[Users] [Bug 3979] Hang (with killing needed) during action which extracts attachments

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Thu Jan 3 23:23:44 CET 2019 

https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3979

--- Comment #6 from Andrej Kacian <andrej at kacian.sk> ---
The problem seems to be that by the time the code gets to wait_for_children(),
the Children struct is already freed. Valgrind shows a series of following
invalid reads and invalid writes, all differing only in the size read or
written and first line of the first backtrace (all of them within the same
function). This means that wait_for_children() tries to access various members
of the struct when it's already freed.

==23766== Invalid write of size 4
==23766==    at 0x23BD2B: wait_for_children (action.c:1085)
==23766==    by 0x23D858: catch_output (action.c:1615)
==23766==    by 0x4A1DCE: claws_io_invoke (gtkutils.c:1651)
==23766==    by 0x5F88AE7: g_main_context_dispatch (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x5F88ED7: ??? (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x5F88F6B: g_main_context_iteration (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x4BCAB00: gtk_main_iteration (in
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.32)
==23766==    by 0x24FC98: alertpanel_show (alertpanel.c:213)
==23766==    by 0x24F79B: alertpanel_message (alertpanel.c:131)
==23766==    by 0x24FA3D: alertpanel_error (alertpanel.c:170)
==23766==    by 0x23B946: fork_child (action.c:987)
==23766==    by 0x23B469: execute_actions (action.c:879)
==23766==  Address 0x1055e774 is 100 bytes inside a block of size 120 free'd
==23766==    at 0x48369AB: free (vg_replace_malloc.c:530)
==23766==    by 0x23C0CF: free_children (action.c:1186)
==23766==    by 0x23BD87: wait_for_children (action.c:1094)
==23766==    by 0x23D858: catch_output (action.c:1615)
==23766==    by 0x4A1DCE: claws_io_invoke (gtkutils.c:1651)
==23766==    by 0x5F88AE7: g_main_context_dispatch (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x5F88ED7: ??? (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x5F88F6B: g_main_context_iteration (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x4BCAB00: gtk_main_iteration (in
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.32)
==23766==    by 0x24FC98: alertpanel_show (alertpanel.c:213)
==23766==    by 0x24F79B: alertpanel_message (alertpanel.c:131)
==23766==    by 0x24FA3D: alertpanel_error (alertpanel.c:170)
==23766==  Block was alloc'd at
==23766==    at 0x4837B65: calloc (vg_replace_malloc.c:752)
==23766==    by 0x5F8E698: g_malloc0 (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x23B2C3: execute_actions (action.c:841)
==23766==    by 0x23AC33: message_actions_execute (action.c:690)
==23766==    by 0x23A78F: mainwin_actions_execute (action.c:629)
==23766==    by 0x23A746: mainwin_actions_execute_cb (action.c:620)
==23766==    by 0x5EF5B6C: g_closure_invoke (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5800.1)
==23766==    by 0x5F088F2: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5800.1)
==23766==    by 0x5F11881: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5800.1)
==23766==    by 0x5F11ECE: g_signal_emit (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5800.1)
==23766==    by 0x4CE2A49: gtk_widget_activate (in
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.32)
==23766==    by 0x4BDF4BC: gtk_menu_shell_activate_item (in
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.32)

At the very end, valgrind reports the same double-free that can be seen in my
previous GDB backtrace:

==23766== Invalid free() / delete / delete[] / realloc()
==23766==    at 0x48369AB: free (vg_replace_malloc.c:530)
==23766==    by 0x23C0CF: free_children (action.c:1186)
==23766==    by 0x23BD87: wait_for_children (action.c:1094)
==23766==    by 0x23D858: catch_output (action.c:1615)
==23766==    by 0x4A1DCE: claws_io_invoke (gtkutils.c:1651)
==23766==    by 0x5F88AE7: g_main_context_dispatch (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x5F88ED7: ??? (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x5F88F6B: g_main_context_iteration (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x4BCAB00: gtk_main_iteration (in
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.32)
==23766==    by 0x24FC98: alertpanel_show (alertpanel.c:213)
==23766==    by 0x24F79B: alertpanel_message (alertpanel.c:131)
==23766==    by 0x24FA3D: alertpanel_error (alertpanel.c:170)
==23766==  Address 0x1055e710 is 0 bytes inside a block of size 120 free'd
==23766==    at 0x48369AB: free (vg_replace_malloc.c:530)
==23766==    by 0x23C0CF: free_children (action.c:1186)
==23766==    by 0x23BD87: wait_for_children (action.c:1094)
==23766==    by 0x23D858: catch_output (action.c:1615)
==23766==    by 0x4A1DCE: claws_io_invoke (gtkutils.c:1651)
==23766==    by 0x5F88AE7: g_main_context_dispatch (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x5F88ED7: ??? (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x5F88F6B: g_main_context_iteration (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x4BCAB00: gtk_main_iteration (in
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.32)
==23766==    by 0x24FC98: alertpanel_show (alertpanel.c:213)
==23766==    by 0x24F79B: alertpanel_message (alertpanel.c:131)
==23766==    by 0x24FA3D: alertpanel_error (alertpanel.c:170)
==23766==  Block was alloc'd at
==23766==    at 0x4837B65: calloc (vg_replace_malloc.c:752)
==23766==    by 0x5F8E698: g_malloc0 (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5800.1)
==23766==    by 0x23B2C3: execute_actions (action.c:841)
==23766==    by 0x23AC33: message_actions_execute (action.c:690)
==23766==    by 0x23A78F: mainwin_actions_execute (action.c:629)
==23766==    by 0x23A746: mainwin_actions_execute_cb (action.c:620)
==23766==    by 0x5EF5B6C: g_closure_invoke (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5800.1)
==23766==    by 0x5F088F2: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5800.1)
==23766==    by 0x5F11881: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5800.1)
==23766==    by 0x5F11ECE: g_signal_emit (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5800.1)
==23766==    by 0x4CE2A49: gtk_widget_activate (in
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.32)
==23766==    by 0x4BDF4BC: gtk_menu_shell_activate_item (in
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.32)

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Users mailing list