Invalid read of size 1

Bug #988873 reported by Sebastien Bacher on 2012-04-26
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Compiz
High
Unassigned
Compiz Configuration Library
High
Unassigned
libcompizconfig (Ubuntu)
High
Unassigned

Bug Description

Running current precise with the first SRU candidate from unity staging I see those errors in valgrind:

==4260== Invalid read of size 1
==4260== at 0x402C28C: index (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==4260== by 0x53F0758: valueChanged (string2.h:1227)
==4260== by 0x56E04E7: notify_listeners_callback (gconf-client.c:2810)
==4260== by 0x56D65AE: gconf_listeners_notify (gconf-listeners.c:590)
==4260== by 0x56E3CB6: notify_one_entry (gconf-client.c:2835)
==4260== by 0x56E3D96: notify_idle_callback (gconf-client.c:2875)
==4260== by 0x45F673F: g_idle_dispatch (gmain.c:4634)
==4260== by 0x45F8CD9: g_main_context_dispatch (gmain.c:2515)
==4260== by 0x45F90E4: g_main_context_iterate.isra.21 (gmain.c:3123)
==4260== by 0x45F91C0: g_main_context_iteration (gmain.c:3184)
==4260== by 0x53F12EB: processEvents (gconf.c:1918)
==4260== by 0x542C7DE: ccsProcessEvents (main.c:2037)
==4260== by 0x403B34A: CcpScreen::timeout() (in /usr/lib/compiz/libccp.so)
==4260== by 0x403B620: boost::detail::function::function_obj_invoker0<boost::_bi::bind_t<bool, boost::_mfi::mf0<bool, CcpScreen>, boost::_bi::list1<boost::_bi::value<CcpScreen*> > >, bool>::invoke(boost::detail::function::function_buffer&) (in /usr/lib/compiz/libccp.so)
==4260== by 0x40D2412: CompTimer::triggerCallback() (function_template.hpp:1013)
==4260== by 0x40D2520: CompTimeoutSource::callback() (timer.cpp:150)
==4260== by 0x40D2631: sigc::internal::slot_call0<sigc::bound_mem_functor0<bool, CompTimeoutSource>, bool>::call_it(sigc::internal::slot_rep*) (mem_fun.h:1787)
==4260== by 0x40D17AE: CompTimeoutSource::dispatch(sigc::slot_base*) (slot.h:440)
==4260== by 0x4586470: Glib::Source::dispatch_vfunc(_GSource*, int (*)(void*), void*) (main.cc:956)
==4260== by 0x45F8CD9: g_main_context_dispatch (gmain.c:2515)
==4260== by 0x45F90E4: g_main_context_iterate.isra.21 (gmain.c:3123)
==4260== by 0x45F952A: g_main_loop_run (gmain.c:3317)
==4260== by 0x42264D2: (below main) (libc-start.c:226)
==4260== Address 0x6fc5b5f is 0 bytes after a block of size 15 alloc'd
==4260== at 0x402BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==4260== by 0x45FE96A: standard_malloc (gmem.c:85)
==4260== by 0x45FEE02: g_malloc (gmem.c:159)
==4260== by 0x4614B8A: g_strdup (gstrfuncs.c:356)
==4260== by 0x56DCF95: gconf_entry_new (gconf-value.c:1482)
==4260== by 0x56DCFFE: gconf_entry_copy (gconf-value.c:1548)
==4260== by 0x56DF077: gconf_client_cache (gconf-client.c:2339)
==4260== by 0x56E085A: notify_from_server_callback (gconf-client.c:424)
==4260== by 0x56E5959: gconf_dbus_message_filter (gconf-dbus.c:690)
==4260== by 0x5884440: dbus_connection_dispatch (dbus-connection.c:4603)
==4260== by 0x58579AC: ??? (in /usr/lib/i386-linux-gnu/libdbus-glib-1.so.2.2.2)
==4260== by 0x45F8CD9: g_main_context_dispatch (gmain.c:2515)
==4260== by 0x45F90E4: g_main_context_iterate.isra.21 (gmain.c:3123)
==4260== by 0x45F91C0: g_main_context_iteration (gmain.c:3184)
==4260== by 0x53F12EB: processEvents (gconf.c:1918)
==4260== by 0x542C7DE: ccsProcessEvents (main.c:2037)
==4260== by 0x403B34A: CcpScreen::timeout() (in /usr/lib/compiz/libccp.so)
==4260== by 0x403B620: boost::detail::function::function_obj_invoker0<boost::_bi::bind_t<bool, boost::_mfi::mf0<bool, CcpScreen>, boost::_bi::list1<boost::_bi::value<CcpScreen*> > >, bool>::invoke(boost::detail::function::function_buffer&) (in /usr/lib/compiz/libccp.so)
==4260== by 0x40D2412: CompTimer::triggerCallback() (function_template.hpp:1013)
==4260== by 0x40D2520: CompTimeoutSource::callback() (timer.cpp:150)
==4260== by 0x40D2631: sigc::internal::slot_call0<sigc::bound_mem_functor0<bool, CompTimeoutSource>, bool>::call_it(sigc::internal::slot_rep*) (mem_fun.h:1787)
==4260== by 0x40D17AE: CompTimeoutSource::dispatch(sigc::slot_base*) (slot.h:440)
==4260== by 0x4586470: Glib::Source::dispatch_vfunc(_GSource*, int (*)(void*), void*) (main.cc:956)
==4260== by 0x45F8CD9: g_main_context_dispatch (gmain.c:2515)
==4260== by 0x45F90E4: g_main_context_iterate.isra.21 (gmain.c:3123)
==4260== by 0x45F952A: g_main_loop_run (gmain.c:3317)
==4260== by 0x42264D2: (below main) (libc-start.c:226)

Sebastien Bacher (seb128) wrote :

Could be the same issue than bug #932382

it seems like http://bazaar.launchpad.net/~compiz-team/compiz-libcompizconfig/0.9.5/revision/430 is not in precise though...is that an oversight or was it kept out of a reason?

affects: compizconfig-backend-gconf (Ubuntu) → libcompizconfig (Ubuntu)
Changed in libcompizconfig (Ubuntu):
importance: Undecided → High
Daniel van Vugt (vanvugt) wrote :

That looks like it might still be a different bug.

Changed in compiz-libcompizconfig:
status: New → Triaged
importance: Undecided → High
Changed in libcompizconfig (Ubuntu):
status: New → Triaged
Changed in compiz:
importance: Undecided → High
status: New → Triaged
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers