==30155== Memcheck, a memory error detector ==30155== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==30155== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info ==30155== Command: liferea --debug-all ==30155== Parent PID: 20367 ==30155== ==30155== Conditional jump or move depends on uninitialised value(s) ==30155== at 0xB38EE40: inflateReset2 (in /lib/libz.so.1.2.3.4) ==30155== by 0xB38EF2F: inflateInit2_ (in /lib/libz.so.1.2.3.4) ==30155== by 0xB3891BC: ??? (in /lib/libz.so.1.2.3.4) ==30155== by 0x57AF8C5: ??? (in /usr/lib/libxml2.so.2.7.7) ==30155== by 0x57AF2E7: __xmlParserInputBufferCreateFilename (in /usr/lib/libxml2.so.2.7.7) ==30155== by 0x57843EC: xmlNewInputFromFile (in /usr/lib/libxml2.so.2.7.7) ==30155== by 0x5788825: xmlCreateURLParserCtxt (in /usr/lib/libxml2.so.2.7.7) ==30155== by 0x579F5FB: xmlSAXUserParseFile (in /usr/lib/libxml2.so.2.7.7) ==30155== by 0x5546C66: glade_parser_parse_file (in /usr/lib/libglade-2.0.so.0.0.7) ==30155== by 0x5544379: glade_xml_construct (in /usr/lib/libglade-2.0.so.0.0.7) ==30155== by 0x5545035: glade_xml_new (in /usr/lib/libglade-2.0.so.0.0.7) ==30155== by 0x442B29: liferea_shell_init (liferea_shell.c:161) ==30155== ==30155== Conditional jump or move depends on uninitialised value(s) ==30155== at 0xB38EE40: inflateReset2 (in /lib/libz.so.1.2.3.4) ==30155== by 0xB38EF2F: inflateInit2_ (in /lib/libz.so.1.2.3.4) ==30155== by 0xC71D4AF: png_create_read_struct_2 (in /lib/libpng12.so.0.44.0) ==30155== by 0x1AC7638A: ??? (in /usr/lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so) ==30155== by 0x800DF12: ??? (in /usr/lib/libgdk_pixbuf-2.0.so.0.2200.0) ==30155== by 0x800F2DB: gdk_pixbuf_new_from_file (in /usr/lib/libgdk_pixbuf-2.0.so.0.2200.0) ==30155== by 0x443A9B: ui_common_create_pixbuf (ui_common.c:241) ==30155== by 0x4425D7: liferea_shell_create (liferea_shell.c:1253) ==30155== by 0x43185B: main (main.c:315) ==30155== ==30155== Invalid read of size 1 ==30155== at 0x99377AA: vfprintf (vfprintf.c:1614) ==30155== by 0x99ECF1B: __vasprintf_chk (vasprintf_chk.c:68) ==30155== by 0x969054A: g_vasprintf (stdio2.h:199) ==30155== by 0x966E25F: g_strdup_vprintf (gstrfuncs.c:255) ==30155== by 0x4213EC: debug_printf (debug.c:147) ==30155== by 0x4248EB: feed_import (feed.c:135) ==30155== by 0x42B217: newsbin_import (newsbin.c:49) ==30155== by 0x42289B: import_parse_outline (export.c:311) ==30155== by 0x422C7F: import_OPML_feedlist (export.c:333) ==30155== by 0x43A36D: default_source_import (default_source.c:121) ==30155== by 0x43A02D: node_source_setup_root (node_source.c:112) ==30155== by 0x425AC8: feedlist_init (feedlist.c:189) ==30155== Address 0x162b8ee0 is 0 bytes inside a block of size 8 free'd ==30155== at 0x4C27D71: free (vg_replace_malloc.c:366) ==30155== by 0x424681: feed_import (feed.c:72) ==30155== by 0x42B217: newsbin_import (newsbin.c:49) ==30155== by 0x42289B: import_parse_outline (export.c:311) ==30155== by 0x422C7F: import_OPML_feedlist (export.c:333) ==30155== by 0x43A36D: default_source_import (default_source.c:121) ==30155== by 0x43A02D: node_source_setup_root (node_source.c:112) ==30155== by 0x425AC8: feedlist_init (feedlist.c:189) ==30155== by 0x91EC824: g_type_create_instance (gtype.c:1887) ==30155== by 0x91D08C8: g_object_constructor (gobject.c:1597) ==30155== by 0x91CEF19: g_object_newv (gobject.c:1381) ==30155== by 0x91CF64B: g_object_new (gobject.c:1293) ==30155== ==30155== Invalid read of size 1 ==30155== at 0x9963C90: _IO_default_xsputn (genops.c:480) ==30155== by 0x99373AB: vfprintf (vfprintf.c:1614) ==30155== by 0x99ECF1B: __vasprintf_chk (vasprintf_chk.c:68) ==30155== by 0x969054A: g_vasprintf (stdio2.h:199) ==30155== by 0x966E25F: g_strdup_vprintf (gstrfuncs.c:255) ==30155== by 0x4213EC: debug_printf (debug.c:147) ==30155== by 0x4248EB: feed_import (feed.c:135) ==30155== by 0x42B217: newsbin_import (newsbin.c:49) ==30155== by 0x42289B: import_parse_outline (export.c:311) ==30155== by 0x422C7F: import_OPML_feedlist (export.c:333) ==30155== by 0x43A36D: default_source_import (default_source.c:121) ==30155== by 0x43A02D: node_source_setup_root (node_source.c:112) ==30155== Address 0x162b8ee0 is 0 bytes inside a block of size 8 free'd ==30155== at 0x4C27D71: free (vg_replace_malloc.c:366) ==30155== by 0x424681: feed_import (feed.c:72) ==30155== by 0x42B217: newsbin_import (newsbin.c:49) ==30155== by 0x42289B: import_parse_outline (export.c:311) ==30155== by 0x422C7F: import_OPML_feedlist (export.c:333) ==30155== by 0x43A36D: default_source_import (default_source.c:121) ==30155== by 0x43A02D: node_source_setup_root (node_source.c:112) ==30155== by 0x425AC8: feedlist_init (feedlist.c:189) ==30155== by 0x91EC824: g_type_create_instance (gtype.c:1887) ==30155== by 0x91D08C8: g_object_constructor (gobject.c:1597) ==30155== by 0x91CEF19: g_object_newv (gobject.c:1381) ==30155== by 0x91CF64B: g_object_new (gobject.c:1293) ==30155== ==30155== Invalid read of size 1 ==30155== at 0x9963CA2: _IO_default_xsputn (genops.c:479) ==30155== by 0x99373AB: vfprintf (vfprintf.c:1614) ==30155== by 0x99ECF1B: __vasprintf_chk (vasprintf_chk.c:68) ==30155== by 0x969054A: g_vasprintf (stdio2.h:199) ==30155== by 0x966E25F: g_strdup_vprintf (gstrfuncs.c:255) ==30155== by 0x4213EC: debug_printf (debug.c:147) ==30155== by 0x4248EB: feed_import (feed.c:135) ==30155== by 0x42B217: newsbin_import (newsbin.c:49) ==30155== by 0x42289B: import_parse_outline (export.c:311) ==30155== by 0x422C7F: import_OPML_feedlist (export.c:333) ==30155== by 0x43A36D: default_source_import (default_source.c:121) ==30155== by 0x43A02D: node_source_setup_root (node_source.c:112) ==30155== Address 0x162b8ee2 is 2 bytes inside a block of size 8 free'd ==30155== at 0x4C27D71: free (vg_replace_malloc.c:366) ==30155== by 0x424681: feed_import (feed.c:72) ==30155== by 0x42B217: newsbin_import (newsbin.c:49) ==30155== by 0x42289B: import_parse_outline (export.c:311) ==30155== by 0x422C7F: import_OPML_feedlist (export.c:333) ==30155== by 0x43A36D: default_source_import (default_source.c:121) ==30155== by 0x43A02D: node_source_setup_root (node_source.c:112) ==30155== by 0x425AC8: feedlist_init (feedlist.c:189) ==30155== by 0x91EC824: g_type_create_instance (gtype.c:1887) ==30155== by 0x91D08C8: g_object_constructor (gobject.c:1597) ==30155== by 0x91CEF19: g_object_newv (gobject.c:1381) ==30155== by 0x91CF64B: g_object_new (gobject.c:1293) ==30155== ==30155== Invalid read of size 1 ==30155== at 0x9963C21: _IO_default_xsputn (genops.c:485) ==30155== by 0x99373AB: vfprintf (vfprintf.c:1614) ==30155== by 0x99ECF1B: __vasprintf_chk (vasprintf_chk.c:68) ==30155== by 0x969054A: g_vasprintf (stdio2.h:199) ==30155== by 0x966E25F: g_strdup_vprintf (gstrfuncs.c:255) ==30155== by 0x4213EC: debug_printf (debug.c:147) ==30155== by 0x4248EB: feed_import (feed.c:135) ==30155== by 0x42289B: import_parse_outline (export.c:311) ==30155== by 0x422A05: import_parse_outline (export.c:305) ==30155== by 0x422C7F: import_OPML_feedlist (export.c:333) ==30155== by 0x43A36D: default_source_import (default_source.c:121) ==30155== by 0x43A02D: node_source_setup_root (node_source.c:112) ==30155== Address 0x138e8731 is 1 bytes inside a block of size 4 free'd ==30155== at 0x4C27D71: free (vg_replace_malloc.c:366) ==30155== by 0x424681: feed_import (feed.c:72) ==30155== by 0x42289B: import_parse_outline (export.c:311) ==30155== by 0x422A05: import_parse_outline (export.c:305) ==30155== by 0x422C7F: import_OPML_feedlist (export.c:333) ==30155== by 0x43A36D: default_source_import (default_source.c:121) ==30155== by 0x43A02D: node_source_setup_root (node_source.c:112) ==30155== by 0x425AC8: feedlist_init (feedlist.c:189) ==30155== by 0x91EC824: g_type_create_instance (gtype.c:1887) ==30155== by 0x91D08C8: g_object_constructor (gobject.c:1597) ==30155== by 0x91CEF19: g_object_newv (gobject.c:1381) ==30155== by 0x91CF64B: g_object_new (gobject.c:1293) ==30155== ==30155== Conditional jump or move depends on uninitialised value(s) ==30155== at 0xB38EE40: inflateReset2 (in /lib/libz.so.1.2.3.4) ==30155== by 0xB38EF2F: inflateInit2_ (in /lib/libz.so.1.2.3.4) ==30155== by 0xC71D4AF: png_create_read_struct_2 (in /lib/libpng12.so.0.44.0) ==30155== by 0xC71D646: png_create_read_struct (in /lib/libpng12.so.0.44.0) ==30155== by 0x64545A5: ??? (in /usr/lib/libwebkit-1.0.so.2.17.7) ==30155== by 0x645465C: ??? (in /usr/lib/libwebkit-1.0.so.2.17.7) ==30155== by 0x618F530: ??? (in /usr/lib/libwebkit-1.0.so.2.17.7) ==30155== by 0x642FC1D: ??? (in /usr/lib/libwebkit-1.0.so.2.17.7) ==30155== by 0x642FD03: ??? (in /usr/lib/libwebkit-1.0.so.2.17.7) ==30155== by 0x6440453: ??? (in /usr/lib/libwebkit-1.0.so.2.17.7) ==30155== by 0x643E4AF: ??? (in /usr/lib/libwebkit-1.0.so.2.17.7) ==30155== by 0x91C9A6D: g_closure_invoke (gclosure.c:766) ==30155== ==30155== Conditional jump or move depends on uninitialised value(s) ==30155== at 0x16F031F5: murrine_draw_expander (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== by 0x16EF3A32: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== by 0x77409C8: gtk_tree_view_draw_arrow (gtktreeview.c:9593) ==30155== by 0x7757294: gtk_tree_view_bin_expose (gtktreeview.c:4739) ==30155== by 0x7758114: gtk_tree_view_expose (gtktreeview.c:5089) ==30155== by 0x76529D7: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:86) ==30155== by 0x91C9A6D: g_closure_invoke (gclosure.c:766) ==30155== by 0x91DF11F: signal_emit_unlocked_R (gsignal.c:3290) ==30155== by 0x91E07DA: g_signal_emit_valist (gsignal.c:2993) ==30155== by 0x91E0F52: g_signal_emit (gsignal.c:3040) ==30155== by 0x776B6DE: gtk_widget_event_internal (gtkwidget.c:4985) ==30155== by 0x764C1B5: gtk_main_do_event (gtkmain.c:1590) ==30155== ==30155== Conditional jump or move depends on uninitialised value(s) ==30155== at 0x16EFB022: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== by 0x16EFEE97: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== by 0x16EF4395: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== by 0x75A37F8: _gtk_button_paint (gtkbutton.c:1524) ==30155== by 0x75A3A1E: gtk_button_expose (gtkbutton.c:1577) ==30155== by 0x76529D7: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:86) ==30155== by 0x91C99B8: g_closure_invoke (gclosure.c:766) ==30155== by 0x91DF11F: signal_emit_unlocked_R (gsignal.c:3290) ==30155== by 0x91E07DA: g_signal_emit_valist (gsignal.c:2993) ==30155== by 0x91E0F52: g_signal_emit (gsignal.c:3040) ==30155== by 0x776B6DE: gtk_widget_event_internal (gtkwidget.c:4985) ==30155== by 0x75CC3D5: gtk_container_propagate_expose (gtkcontainer.c:2768) ==30155== ==30155== Conditional jump or move depends on uninitialised value(s) ==30155== at 0x16EFB07A: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== by 0x16EFEE97: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== by 0x16EF4395: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== by 0x75A37F8: _gtk_button_paint (gtkbutton.c:1524) ==30155== by 0x75A3A1E: gtk_button_expose (gtkbutton.c:1577) ==30155== by 0x76529D7: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:86) ==30155== by 0x91C99B8: g_closure_invoke (gclosure.c:766) ==30155== by 0x91DF11F: signal_emit_unlocked_R (gsignal.c:3290) ==30155== by 0x91E07DA: g_signal_emit_valist (gsignal.c:2993) ==30155== by 0x91E0F52: g_signal_emit (gsignal.c:3040) ==30155== by 0x776B6DE: gtk_widget_event_internal (gtkwidget.c:4985) ==30155== by 0x75CC3D5: gtk_container_propagate_expose (gtkcontainer.c:2768) ==30155== ==30155== Conditional jump or move depends on uninitialised value(s) ==30155== at 0x16EFB083: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== by 0x16EFEE97: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== by 0x16EF4395: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== by 0x75A37F8: _gtk_button_paint (gtkbutton.c:1524) ==30155== by 0x75A3A1E: gtk_button_expose (gtkbutton.c:1577) ==30155== by 0x76529D7: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:86) ==30155== by 0x91C99B8: g_closure_invoke (gclosure.c:766) ==30155== by 0x91DF11F: signal_emit_unlocked_R (gsignal.c:3290) ==30155== by 0x91E07DA: g_signal_emit_valist (gsignal.c:2993) ==30155== by 0x91E0F52: g_signal_emit (gsignal.c:3040) ==30155== by 0x776B6DE: gtk_widget_event_internal (gtkwidget.c:4985) ==30155== by 0x75CC3D5: gtk_container_propagate_expose (gtkcontainer.c:2768) ==30155== ==30155== Invalid write of size 4 ==30155== at 0x8248C23: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4247) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== by 0x16F0215D: murrine_draw_focus (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== Address 0x16126638 is 0 bytes after a block of size 3,864 alloc'd ==30155== at 0x4C2815C: malloc (vg_replace_malloc.c:236) ==30155== by 0x8248BC0: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4239) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== ==30155== Invalid write of size 4 ==30155== at 0x8248C31: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4248) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== by 0x16F0215D: murrine_draw_focus (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== Address 0x1612663c is 4 bytes after a block of size 3,864 alloc'd ==30155== at 0x4C2815C: malloc (vg_replace_malloc.c:236) ==30155== by 0x8248BC0: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4239) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== ==30155== Invalid write of size 4 ==30155== at 0x8248C0D: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4245) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== by 0x16F0215D: murrine_draw_focus (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== Address 0x16126640 is 8 bytes after a block of size 3,864 alloc'd ==30155== at 0x4C2815C: malloc (vg_replace_malloc.c:236) ==30155== by 0x8248BC0: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4239) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== ==30155== Invalid write of size 4 ==30155== at 0x8248C15: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4246) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== by 0x16F0215D: murrine_draw_focus (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so) ==30155== Address 0x16126644 is 12 bytes after a block of size 3,864 alloc'd ==30155== at 0x4C2815C: malloc (vg_replace_malloc.c:236) ==30155== by 0x8248BC0: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4239) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== ==30155== Invalid read of size 4 ==30155== at 0xF6D1653: pixman_image_fill_boxes (pixman.c:1040) ==30155== by 0x8248C67: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4252) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== Address 0x1612663c is 4 bytes after a block of size 3,864 alloc'd ==30155== at 0x4C2815C: malloc (vg_replace_malloc.c:236) ==30155== by 0x8248BC0: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4239) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== ==30155== Invalid read of size 4 ==30155== at 0xF6D166F: pixman_image_fill_boxes (pixman.c:1040) ==30155== by 0x8248C67: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4252) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== Address 0x16126638 is 0 bytes after a block of size 3,864 alloc'd ==30155== at 0x4C2815C: malloc (vg_replace_malloc.c:236) ==30155== by 0x8248BC0: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4239) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== ==30155== Invalid read of size 4 ==30155== at 0xF6D1650: pixman_image_fill_boxes (pixman.c:1040) ==30155== by 0x8248C67: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4252) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== Address 0x16126644 is 12 bytes after a block of size 3,864 alloc'd ==30155== at 0x4C2815C: malloc (vg_replace_malloc.c:236) ==30155== by 0x8248BC0: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4239) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== ==30155== Invalid read of size 4 ==30155== at 0xF6D1659: pixman_image_fill_boxes (pixman.c:1040) ==30155== by 0x8248C67: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4252) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== Address 0x16126640 is 8 bytes after a block of size 3,864 alloc'd ==30155== at 0x4C2815C: malloc (vg_replace_malloc.c:236) ==30155== by 0x8248BC0: _cairo_image_surface_fill_rectangles (cairo-image-surface.c:4239) ==30155== by 0x8269847: _cairo_surface_fill_rectangles (cairo-surface.c:1958) ==30155== by 0x826C884: _cairo_surface_fallback_fill_rectangles (cairo-surface-fallback.c:1511) ==30155== by 0x8269860: _cairo_surface_fill_rectangles (cairo-surface.c:1965) ==30155== by 0x826DAC6: _fill_rectangles (cairo-surface-fallback.c:724) ==30155== by 0x826DC91: _clip_and_composite_trapezoids (cairo-surface-fallback.c:808) ==30155== by 0x826E8D8: _cairo_surface_fallback_stroke (cairo-surface-fallback.c:1113) ==30155== by 0x826B190: _cairo_surface_stroke (cairo-surface.c:2215) ==30155== by 0x8243829: _cairo_gstate_stroke (cairo-gstate.c:1166) ==30155== by 0x823A49A: cairo_stroke_preserve (cairo.c:2405) ==30155== by 0x823A4C8: cairo_stroke (cairo.c:2378) ==30155== --30155-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting --30155-- si_code=1; Faulting address: 0xB1612682A; sp: 0x403373df0 valgrind: the 'impossible' happened: Killed by fatal signal ==30155== at 0x38034C4C: vgPlain_arena_malloc (m_mallocfree.c:245) ==30155== by 0x380620B2: vgPlain_cli_malloc (replacemalloc_core.c:83) ==30155== by 0x38002A86: vgMemCheck_new_block (mc_malloc_wrappers.c:199) ==30155== by 0x38002EA7: vgMemCheck_malloc (mc_malloc_wrappers.c:236) ==30155== by 0x38063EFA: vgPlain_scheduler (scheduler.c:1384) ==30155== by 0x3808E140: run_a_thread_NORETURN (syswrap-linux.c:94) sched status: running_tid=1 Thread 1: status = VgTs_Runnable ==30155== at 0x4C2815C: malloc (vg_replace_malloc.c:236) ==30155== by 0x4C281D6: realloc (vg_replace_malloc.c:525) ==30155== by 0x965513E: g_realloc (gmem.c:233) ==30155== by 0x966F016: g_string_maybe_expand (gstring.c:396) ==30155== by 0x9670179: g_string_sized_new (gstring.c:421) ==30155== by 0x9651C4C: add_to_partial (gmarkup.c:770) ==30155== by 0x9653E1A: g_markup_parse_context_parse (gmarkup.c:1158) ==30155== by 0x8500F5A: pango_parse_markup (in /usr/lib/libpango-1.0.so.0.2800.1) ==30155== by 0x75B71E1: gtk_cell_renderer_text_set_property (gtkcellrenderertext.c:1046) ==30155== by 0x91D1A0B: g_object_set_property (gobject.c:1174) ==30155== by 0x775C387: gtk_tree_view_column_cell_set_cell_data (gtktreeviewcolumn.c:2586) ==30155== by 0x7756640: gtk_tree_view_bin_expose (gtktreeview.c:4513) ==30155== by 0x7758114: gtk_tree_view_expose (gtktreeview.c:5089) ==30155== by 0x76529D7: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:86) ==30155== by 0x91C9A6D: g_closure_invoke (gclosure.c:766) ==30155== by 0x91DF11F: signal_emit_unlocked_R (gsignal.c:3290) ==30155== by 0x91E07DA: g_signal_emit_valist (gsignal.c:2993) ==30155== by 0x91E0F52: g_signal_emit (gsignal.c:3040) ==30155== by 0x776B6DE: gtk_widget_event_internal (gtkwidget.c:4985) ==30155== by 0x764C1B5: gtk_main_do_event (gtkmain.c:1590) ==30155== by 0x7B799D9: _gdk_window_process_updates_recurse (gdkwindow.c:5424) ==30155== by 0x7B79986: _gdk_window_process_updates_recurse (gdkwindow.c:5397) ==30155== by 0x7B79986: _gdk_window_process_updates_recurse (gdkwindow.c:5397) ==30155== by 0x7B7646A: gdk_window_process_updates_internal (gdkwindow.c:5583) ==30155== by 0x7B7AE0C: gdk_window_process_updates (gdkwindow.c:5757) ==30155== by 0x7747AA5: gtk_tree_view_clamp_node_visible (gtktreeview.c:8950) ==30155== by 0x774EE07: gtk_tree_view_real_set_cursor (gtktreeview.c:12628) ==30155== by 0x7758521: gtk_tree_view_set_cursor_on_cell (gtktreeview.c:12749) ==30155== by 0x445AE5: ui_itemlist_select (ui_itemlist.c:599) ==30155== by 0x43ED37: itemview_select_item (itemview.c:210) ==30155== by 0x428704: itemlist_selection_changed (itemlist.c:601) ==30155== by 0x4456F5: on_itemlist_selection_changed (ui_itemlist.c:763) ==30155== by 0x91C9A6D: g_closure_invoke (gclosure.c:766) ==30155== by 0x91DF4D6: signal_emit_unlocked_R (gsignal.c:3252) ==30155== by 0x91E0995: g_signal_emit_valist (gsignal.c:2983) ==30155== by 0x91E0F52: g_signal_emit (gsignal.c:3040) ==30155== by 0x774EDC1: gtk_tree_view_real_set_cursor (gtktreeview.c:12612) ==30155== by 0x7758521: gtk_tree_view_set_cursor_on_cell (gtktreeview.c:12749) ==30155== by 0x445AE5: ui_itemlist_select (ui_itemlist.c:599) ==30155== by 0x43ED37: itemview_select_item (itemview.c:210) ==30155== by 0x91C9A6D: g_closure_invoke (gclosure.c:766) ==30155== by 0x91DF4D6: signal_emit_unlocked_R (gsignal.c:3252) ==30155== by 0x91E0995: g_signal_emit_valist (gsignal.c:2983) ==30155== by 0x91E0F52: g_signal_emit (gsignal.c:3040) ==30155== by 0x758BA22: _gtk_action_emit_activate (gtkaction.c:794) ==30155== by 0x771DE88: button_clicked (gtktoolbutton.c:771) ==30155== by 0x91C9A6D: g_closure_invoke (gclosure.c:766) ==30155== by 0x91DF4D6: signal_emit_unlocked_R (gsignal.c:3252) ==30155== by 0x91E0995: g_signal_emit_valist (gsignal.c:2983) ==30155== by 0x91E0F52: g_signal_emit (gsignal.c:3040) ==30155== by 0x75A5E84: gtk_real_button_released (gtkbutton.c:1725) ==30155== by 0x91C9A6D: g_closure_invoke (gclosure.c:766) ==30155== by 0x91DEDA0: signal_emit_unlocked_R (gsignal.c:3182) ==30155== by 0x91E0995: g_signal_emit_valist (gsignal.c:2983) ==30155== by 0x91E0F52: g_signal_emit (gsignal.c:3040) ==30155== by 0x75A4B8C: gtk_button_button_release (gtkbutton.c:1617) ==30155== by 0x76529D7: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:86) ==30155== by 0x91C9A6D: g_closure_invoke (gclosure.c:766) ==30155== by 0x91DF11F: signal_emit_unlocked_R (gsignal.c:3290) ==30155== by 0x91E07DA: g_signal_emit_valist (gsignal.c:2993) ==30155== by 0x91E0F52: g_signal_emit (gsignal.c:3040) ==30155== by 0x776B6DE: gtk_widget_event_internal (gtkwidget.c:4985) ==30155== by 0x764AE72: gtk_propagate_event (gtkmain.c:2465) ==30155== by 0x764BF4A: gtk_main_do_event (gtkmain.c:1665) ==30155== by 0x7B9274B: gdk_event_dispatch (gdkevents-x11.c:2377) ==30155== by 0x964C341: g_main_context_dispatch (gmain.c:2149) ==30155== by 0x96502A7: g_main_context_iterate (gmain.c:2780) ==30155== by 0x96507B4: g_main_loop_run (gmain.c:2988) ==30155== by 0x764C3E6: gtk_main (gtkmain.c:1237) ==30155== by 0x431901: main (main.c:345) Thread 2: status = VgTs_WaitSys ==30155== at 0x99C8203: poll (poll.c:87) ==30155== by 0x9650008: g_main_context_iterate (gmain.c:3093) ==30155== by 0x96507B4: g_main_loop_run (gmain.c:2988) ==30155== by 0x9F320F3: gdbus_shared_thread_func (gdbusprivate.c:277) ==30155== by 0x96757E3: g_thread_create_proxy (gthread.c:1897) ==30155== by 0x8FA5970: start_thread (pthread_create.c:304) ==30155== by 0x99D492C: clone (clone.S:112) Thread 3: status = VgTs_WaitSys ==30155== at 0x99C8203: poll (poll.c:87) ==30155== by 0x9650008: g_main_context_iterate (gmain.c:3093) ==30155== by 0x96507B4: g_main_loop_run (gmain.c:2988) ==30155== by 0x730C4D2: ??? (in /usr/lib/libnm-glib.so.2.4.1) ==30155== by 0x96757E3: g_thread_create_proxy (gthread.c:1897) ==30155== by 0x8FA5970: start_thread (pthread_create.c:304) ==30155== by 0x99D492C: clone (clone.S:112) Thread 4: status = VgTs_WaitSys ==30155== at 0x8FA9A9C: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:162) ==30155== by 0x660B583: ??? (in /usr/lib/libwebkit-1.0.so.2.17.7) ==30155== by 0x660B5A8: ??? (in /usr/lib/libwebkit-1.0.so.2.17.7) ==30155== by 0x8FA5970: start_thread (pthread_create.c:304) ==30155== by 0x99D492C: clone (clone.S:112) Thread 5: status = VgTs_WaitSys ==30155== at 0x8FA9A9C: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:162) ==30155== by 0x62FACD7: ??? (in /usr/lib/libwebkit-1.0.so.2.17.7) ==30155== by 0x62FADA0: ??? (in /usr/lib/libwebkit-1.0.so.2.17.7) ==30155== by 0x8FA5970: start_thread (pthread_create.c:304) ==30155== by 0x99D492C: clone (clone.S:112) Thread 6: status = VgTs_WaitSys ==30155== at 0x8FA9E09: pthread_cond_timedwait@@GLIBC_2.3.2 (pthread_cond_timedwait.S:212) ==30155== by 0x94093C1: g_cond_timed_wait_posix_impl (gthread-posix.c:242) ==30155== by 0x96240F0: g_async_queue_pop_intern_unlocked (gasyncqueue.c:423) ==30155== by 0x9624236: g_async_queue_timed_pop (gasyncqueue.c:549) ==30155== by 0x96776A7: g_thread_pool_thread_proxy (gthreadpool.c:175) ==30155== by 0x96757E3: g_thread_create_proxy (gthread.c:1897) ==30155== by 0x8FA5970: start_thread (pthread_create.c:304) ==30155== by 0x99D492C: clone (clone.S:112) Note: see also the FAQ in the source distribution. It contains workarounds to several common problems. In particular, if Valgrind aborted or crashed after identifying problems in your program, there's a good chance that fixing those problems will prevent Valgrind aborting or crashing, especially if it happened in m_mallocfree.c. If that doesn't help, please report this bug to: www.valgrind.org In the bug report, send all the above text, the valgrind version, and what OS and version you are using. Thanks.