Status: New Owner: ---- Labels: Type-Defect Priority-Medium New issue 306 by lidaobing: [ibus-chewing] crash due to "free(): invalid pointer" http://code.google.com/p/ibus/issues/detail?id=306
ibus-chewing version: 1.0.2.20090302 valgrind result: -------------------------begin------------------------------------- ==30918== Invalid free() / delete / delete[] ==30918== at 0x4C262AF: free (vg_replace_malloc.c:323) ==30918== by 0x404F7C: ___finalize (in /usr/lib/ibus-chewing/ibus-engine-chewing) ==30918== by 0x70453F8: g_object_unref (gobject.c:2421) ==30918== by 0x7066E22: g_value_unset (gvalue.c:276) ==30918== by 0x705B554: g_signal_emit_valist (gsignal.c:3007) ==30918== by 0x705BA82: g_signal_emit (gsignal.c:3034) ==30918== by 0x775C80A: ibus_service_handle_message (in /usr/lib/libibus.so.0.0.0) ==30918== by 0x7759F39: (within /usr/lib/libibus.so.0.0.0) ==30918== by 0x79A0080: (within /lib/libdbus-1.so.3.4.0) ==30918== by 0x7992965: dbus_connection_dispatch (in /lib/libdbus-1.so.3.4.0) ==30918== by 0x77575C4: (within /usr/lib/libibus.so.0.0.0) ==30918== by 0x74BC199: g_main_context_dispatch (gmain.c:1814) ==30918== Address 0xc232640 is 576 bytes inside a block of size 1,008 alloc'd ==30918== at 0x4C251D0: memalign (vg_replace_malloc.c:460) ==30918== by 0x4C2528A: posix_memalign (vg_replace_malloc.c:569) ==30918== by 0x74D9610: slab_allocator_alloc_chunk (gslice.c:1136) ==30918== by 0x74DAED2: g_slice_alloc (gslice.c:666) ==30918== by 0x74DAFC5: g_slice_alloc0 (gslice.c:833) ==30918== by 0x70651BF: g_type_create_instance (gtype.c:1654) ==30918== by 0x7048B1A: g_object_constructor (gobject.c:1338) ==30918== by 0x7049199: g_object_newv (gobject.c:1215) ==30918== by 0x7049D16: g_object_new_valist (gobject.c:1278) ==30918== by 0x7049E5B: g_object_new (gobject.c:1060) ==30918== by 0x775FD59: ibus_text_new_from_static_string (in /usr/lib/libibus.so.0.0.0) ==30918== by 0x4050AF: ibus_chewing_engine_class_init (in /usr/lib/ibus-chewing/ibus-engine-chewing) -----------------------------end------------------------------- terminal log of this crash -------------------begin------------------------------------- $ /usr/lib/ibus-chewing/ibus-engine-chewing --ibus ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=0 ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=1 ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=2 ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=3 ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=4 ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=5 ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=6 ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=0 ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=1 ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=2 ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=3 ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=4 ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=5 ** (ibus-engine-chewing:31091): DEBUG: context_load_parameters() 7 j=6 *** glibc detected *** /usr/lib/ibus-chewing/ibus-engine-chewing: free(): invalid pointer: 0x0000000002489240 *** ======= Backtrace: ========= //lib/libc.so.6[0x7f01ad2e8cb8] //lib/libc.so.6(cfree+0x76)[0x7f01ad2eb276] /usr/lib/ibus-chewing/ibus-engine-chewing[0x404f7d] /usr/lib/libgobject-2.0.so.0(g_object_unref+0x139)[0x7f01ae3ab3f9] /usr/lib/libgobject-2.0.so.0(g_value_unset+0x23)[0x7f01ae3cce23] /usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x805)[0x7f01ae3c1555] /usr/lib/libgobject-2.0.so.0(g_signal_emit+0x83)[0x7f01ae3c1a83] /usr/lib/libibus.so.0(ibus_service_handle_message+0x2b)[0x7f01adcaa80b] /usr/lib/libibus.so.0[0x7f01adca7f3a] //lib/libdbus-1.so.3[0x7f01ada75081] //lib/libdbus-1.so.3(dbus_connection_dispatch+0x396)[0x7f01ada67966] /usr/lib/libibus.so.0[0x7f01adca55c5] /usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x24a)[0x7f01adf0c19a] /usr/lib/libglib-2.0.so.0[0x7f01adf0f870] /usr/lib/libglib-2.0.so.0(g_main_loop_run+0x1cd)[0x7f01adf0fd3d] /usr/lib/libibus.so.0(ibus_main+0x1c)[0x7f01adca49fc] /usr/lib/ibus-chewing/ibus-engine-chewing[0x40455a] /usr/lib/ibus-chewing/ibus-engine-chewing(main+0xa8)[0x404604] //lib/libc.so.6(__libc_start_main+0xe6)[0x7f01ad28f5a6] /usr/lib/ibus-chewing/ibus-engine-chewing[0x4043a9] ======= Memory map: ======== 00400000-0040a000 r-xp 00000000 fc:04 101351 /usr/lib/ibus-chewing/ibus-engine-chewing 00609000-0060a000 r--p 00009000 fc:04 101351 /usr/lib/ibus-chewing/ibus-engine-chewing 0060a000-0060b000 rw-p 0000a000 fc:04 101351 /usr/lib/ibus-chewing/ibus-engine-chewing 02453000-02541000 rw-p 02453000 00:00 0 [heap] 7f01a0000000-7f01a0021000 rw-p 7f01a0000000 00:00 0 7f01a0021000-7f01a4000000 ---p 7f01a0021000 00:00 0 7f01a7b2a000-7f01a7b40000 r-xp 00000000 fc:04 895247 /lib/libgcc_s.so.1 7f01a7b40000-7f01a7d40000 ---p 00016000 fc:04 895247 /lib/libgcc_s.so.1 7f01a7d40000-7f01a7d41000 r--p 00016000 fc:04 895247 /lib/libgcc_s.so.1 7f01a7d41000-7f01a7d42000 rw-p 00017000 fc:04 895247 /lib/libgcc_s.so.1 7f01a7d42000-7f01a7db6000 r--s 00000000 fc:04 257439 /usr/share/libchewing3/chewing/ph_index.dat 7f01a7db6000-7f01a7f7b000 r--s 00000000 fc:04 257436 /usr/share/libchewing3/chewing/dict.dat 7f01a7f7b000-7f01a7f7c000 r--s 00000000 fc:04 257435 /usr/share/libchewing3/chewing/ch_index_phone.dat 7f01a7f7c000-7f01a7f7e000 r--s 00000000 fc:04 257434 /usr/share/libchewing3/chewing/ch_index_begin.dat 7f01a7f7e000-7f01a7f98000 r--s 00000000 fc:04 257443 /usr/share/libchewing3/chewing/us_freq.dat 7f01a7f98000-7f01a81ea000 r--s 00000000 fc:04 257437 /usr/share/libchewing3/chewing/fonetree.dat 7f01a81ea000-7f01a843c000 r--s 00000000 fc:04 257437 /usr/share/libchewing3/chewing/fonetree.dat 7f01a843c000-7f01a8448000 r-xp 00000000 fc:04 894053 /lib/libnss_files-2.9.so 7f01a8448000-7f01a8647000 ---p 0000c000 fc:04 894053 /lib/libnss_files-2.9.so 7f01a8647000-7f01a8648000 r--p 0000b000 fc:04 894053 /lib/libnss_files-2.9.so 7f01a8648000-7f01a8649000 rw-p 0000c000 fc:04 894053 /lib/libnss_files-2.9.so 7f01a8649000-7f01a8653000 r-xp 00000000 fc:04 894055 /lib/libnss_nis-2.9.so 7f01a8653000-7f01a8852000 ---p 0000a000 fc:04 894055 /lib/libnss_nis-2.9.so 7f01a8852000-7f01a8853000 r--p 00009000 fc:04 894055 /lib/libnss_nis-2.9.so 7f01a8853000-7f01a8854000 rw-p 0000a000 fc:04 894055 /lib/libnss_nis-2.9.so 7f01a8854000-7f01a886a000 r-xp 00000000 fc:04 894050 /lib/libnsl-2.9.so 7f01a886a000-7f01a8a6a000 ---p 00016000 fc:04 894050 /lib/libnsl-2.9.so 7f01a8a6a000-7f01a8a6b000 r--p 00016000 fc:04 894050 /lib/libnsl-2.9.so 7f01a8a6b000-7f01a8a6c000 rw-p 00017000 fc:04 894050 /lib/libnsl-2.9.so 7f01a8a6c000-7f01a8a6e000 rw-p 7f01a8a6c000 00:00 0 7f01a8a6e000-7f01a8a76000 r-xp 00000000 fc:04 894051 /lib/libnss_compat-2.9.so 7f01a8a76000-7f01a8c75000 ---p 00008000 fc:04 894051 /lib/libnss_compat-2.9.so 7f01a8c75000-7f01a8c76000 r--p 00007000 fc:04 894051 /lib/libnss_compat-2.9.so 7f01a8c76000-7f01a8c77000 rw-p 00008000 fc:04 894051 /lib/libnss_compat-2.9.so 7f01a8c77000-7f01a8c95000 r-xp 00000000 fc:04 254055 /usr/lib/gio/modules/libgvfsdbus.so 7f01a8c95000-7f01a8e94000 ---p 0001e000 fc:04 254055 /usr/lib/gio/modules/libgvfsdbus.so 7f01a8e94000-7f01a8e95000 r-Aborted (core dumped) -------------------------end-------------------------- test environ: jaunty, amd64 -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "ibus-devel" group. iBus project web page: http://code.google.com/p/ibus/ iBus dev group: http://groups.google.com/group/ibus-devel?hl=en -~----------~----~----~----~------~----~------~--~---
