Bug#854357: valgrind error report

William L. DeRieux IV Wed, 15 Feb 2017 21:39:35 -0800

Using valgrind to execute monodeveop gave me some more information and

it seems to be an issue (free() invalid pointer as well as double freeor corruption) in gtk_file_chooser_get_filenames.


$ valgrind mono-sgen --debug /usr/lib/monodevelop/bin/MonoDevelop.exe

==21563== Conditional jump or move depends on uninitialised value(s)

==21563== at 0x33B313: sgen_conservatively_pin_objects_from(sgen-gc.c:841)

==21563==    by 0x3219E5: sgen_client_scan_thread_data (sgen-mono.c:2391)

==21563== by 0x33C824: collect_nursery.part.27.constprop.33(sgen-gc.c:1563)

==21563==    by 0x33EF49: collect_nursery (sgen-gc.c:2246)
==21563==    by 0x33EF49: sgen_perform_collection (sgen-gc.c:2266)
==21563==    by 0x331B43: sgen_alloc_obj_nolock (sgen-alloc.c:262)
==21563==    by 0x331FF5: sgen_alloc_obj (sgen-alloc.c:426)
==21563==    by 0x31D408: mono_gc_alloc_obj (sgen-mono.c:930)
==21563==    by 0x4045297: ???
==21563==    by 0x67FFE67: ???
==21563==    by 0x5D6049F: ???
==21563==    by 0x5D5FF7F: ???
==21563==    by 0xB18ED5F: ???
==21563==
==21563== Conditional jump or move depends on uninitialised value(s)

==21563== at 0x33B318: sgen_conservatively_pin_objects_from(sgen-gc.c:841)

==21563==    by 0x3219E5: sgen_client_scan_thread_data (sgen-mono.c:2391)

==21563== by 0x33C824: collect_nursery.part.27.constprop.33(sgen-gc.c:1563)

==21563==    by 0x33EF49: collect_nursery (sgen-gc.c:2246)
==21563==    by 0x33EF49: sgen_perform_collection (sgen-gc.c:2266)
==21563==    by 0x331B43: sgen_alloc_obj_nolock (sgen-alloc.c:262)
==21563==    by 0x331FF5: sgen_alloc_obj (sgen-alloc.c:426)
==21563==    by 0x31D408: mono_gc_alloc_obj (sgen-mono.c:930)
==21563==    by 0x4045297: ???
==21563==    by 0x67FFE67: ???
==21563==    by 0x5D6049F: ???
==21563==    by 0x5D5FF7F: ???
==21563==    by 0xB18ED5F: ???
==21563==
==21563== Conditional jump or move depends on uninitialised value(s)
==21563==    at 0x14796259: compute_hint (pixbuf-render.c:606)
==21563==    by 0x14796259: theme_pixbuf_compute_hints (pixbuf-render.c:696)
==21563==    by 0x14797047: theme_pixbuf_get_pixbuf (pixbuf-render.c:759)
==21563==    by 0x147970F2: theme_pixbuf_render (pixbuf-render.c:777)
==21563==    by 0x14793E09: draw_simple_image.isra.0 (pixbuf-draw.c:145)
==21563==    by 0x14794B01: draw_flat_box (pixbuf-draw.c:699)
==21563==    by 0xC90F68C: gtk_entry_expose (gtkentry.c:3450)
==21563==    by 0x228FCF5A: ???
==21563==    by 0x1F68D26B: ???
==21563==    by 0xC97E7BB: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:86)
==21563==    by 0xEE0BF74: g_closure_invoke (gclosure.c:804)
==21563==    by 0xEE1E37C: signal_emit_unlocked_R (gsignal.c:3673)
==21563==    by 0xEE2666E: g_signal_emit_valist (gsignal.c:3401)
==21563==
==21563== Conditional jump or move depends on uninitialised value(s)

==21563== at 0x10616FBE: ??? (in/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.34.0)==21563== by 0x105FAE1A: ??? (in/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.34.0)==21563== by 0x105B66E0: pixman_image_composite32 (in/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.34.0)==21563== by 0xE10069A: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE145999: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE137C3D: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE1386B2: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE1395C2: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE0F3BAF: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE1052C6: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE13C816: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE0FC28B: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)

==21563==
==21563== Conditional jump or move depends on uninitialised value(s)

==21563== at 0x10616FBE: ??? (in/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.34.0)==21563== by 0x105FAE1A: ??? (in/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.34.0)==21563== by 0x105B66E0: pixman_image_composite32 (in/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.34.0)==21563== by 0xE10073A: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE145999: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE137C3D: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE1386B2: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE1395C2: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE0F3BAF: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE1052C6: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE13C816: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE0FC28B: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)

==21563==
==21563== Conditional jump or move depends on uninitialised value(s)

==21563== at 0x1061720E: ??? (in/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.34.0)==21563== by 0x105FAE1A: ??? (in/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.34.0)==21563== by 0x105B66E0: pixman_image_composite32 (in/usr/lib/x86_64-linux-gnu/libpixman-1.so.0.34.0)==21563== by 0xE10069A: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE145999: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE137C3D: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE1386B2: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE1395C2: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE0F3BAF: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE1052C6: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE13C816: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE0FC28B: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)

==21563==
==21563== Syscall param writev(vector[...]) points to uninitialised byte(s)
==21563==    at 0x5A5CD5D: ??? (syscall-template.S:84)

==21563== by 0x1038F41C: ??? (in/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)==21563== by 0x1038F81C: ??? (in/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)==21563== by 0x1038F89C: xcb_writev (in/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)==21563== by 0xD59EA7D: _XSend (in/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0)==21563== by 0xF53F0FF: XRenderAddGlyphs (in/usr/lib/x86_64-linux-gnu/libXrender.so.1.3.0)==21563== by 0xE166580: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE14E00E: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE14E20D: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE0F3CBE: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE16A5CF: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== by 0xE13CED2: ??? (in/usr/lib/x86_64-linux-gnu/libcairo.so.2.11400.8)==21563== Address 0xb7df1db is 13,339 bytes inside a block of size16,384 alloc'd

==21563==    at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)

==21563== by 0xD58EEC5: XOpenDisplay (in/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0)

==21563==    by 0xCEE4348: gdk_display_open (gdkdisplay-x11.c:166)
==21563==    by 0xCEB3FB1: gdk_display_open_default_libgtk_only (gdk.c:324)
==21563==    by 0xC97C284: IA__gtk_init_check (gtkmain.c:1006)
==21563==    by 0xC97C284: gtk_init (gtkmain.c:1053)
==21563==    by 0xBA34D5A: ???
==21563==    by 0x4043233: ???
==21563==    by 0x4042F0F: ???
==21563==    by 0x145978: mono_jit_runtime_invoke (mini-runtime.c:2547)
==21563==    by 0x2F381D: do_runtime_invoke (object.c:2809)
==21563==    by 0x2FD5DC: mono_runtime_exec_main (object.c:4562)
==21563==    by 0x2FD94D: mono_runtime_run_main (object.c:4134)
==21563==
==21563== Thread 3 Finalizer:
==21563== Invalid read of size 8
==21563==    at 0xC32EF44: g_slice_free_chain_with_offset (gslice.c:1226)
==21563==    by 0x269A3524: ???
==21563==    by 0xC2B6AB0: ???
==21563==    by 0x2ECF8B: mono_gc_run_finalize (gc.c:268)
==21563==    by 0x33C07B: sgen_gc_invoke_finalizers (sgen-gc.c:2462)
==21563==    by 0x2ED522: finalizer_thread (gc.c:791)
==21563==    by 0x2CB460: start_wrapper_internal (threads.c:740)
==21563==    by 0x2CB460: start_wrapper (threads.c:788)
==21563==    by 0x38A9C9: inner_start_thread (mono-threads-posix.c:92)
==21563==    by 0x554F423: start_thread (pthread_create.c:333)
==21563==    by 0x5A649BE: clone (clone.S:105)
==21563==  Address 0x1e660258 is 8 bytes inside a block of size 16 free'd
==21563==    at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==21563==    by 0x269A3424: ???
==21563==    by 0xC2B6AB0: ???
==21563==    by 0x2ECF8B: mono_gc_run_finalize (gc.c:268)
==21563==    by 0x33C07B: sgen_gc_invoke_finalizers (sgen-gc.c:2462)
==21563==    by 0x2ED522: finalizer_thread (gc.c:791)
==21563==    by 0x2CB460: start_wrapper_internal (threads.c:740)
==21563==    by 0x2CB460: start_wrapper (threads.c:788)
==21563==    by 0x38A9C9: inner_start_thread (mono-threads-posix.c:92)
==21563==    by 0x554F423: start_thread (pthread_create.c:333)
==21563==    by 0x5A649BE: clone (clone.S:105)
==21563==  Block was alloc'd at
==21563==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==21563==    by 0xC315E08: g_malloc (gmem.c:94)
==21563==    by 0xC32E342: g_slice_alloc (gslice.c:1025)
==21563==    by 0xC32F3B5: g_slist_prepend (gslist.c:254)
==21563==    by 0xC91DB8D: files_to_strings (gtkfilechooser.c:1317)

==21563== by 0xC91ED01: gtk_file_chooser_get_filenames(gtkfilechooser.c:1364)

==21563==    by 0x26027AE4: ???
==21563==    by 0x26029EEF: ???
==21563==    by 0x241ECB0F: ???
==21563==    by 0xEE0BF74: g_closure_invoke (gclosure.c:804)
==21563==    by 0xEE1E37C: signal_emit_unlocked_R (gsignal.c:3673)
==21563==    by 0xEE26BCB: g_signal_emit_valist (gsignal.c:3391)
==21563==
==21563== Invalid free() / delete / delete[] / realloc()
==21563==    at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==21563==    by 0xC32EF83: g_slice_free_chain_with_offset (gslice.c:1232)
==21563==    by 0x269A3524: ???
==21563==    by 0xC2B6AB0: ???
==21563==    by 0x2ECF8B: mono_gc_run_finalize (gc.c:268)
==21563==    by 0x33C07B: sgen_gc_invoke_finalizers (sgen-gc.c:2462)
==21563==    by 0x2ED522: finalizer_thread (gc.c:791)
==21563==    by 0x2CB460: start_wrapper_internal (threads.c:740)
==21563==    by 0x2CB460: start_wrapper (threads.c:788)
==21563==    by 0x38A9C9: inner_start_thread (mono-threads-posix.c:92)
==21563==    by 0x554F423: start_thread (pthread_create.c:333)
==21563==    by 0x5A649BE: clone (clone.S:105)
==21563==  Address 0x1e660250 is 0 bytes inside a block of size 16 free'd
==21563==    at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==21563==    by 0x269A3424: ???
==21563==    by 0xC2B6AB0: ???
==21563==    by 0x2ECF8B: mono_gc_run_finalize (gc.c:268)
==21563==    by 0x33C07B: sgen_gc_invoke_finalizers (sgen-gc.c:2462)
==21563==    by 0x2ED522: finalizer_thread (gc.c:791)
==21563==    by 0x2CB460: start_wrapper_internal (threads.c:740)
==21563==    by 0x2CB460: start_wrapper (threads.c:788)
==21563==    by 0x38A9C9: inner_start_thread (mono-threads-posix.c:92)
==21563==    by 0x554F423: start_thread (pthread_create.c:333)
==21563==    by 0x5A649BE: clone (clone.S:105)
==21563==  Block was alloc'd at
==21563==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==21563==    by 0xC315E08: g_malloc (gmem.c:94)
==21563==    by 0xC32E342: g_slice_alloc (gslice.c:1025)
==21563==    by 0xC32F3B5: g_slist_prepend (gslist.c:254)
==21563==    by 0xC91DB8D: files_to_strings (gtkfilechooser.c:1317)

==21563== by 0xC91ED01: gtk_file_chooser_get_filenames(gtkfilechooser.c:1364)

==21563==    by 0x26027AE4: ???
==21563==    by 0x26029EEF: ???
==21563==    by 0x241ECB0F: ???
==21563==    by 0xEE0BF74: g_closure_invoke (gclosure.c:804)
==21563==    by 0xEE1E37C: signal_emit_unlocked_R (gsignal.c:3673)
==21563==    by 0xEE26BCB: g_signal_emit_valist (gsignal.c:3391)
==21563==

Bug#854357: valgrind error report

Reply via email to