URL:
<http://gna.org/bugs/?24351>
Summary: Color option accessed after freed
Project: Freeciv
Submitted by: cazfi
Submitted on: Wed 27 Jan 2016 02:37:13 AM EET
Category: client
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Assigned to: None
Originator Email:
Open/Closed: Open
Release: S2_6 r31617
Discussion Lock: Any
Operating System: None
Planned Release:
_______________________________________________________
Details:
I've got gtk3-client crash reproducible *outside valgrind* (I guess it's in
idle_callback or similar again, so that performance loss from valgrind makes a
timing difference)
1) Launch client
2) Click "Client Settings"
3) Click "OK"
4) Clict "Client Settings"
5) Click "OK"
However, when trying to reproduce that on Valgrind, following showed up though
no crash:
==13661== Invalid read of size 1
==13661== at 0x459A62: option_dialog_option_color_set (optiondlg.c:799)
==13661== by 0x459A62: option_dialog_option_refresh (optiondlg.c:835)
==13661== by 0x45B5BD: option_gui_update (optiondlg.c:1025)
==13661== by 0x4B47F6: option_color_set (options.c:1093)
==13661== by 0x459580: option_dialog_option_apply (optiondlg.c:961)
==13661== by 0x45B21F: option_dialog_foreach (optiondlg.c:479)
==13661== by 0x45B21F: option_dialog_reponse_callback (optiondlg.c:107)
==13661== by 0x86B7F44: g_closure_invoke (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== by 0x86C9F90: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== by 0x86D2D2B: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== by 0x86D305E: g_signal_emit (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== by 0x86B8173: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== by 0x86D2975: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== by 0x86D305E: g_signal_emit (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== Address 0x177b8cf0 is 0 bytes inside a block of size 1 free'd
==13661== at 0x4C2AEAB: free (vg_replace_malloc.c:530)
==13661== by 0x4B1B95: client_option_color_set (options.c:3305)
==13661== by 0x4B47E6: option_color_set (options.c:1092)
==13661== by 0x459580: option_dialog_option_apply (optiondlg.c:961)
==13661== by 0x45B21F: option_dialog_foreach (optiondlg.c:479)
==13661== by 0x45B21F: option_dialog_reponse_callback (optiondlg.c:107)
==13661== by 0x86B7F44: g_closure_invoke (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== by 0x86C9F90: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== by 0x86D2D2B: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== by 0x86D305E: g_signal_emit (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== by 0x86B8173: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== by 0x86D2975: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== by 0x86D305E: g_signal_emit (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4600.2)
==13661== Block was alloc'd at
==13661== at 0x4C29C4F: malloc (vg_replace_malloc.c:299)
==13661== by 0x5FADE2: fc_real_malloc (mem.c:86)
==13661== by 0x5FAEEC: real_fc_strdup (mem.c:144)
==13661== by 0x4B1B04: client_option_color_set (options.c:3305)
==13661== by 0x4B47E6: option_color_set (options.c:1092)
==13661== by 0x4B6BBB: client_option_load (options.c:3420)
==13661== by 0x4B6BBB: options_load (options.c:5438)
==13661== by 0x47364C: client_main (client_main.c:612)
==13661== by 0x906986F: (below main) (in
/lib/x86_64-linux-gnu/libc-2.21.so)
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?24351>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
_______________________________________________
Freeciv-dev mailing list
[email protected]
https://mail.gna.org/listinfo/freeciv-dev
