invalid read (segfault) on duplicate lines in .hidden

This crash has the same stack trace characteristics as bug #420841. However, the latter was already fixed in an earlier package version than the one in this report. This might be a regression or because the problem is in a dependent package.

StacktraceTop:
 __libc_message (do_abort=2, fmt=0x7f4555af80d8 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
 malloc_printerr (action=3, str=0x7f4555af8210 "double free or corruption (fasttop)", ptr=<optimized out>) at malloc.c:6283
 __GI___libc_free (mem=<optimized out>) at malloc.c:3738
 g_hash_table_remove_node (hash_table=0x7f4548035c60, i=<optimized out>, notify=<optimized out>) at /build/buildd/glib2.0-2.30.0/./glib/ghash.c:440
 g_hash_table_foreach_remove_or_steal (hash_table=0x7f4548035c60, func=0x495770 <set_file_unconfirmed+112>, user_data=0x0, notify=1) at /build/buildd/glib2.0-2.30.0/./glib/ghash.c:1311

Do you still get that issue?

yes i do still get this issue, it is the same issue that I reported at
https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/878896

still occuring on my fully updated machine.
seems to only occur while browsing ntfs drive.
verified this on an old compaq presario V2000 fully updated with 64bit as well, it only crashes while browsing ntfs drive.
occurs very consistantly on both machines, after clicking through 2 or 3 folders.

better stack trace attached.

turns out this actually happens when there is a duplicate entry in the .hidden file.
it has nothing to do with ntfs drives. (i happened to browse a folder with the problem on both of my machines)
I am not sure if this is worth fixing or not, most people will not run into it much.

Reproduction steps:
1. create a .hidden file in any directory.
2. place a filename into the file twice (on separate lines). the filename does not have to exist.
3. browse to the folder in nautilus and press ctrl+H OR browse to the folder in nautilus and click on another folder, either a subfolder or any other folder

Status changed to 'Confirmed' because the bug affects multiple users.

Thank you for the steps, I can confirm the issue, the .hidden use is non standard though:
https://bugzilla.gnome.org/show_bug.cgi?id=668674

I decided to keep looking at this since I had already started. Just to be clear, the work around of removing duplicates from .hidden works fine to fix this.

But here's what I found in the code (caution: I'm new to programming with linux, feel free to correct me)
-The crash occurs because the GHashTable has a key_destroy_func and g_hash_table_insert_node() is called with keep_new_key = false instead of true in ghash.c
-In order to fix this, g_hash_table_replace() should be used instead of g_hash_table_insert() in read_dot_hidden_file() in nautilus-directory-async.c. I ran nautilus with this change and it didn't crash anymore.
-I did a quick search to see if this situation happens anywhere else in Nautilus, the only spot I found is at nautilus-view.c:3315, but I'm not sure if that's an issue or not.
-If I am correct, it seems strange that the comments in ghash.c for using GHashTable as a set indicate that g_hash_table_insert should be used, when it actually causes this issue.

Thanks Aaron, do you think you could add that comment on https://bugzilla.gnome.org/show_bug.cgi?id=668674 as well?

the issue is fixed in quantal