| commit | 4d9bc2923b8aaddce31c4ceb8f7f06c684e74240 | |
| author | Sergei Trofimovich <slyfox@inbox.ru> | |
| Sat, 26 Dec 2009 20:54:12 +0000 (26 22:54 +0200) | ||
| committer | Sergei Trofimovich <slyfox@inbox.ru> | |
| Sun, 27 Dec 2009 08:23:50 +0000 (27 10:23 +0200) | ||
| tree | 6b790cdddb22176701c2488fb8c5c2d473604258 | treesnapshot (tar.gz zip) |
| parent | 5e9729e05b8d12ccd408b1e3380d47b8fb2db183 | commitdiff |
Ticket #1906: edit: crash on file open whoen some Syntax files are absent (reported by pavlinux)
valgrind log snippet: (from here http://pavlinux.ru/vgmc.log)
> ==26750== HEAP SUMMARY:
> ==26750== in use at exit: 0 bytes in 0 blocks
> ==26750== ==26749== Invalid free() / delete / delete[]
> ==26749== at 0x4A06DD8: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==26749== by 0x48B5F9: edit_read_syntax_rules (syntax.c:766)
> ==26749== by 0x48CDA7: edit_read_syntax_file (syntax.c:1140)
> ==26749== by 0x48D06D: edit_load_syntax (syntax.c:1219)
> ==26749== by 0x4762F6: edit_init (edit.c:834)
> ==26749== by 0x4858FC: edit_file (editwidget.c:241)
> ==26749== by 0x44D017: do_edit_at_line (cmd.c:304)
> ==26749== by 0x44D098: do_edit (cmd.c:324)
> ==26749== by 0x44D10E: edit_cmd (cmd.c:331)
> ==26749== by 0x46C2E4: midnight_execute_cmd (main.c:1193)
> ==26749== by 0x46CD41: midnight_callback (main.c:1690)
> ==26749== by 0x4353F4: buttonbar_call (widget.c:2654)
> ==26749== Address 0x60f8e10 is 0 bytes inside a block of size 30 free'd
> ==26749== at 0x4A06DD8: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==26749== by 0x48B32C: open_include_file (syntax.c:705)
> ==26749== by 0x48B6E8: edit_read_syntax_rules (syntax.c:784)
> ==26749== by 0x48CDA7: edit_read_syntax_file (syntax.c:1140)
> ==26749== by 0x48D06D: edit_load_syntax (syntax.c:1219)
> ==26749== by 0x4762F6: edit_init (edit.c:834)
> ==26749== by 0x4858FC: edit_file (editwidget.c:241)
> ==26749== by 0x44D017: do_edit_at_line (cmd.c:304)
> ==26749== by 0x44D098: do_edit (cmd.c:324)
> ==26749== by 0x44D10E: edit_cmd (cmd.c:331)
> ==26749== by 0x46C2E4: midnight_execute_cmd (main.c:1193)
> ==26749== by 0x46CD41: midnight_callback (main.c:1690)
We see doublefree memory corruption here, introduced by spurious 'g_free(error_file_name)'
of changeset:0c17219b2ab5cb5fe2e73f8d7cc9c11c755a3ae4 (syntax.c file)
The rest of code seems to store real syntax file name there.
Making code the same as part above: don't free 'error_file_name'
Signed-off-by: Sergei Trofimovich <slyfox@inbox.ru>
valgrind log snippet: (from here http://pavlinux.ru/vgmc.log)
> ==26750== HEAP SUMMARY:
> ==26750== in use at exit: 0 bytes in 0 blocks
> ==26750== ==26749== Invalid free() / delete / delete[]
> ==26749== at 0x4A06DD8: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==26749== by 0x48B5F9: edit_read_syntax_rules (syntax.c:766)
> ==26749== by 0x48CDA7: edit_read_syntax_file (syntax.c:1140)
> ==26749== by 0x48D06D: edit_load_syntax (syntax.c:1219)
> ==26749== by 0x4762F6: edit_init (edit.c:834)
> ==26749== by 0x4858FC: edit_file (editwidget.c:241)
> ==26749== by 0x44D017: do_edit_at_line (cmd.c:304)
> ==26749== by 0x44D098: do_edit (cmd.c:324)
> ==26749== by 0x44D10E: edit_cmd (cmd.c:331)
> ==26749== by 0x46C2E4: midnight_execute_cmd (main.c:1193)
> ==26749== by 0x46CD41: midnight_callback (main.c:1690)
> ==26749== by 0x4353F4: buttonbar_call (widget.c:2654)
> ==26749== Address 0x60f8e10 is 0 bytes inside a block of size 30 free'd
> ==26749== at 0x4A06DD8: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==26749== by 0x48B32C: open_include_file (syntax.c:705)
> ==26749== by 0x48B6E8: edit_read_syntax_rules (syntax.c:784)
> ==26749== by 0x48CDA7: edit_read_syntax_file (syntax.c:1140)
> ==26749== by 0x48D06D: edit_load_syntax (syntax.c:1219)
> ==26749== by 0x4762F6: edit_init (edit.c:834)
> ==26749== by 0x4858FC: edit_file (editwidget.c:241)
> ==26749== by 0x44D017: do_edit_at_line (cmd.c:304)
> ==26749== by 0x44D098: do_edit (cmd.c:324)
> ==26749== by 0x44D10E: edit_cmd (cmd.c:331)
> ==26749== by 0x46C2E4: midnight_execute_cmd (main.c:1193)
> ==26749== by 0x46CD41: midnight_callback (main.c:1690)
We see doublefree memory corruption here, introduced by spurious 'g_free(error_file_name)'
of changeset:0c17219b2ab5cb5fe2e73f8d7cc9c11c755a3ae4 (syntax.c file)
The rest of code seems to store real syntax file name there.
Making code the same as part above: don't free 'error_file_name'
Signed-off-by: Sergei Trofimovich <slyfox@inbox.ru>
| edit/syntax.c | diffblobblamehistory |