[Users] [Bug 3149] New: IMAP thread uses a stale session pointer (already freed from GTK/GDK context)

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Sun Apr 20 12:33:41 CEST 2014


http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3149

            Bug ID: 3149
           Summary: IMAP thread uses a stale session pointer (already
                    freed from GTK/GDK context)
    Classification: Unclassified
           Product: Claws Mail
           Version: 3.9.3
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P3
         Component: Folders/IMAP
          Assignee: users at lists.claws-mail.org
          Reporter: deweloper at wp.pl

Memory corruption reported by Valgrind:

==00:00:39:01.702 2406== Invalid read of size 4
==00:00:39:01.702 2406==    at 0x80E4373: imap_handle_error (imap.c:596)
==00:00:39:01.702 2406==    by 0x80E4A4A: imap_cmd_noop (imap.c:4018)
==00:00:39:01.702 2406==    by 0x80E5F5D: imap_ping (imap.c:559)
==00:00:39:01.702 2406==    by 0x48066261: g_timeout_dispatch (gmain.c:4451)
==00:00:39:01.702 2406==    by 0x48065555: g_main_context_dispatch
(gmain.c:3066)
==00:00:39:01.702 2406==    by 0x4806591F: g_main_context_iterate.isra.23
(gmain.c:3713)
==00:00:39:01.702 2406==    by 0x480659E8: g_main_context_iteration
(gmain.c:3774)
==00:00:39:01.702 2406==    by 0x4372D981: gtk_main_iteration (gtkmain.c:1345)
==00:00:39:01.702 2406==    by 0x822E5D4: threaded_run (imap-thread.c:440)
==00:00:39:01.702 2406==    by 0x8233B63: imap_threaded_fetch_uid_flags
(imap-thread.c:2266)
==00:00:39:01.702 2406==    by 0x80EB85B: imap_get_flags (imap.c:5139)
==00:00:39:01.702 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.702 2406==  Address 0x4e9f0b8 is 8 bytes inside a block of size
4,096 free'd
==00:00:39:01.702 2406==    at 0x4007BCD: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==00:00:39:01.702 2406==    by 0x4806B631: g_free (gmem.c:197)
==00:00:39:01.702 2406==    by 0x48ACC880: pixops_process (pixops.c:1382)
==00:00:39:01.702 2406==    by 0x48ACD1AC: _pixops_scale (pixops.c:2216)
==00:00:39:01.702 2406==    by 0x48AC2DEB: gdk_pixbuf_scale
(gdk-pixbuf-scale.c:153)
==00:00:39:01.702 2406==    by 0x4A9ADD5: pixbuf_render (pixbuf-render.c:466)
==00:00:39:01.702 2406==    by 0x4A9BFDB: theme_pixbuf_render
(pixbuf-render.c:818)
==00:00:39:01.702 2406==    by 0x4A98142: draw_simple_image.isra.0
(pixbuf-draw.c:145)
==00:00:39:01.703 2406==    by 0x4A994EB: draw_box (pixbuf-draw.c:668)
==00:00:39:01.703 2406==    by 0x437D3C5B: gtk_paint_box (gtkstyle.c:6207)
==00:00:39:01.703 2406==    by 0x4365F130: _gtk_button_paint (gtkbutton.c:1511)
==00:00:39:01.703 2406==    by 0x4365F391: gtk_button_expose (gtkbutton.c:1564)
==00:00:39:01.703 2406== 
==00:00:39:01.728 2406== Invalid read of size 4
==00:00:39:01.728 2406==    at 0x80E43DF: imap_handle_error (imap.c:574)
==00:00:39:01.728 2406==    by 0x80E4A4A: imap_cmd_noop (imap.c:4018)
==00:00:39:01.728 2406==    by 0x80E5F5D: imap_ping (imap.c:559)
==00:00:39:01.728 2406==    by 0x48066261: g_timeout_dispatch (gmain.c:4451)
==00:00:39:01.728 2406==    by 0x48065555: g_main_context_dispatch
(gmain.c:3066)
==00:00:39:01.728 2406==    by 0x4806591F: g_main_context_iterate.isra.23
(gmain.c:3713)
==00:00:39:01.728 2406==    by 0x480659E8: g_main_context_iteration
(gmain.c:3774)
==00:00:39:01.728 2406==    by 0x4372D981: gtk_main_iteration (gtkmain.c:1345)
==00:00:39:01.728 2406==    by 0x822E5D4: threaded_run (imap-thread.c:440)
==00:00:39:01.728 2406==    by 0x8233B63: imap_threaded_fetch_uid_flags
(imap-thread.c:2266)
==00:00:39:01.728 2406==    by 0x80EB85B: imap_get_flags (imap.c:5139)
==00:00:39:01.728 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.728 2406==  Address 0x4ea0190 is not stack'd, malloc'd or
(recently) free'd
==00:00:39:01.728 2406== 
==00:00:39:01.751 2406== Invalid write of size 4
==00:00:39:01.751 2406==    at 0x80E4415: imap_handle_error (imap.c:577)
==00:00:39:01.751 2406==    by 0x80E4A4A: imap_cmd_noop (imap.c:4018)
==00:00:39:01.751 2406==    by 0x80E5F5D: imap_ping (imap.c:559)
==00:00:39:01.751 2406==    by 0x48066261: g_timeout_dispatch (gmain.c:4451)
==00:00:39:01.751 2406==    by 0x48065555: g_main_context_dispatch
(gmain.c:3066)
==00:00:39:01.751 2406==    by 0x4806591F: g_main_context_iterate.isra.23
(gmain.c:3713)
==00:00:39:01.751 2406==    by 0x480659E8: g_main_context_iteration
(gmain.c:3774)
==00:00:39:01.751 2406==    by 0x4372D981: gtk_main_iteration (gtkmain.c:1345)
==00:00:39:01.751 2406==    by 0x822E5D4: threaded_run (imap-thread.c:440)
==00:00:39:01.752 2406==    by 0x8233B63: imap_threaded_fetch_uid_flags
(imap-thread.c:2266)
==00:00:39:01.752 2406==    by 0x80EB85B: imap_get_flags (imap.c:5139)
==00:00:39:01.752 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.752 2406==  Address 0x4e9f0c4 is 20 bytes inside a block of size
4,096 free'd
==00:00:39:01.752 2406==    at 0x4007BCD: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==00:00:39:01.752 2406==    by 0x4806B631: g_free (gmem.c:197)
==00:00:39:01.752 2406==    by 0x48ACC880: pixops_process (pixops.c:1382)
==00:00:39:01.752 2406==    by 0x48ACD1AC: _pixops_scale (pixops.c:2216)
==00:00:39:01.752 2406==    by 0x48AC2DEB: gdk_pixbuf_scale
(gdk-pixbuf-scale.c:153)
==00:00:39:01.752 2406==    by 0x4A9ADD5: pixbuf_render (pixbuf-render.c:466)
==00:00:39:01.752 2406==    by 0x4A9BFDB: theme_pixbuf_render
(pixbuf-render.c:818)
==00:00:39:01.752 2406==    by 0x4A98142: draw_simple_image.isra.0
(pixbuf-draw.c:145)
==00:00:39:01.752 2406==    by 0x4A994EB: draw_box (pixbuf-draw.c:668)
==00:00:39:01.752 2406==    by 0x437D3C5B: gtk_paint_box (gtkstyle.c:6207)
==00:00:39:01.752 2406==    by 0x4365F130: _gtk_button_paint (gtkbutton.c:1511)
==00:00:39:01.752 2406==    by 0x4365F391: gtk_button_expose (gtkbutton.c:1564)
==00:00:39:01.752 2406== 
==00:00:39:01.773 2406== Invalid write of size 4
==00:00:39:01.773 2406==    at 0x80E441C: imap_handle_error (imap.c:578)
==00:00:39:01.773 2406==    by 0x80E4A4A: imap_cmd_noop (imap.c:4018)
==00:00:39:01.773 2406==    by 0x80E5F5D: imap_ping (imap.c:559)
==00:00:39:01.773 2406==    by 0x48066261: g_timeout_dispatch (gmain.c:4451)
==00:00:39:01.773 2406==    by 0x48065555: g_main_context_dispatch
(gmain.c:3066)
==00:00:39:01.773 2406==    by 0x4806591F: g_main_context_iterate.isra.23
(gmain.c:3713)
==00:00:39:01.773 2406==    by 0x480659E8: g_main_context_iteration
(gmain.c:3774)
==00:00:39:01.773 2406==    by 0x4372D981: gtk_main_iteration (gtkmain.c:1345)
==00:00:39:01.773 2406==    by 0x822E5D4: threaded_run (imap-thread.c:440)
==00:00:39:01.773 2406==    by 0x8233B63: imap_threaded_fetch_uid_flags
(imap-thread.c:2266)
==00:00:39:01.773 2406==    by 0x80EB85B: imap_get_flags (imap.c:5139)
==00:00:39:01.773 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.773 2406==  Address 0x4e9f0b4 is 4 bytes inside a block of size
4,096 free'd
==00:00:39:01.773 2406==    at 0x4007BCD: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==00:00:39:01.773 2406==    by 0x4806B631: g_free (gmem.c:197)
==00:00:39:01.773 2406==    by 0x48ACC880: pixops_process (pixops.c:1382)
==00:00:39:01.773 2406==    by 0x48ACD1AC: _pixops_scale (pixops.c:2216)
==00:00:39:01.773 2406==    by 0x48AC2DEB: gdk_pixbuf_scale
(gdk-pixbuf-scale.c:153)
==00:00:39:01.773 2406==    by 0x4A9ADD5: pixbuf_render (pixbuf-render.c:466)
==00:00:39:01.773 2406==    by 0x4A9BFDB: theme_pixbuf_render
(pixbuf-render.c:818)
==00:00:39:01.773 2406==    by 0x4A98142: draw_simple_image.isra.0
(pixbuf-draw.c:145)
==00:00:39:01.773 2406==    by 0x4A994EB: draw_box (pixbuf-draw.c:668)
==00:00:39:01.773 2406==    by 0x437D3C5B: gtk_paint_box (gtkstyle.c:6207)
==00:00:39:01.773 2406==    by 0x4365F130: _gtk_button_paint (gtkbutton.c:1511)
==00:00:39:01.773 2406==    by 0x4365F391: gtk_button_expose (gtkbutton.c:1564)
==00:00:39:01.773 2406== 
==00:00:39:01.797 2406== Invalid read of size 4
==00:00:39:01.798 2406==    at 0x80E42FF: unlock_session (imap.c:514)
==00:00:39:01.798 2406==    by 0x80E5F66: imap_ping (imap.c:560)
==00:00:39:01.798 2406==    by 0x48066261: g_timeout_dispatch (gmain.c:4451)
==00:00:39:01.798 2406==    by 0x48065555: g_main_context_dispatch
(gmain.c:3066)
==00:00:39:01.798 2406==    by 0x4806591F: g_main_context_iterate.isra.23
(gmain.c:3713)
==00:00:39:01.798 2406==    by 0x480659E8: g_main_context_iteration
(gmain.c:3774)
==00:00:39:01.798 2406==    by 0x4372D981: gtk_main_iteration (gtkmain.c:1345)
==00:00:39:01.798 2406==    by 0x822E5D4: threaded_run (imap-thread.c:440)
==00:00:39:01.798 2406==    by 0x8233B63: imap_threaded_fetch_uid_flags
(imap-thread.c:2266)
==00:00:39:01.798 2406==    by 0x80EB85B: imap_get_flags (imap.c:5139)
==00:00:39:01.798 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.798 2406==    by 0x80CF312: folder_item_scan_full (folder.c:2346)
==00:00:39:01.798 2406==  Address 0x4ea019c is not stack'd, malloc'd or
(recently) free'd
==00:00:39:01.798 2406== 
==00:00:39:01.821 2406== Invalid write of size 4
==00:00:39:01.821 2406==    at 0x80E4305: unlock_session (imap.c:540)
==00:00:39:01.821 2406==    by 0x80E5F66: imap_ping (imap.c:560)
==00:00:39:01.821 2406==    by 0x48066261: g_timeout_dispatch (gmain.c:4451)
==00:00:39:01.821 2406==    by 0x48065555: g_main_context_dispatch
(gmain.c:3066)
==00:00:39:01.821 2406==    by 0x4806591F: g_main_context_iterate.isra.23
(gmain.c:3713)
==00:00:39:01.821 2406==    by 0x480659E8: g_main_context_iteration
(gmain.c:3774)
==00:00:39:01.821 2406==    by 0x4372D981: gtk_main_iteration (gtkmain.c:1345)
==00:00:39:01.821 2406==    by 0x822E5D4: threaded_run (imap-thread.c:440)
==00:00:39:01.821 2406==    by 0x8233B63: imap_threaded_fetch_uid_flags
(imap-thread.c:2266)
==00:00:39:01.821 2406==    by 0x80EB85B: imap_get_flags (imap.c:5139)
==00:00:39:01.821 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.821 2406==    by 0x80CF312: folder_item_scan_full (folder.c:2346)
==00:00:39:01.821 2406==  Address 0x4ea0194 is not stack'd, malloc'd or
(recently) free'd
==00:00:39:01.821 2406== 
==00:00:39:01.865 2406== Invalid read of size 4
==00:00:39:01.865 2406==    at 0x80E42FF: unlock_session (imap.c:514)
==00:00:39:01.865 2406==    by 0x80EB932: imap_get_flags (imap.c:5153)
==00:00:39:01.865 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.865 2406==    by 0x80CF312: folder_item_scan_full (folder.c:2346)
==00:00:39:01.865 2406==    by 0x80D0F67: folder_item_scan (folder.c:2507)
==00:00:39:01.865 2406==    by 0x80DC9A6: folderview_check_new
(folderview.c:1190)
==00:00:39:01.865 2406==    by 0x80F7032: inc_all_account_mail (inc.c:360)
==00:00:39:01.865 2406==    by 0x81D1AEF: toolbar_inc_all_cb (toolbar.c:2667)
==00:00:39:01.866 2406==    by 0x48187548: g_cclosure_marshal_VOID__VOIDv
(gmarshal.c:115)
==00:00:39:01.866 2406==    by 0x48185A25: _g_closure_invoke_va
(gclosure.c:840)
==00:00:39:01.866 2406==    by 0x4819FA82: g_signal_emit_valist
(gsignal.c:3238)
==00:00:39:01.866 2406==    by 0x481A0B80: g_signal_emit_by_name
(gsignal.c:3426)
==00:00:39:01.866 2406==  Address 0x45f40d4 is 8 bytes after a block of size 28
free'd
==00:00:39:01.866 2406==    at 0x4007BCD: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==00:00:39:01.866 2406==    by 0x4806B631: g_free (gmem.c:197)
==00:00:39:01.866 2406==    by 0x48082E07: g_slice_free1 (gslice.c:1124)
==00:00:39:01.866 2406==    by 0x433A4CEA: gdk_region_destroy
(gdkregion-generic.c:366)
==00:00:39:01.866 2406==    by 0x4339446E: gdk_event_free (gdkevents.c:554)
==00:00:39:01.866 2406==    by 0x436971DF: gtk_container_propagate_expose
(gtkcontainer.c:2759)
==00:00:39:01.866 2406==    by 0x82867BE: gtk_cmclist_expose
(gtkcmclist.c:4968)
==00:00:39:01.866 2406==    by 0x4373098D: _gtk_marshal_BOOLEAN__BOXED
(gtkmarshalers.c:86)
==00:00:39:01.866 2406==    by 0x48184274: g_type_class_meta_marshal
(gclosure.c:970)
==00:00:39:01.866 2406==    by 0x481857DD: g_closure_invoke (gclosure.c:777)
==00:00:39:01.866 2406==    by 0x481981C9: signal_emit_unlocked_R
(gsignal.c:3624)
==00:00:39:01.866 2406==    by 0x481A00AA: g_signal_emit_valist
(gsignal.c:3340)
==00:00:39:01.866 2406== 
==00:00:39:01.886 2406== Invalid write of size 4
==00:00:39:01.886 2406==    at 0x80E4305: unlock_session (imap.c:540)
==00:00:39:01.886 2406==    by 0x80EB932: imap_get_flags (imap.c:5153)
==00:00:39:01.886 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.886 2406==    by 0x80CF312: folder_item_scan_full (folder.c:2346)
==00:00:39:01.886 2406==    by 0x80D0F67: folder_item_scan (folder.c:2507)
==00:00:39:01.886 2406==    by 0x80DC9A6: folderview_check_new
(folderview.c:1190)
==00:00:39:01.886 2406==    by 0x80F7032: inc_all_account_mail (inc.c:360)
==00:00:39:01.887 2406==    by 0x81D1AEF: toolbar_inc_all_cb (toolbar.c:2667)
==00:00:39:01.887 2406==    by 0x48187548: g_cclosure_marshal_VOID__VOIDv
(gmarshal.c:115)
==00:00:39:01.887 2406==    by 0x48185A25: _g_closure_invoke_va
(gclosure.c:840)
==00:00:39:01.887 2406==    by 0x4819FA82: g_signal_emit_valist
(gsignal.c:3238)
==00:00:39:01.887 2406==    by 0x481A0B80: g_signal_emit_by_name
(gsignal.c:3426)
==00:00:39:01.887 2406==  Address 0x45f40cc is 0 bytes after a block of size 28
free'd
==00:00:39:01.887 2406==    at 0x4007BCD: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==00:00:39:01.887 2406==    by 0x4806B631: g_free (gmem.c:197)
==00:00:39:01.887 2406==    by 0x48082E07: g_slice_free1 (gslice.c:1124)
==00:00:39:01.887 2406==    by 0x433A4CEA: gdk_region_destroy
(gdkregion-generic.c:366)
==00:00:39:01.887 2406==    by 0x4339446E: gdk_event_free (gdkevents.c:554)
==00:00:39:01.887 2406==    by 0x436971DF: gtk_container_propagate_expose
(gtkcontainer.c:2759)
==00:00:39:01.887 2406==    by 0x82867BE: gtk_cmclist_expose
(gtkcmclist.c:4968)
==00:00:39:01.887 2406==    by 0x4373098D: _gtk_marshal_BOOLEAN__BOXED
(gtkmarshalers.c:86)
==00:00:39:01.887 2406==    by 0x48184274: g_type_class_meta_marshal
(gclosure.c:970)
==00:00:39:01.887 2406==    by 0x481857DD: g_closure_invoke (gclosure.c:777)
==00:00:39:01.887 2406==    by 0x481981C9: signal_emit_unlocked_R
(gsignal.c:3624)
==00:00:39:01.887 2406==    by 0x481A00AA: g_signal_emit_valist
(gsignal.c:3340)
==00:00:39:01.887 2406== 

This may lead to a crash like in bug 3145.
claws-mail was running in background when this happened, however it is possible
that it occured just after resuming PC from suspend.

-- 
You are receiving this mail because:
You are the assignee for the bug.



More information about the Users mailing list