gedit assert failure: corrupted size vs. prev_size

StacktraceSource:
 #0 0x00007f34c7812077 in ?? () from /tmp/apport_sandbox_zqwufnh4/lib/x86_64-linux-gnu/libc.so.6
 #1 0x0000000000000010 in ?? ()
 #2 0x0000000095a125a0 in ?? ()
 #3 0x0000000000000000 in ?? ()
StacktraceTop:
 ?? () from /tmp/apport_sandbox_zqwufnh4/lib/x86_64-linux-gnu/libc.so.6
 ?? ()
 ?? ()
 ?? ()

StacktraceTop:
 __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f34c797ec00 "%s\n") at ../sysdeps/posix/libc_fatal.c:181
 malloc_printerr (str=str@entry=0x7f34c797cc9a "corrupted size vs. prev_size") at malloc.c:5336
 malloc_consolidate (av=av@entry=0x7f34c79b5c40 <main_arena>) at malloc.c:4442
 _int_free (av=av@entry=0x7f34c79b5c40 <main_arena>, p=0x5641963c0fd0, have_lock=have_lock@entry=1) at malloc.c:4348
 _int_realloc (av=av@entry=0x7f34c79b5c40 <main_arena>, oldp=oldp@entry=0x5641963bcfc0, oldsize=oldsize@entry=32784, nb=nb@entry=16400) at malloc.c:4636

Thank you for your bug report. Do you have special plugins in use? Could you describe what you were doing when hitting the issue?
Please also try to obtain a valgrind log following the instructions at https://wiki.ubuntu.com/Valgrind and attach the file to the bug report. This will greatly help us in tracking down your problem.

Can get a consistent memory error by opening gedit from a command line and then adding 3 small text files (have three tabs open). Then using the window close terminating the gedit window. Get one of two error indications but no error processing.

cliff@cliffps:~$ gedit
malloc_consolidate(): invalid chunk size
Aborted (core dumped)

cliff@cliffps:~$ gedit
corrupted size vs. prev_size
Aborted (core dumped)

Calling gedit with valgrind and doing the same operations (adding three text files) results in no error indications after terminating gedit. Will add the valgrind log in case the error did occurr but just not seeing any indications in the command window.

Thanks, valgrind tend to avoid the segfault but does collect the errors still, your log has one

==18294== Invalid free() / delete / delete[] / realloc()
==18294== at 0x483897B: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==18294== by 0x4891CEF: ??? (in /usr/lib/x86_64-linux-gnu/gedit/

That's missing debug symbols though, could you install those debug packages and try again?
https://launchpad.net/ubuntu/+source/gtk+3.0/3.24.5-1ubuntu1/+build/16354960/+files/libgtk-3-0-dbgsym_3.24.5-1ubuntu1_amd64.ddeb
https://launchpad.net/ubuntu/+source/glib2.0/2.59.2-2/+build/16381172/+files/libglib2.0-0-dbgsym_2.59.2-2_amd64.ddeb
https://launchpad.net/ubuntu/+source/gedit/3.31.90-1build1/+build/16354854/+files/gedit-dbgsym_3.31.90-1build1_amd64.ddeb

Added the three debug ddebs and re-ran the test with valgrind. Just as a note calling gedit and only adding a single text file will also fail with a memory error. Have a second system also running 19.04 which also appears to fails the same way with gedit.

Thanks, that has the details of the error

==2494== 1 errors in context 1 of 1208:
==2494== Invalid free() / delete / delete[] / realloc()
==2494== at 0x483897B: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==2494== by 0x4891CEF: gedit_open_document_selector_dispose (gedit-open-document-selector.c:753)
==2494== by 0x4A91F82: g_object_unref (gobject.c:3308)
==2494== by 0x4A91F82: g_object_unref (gobject.c:3238)
==2494== by 0x4FF8395: gtk_container_destroy (gtkcontainer.c:1700)
==2494== by 0x4A8CD90: g_closure_invoke (gclosure.c:810)
==2494== by 0x4AA0895: signal_emit_unlocked_R (gsignal.c:3751)
==2494== by 0x4AA944D: g_signal_emit_valist (gsignal.c:3391)
==2494== by 0x4AA9B0E: g_signal_emit (gsignal.c:3447)
==2494== by 0x520CE6B: gtk_widget_dispose (gtkwidget.c:12098)
==2494== by 0x4A91F82: g_object_unref (gobject.c:3308)
==2494== by 0x4A91F82: g_object_unref (gobject.c:3238)
==2494== by 0x50D2061: gtk_menu_button_dispose (gtkmenubutton.c:1058)

Could you give details on what you do exactly? Is adding tabs enough? Or do you need to open existing documents? Do you save same or do editing without saving in a way that should trigger the 'do you want to save before exiting' dialog?

Ok, I managed to trigger it, you need to pick documents for the "recent document" popdown, creating new ones or using ctrl+O to open files doesn't do it (the function from the valgrind log hinted that)

Ok, I found the issue and proposed a fix upstrfeam
https://gitlab.gnome.org/GNOME/gedit/merge_requests/27

This bug was fixed in the package gedit - 3.31.92-1

---------------
gedit (3.31.92-1) experimental; urgency=medium

  * New upstream release
    - Fix segfault in open document selector (lp: #1817459)

 -- Sebastien Bacher <email address hidden> Tue, 05 Mar 2019 17:09:34 +0100