |
| 2011-12-26 20:42 | Christian Grothoff | Resolution | open => fixed |
| 2011-12-26 20:42 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2011-12-26 20:42 | Christian Grothoff | Fixed in Version | => 0.9.1 |
| 2011-12-26 22:28 | Christian Grothoff | Status | resolved => closed |
