Bug 155494

Summary: ghex crashes in search
Product: [openSUSE] SUSE Linux 10.1 Reporter: Stanislav Brabec <sbrabec>
Component: GNOMEAssignee: E-mail List <gnome-bugs>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Beta 6   
Target Milestone: ---   
Hardware: x86-64   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Stanislav Brabec 2006-03-06 17:38:29 UTC 
How to reproduce:

Try to use search (I have been searching for "png" and pressed Next):

hammer:~ # ghex2 /opt/gnome/bin/sound-juicer
*** glibc detected *** ghex2: free(): invalid next size (fast): 0x0000000000768190 ***
======= Backtrace: =========
/lib64/libc.so.6[0x2b5870e4438e]
/lib64/libc.so.6(__libc_free+0x6c)[0x2b5870e459ac]
ghex2[0x40e9ad]
/opt/gnome/lib64/libgobject-2.0.so.0(g_closure_invoke+0x11d)[0x2b586fc3438d]
/opt/gnome/lib64/libgobject-2.0.so.0[0x2b586fc43eed]
/opt/gnome/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x844)[0x2b586fc45344]
/opt/gnome/lib64/libgobject-2.0.so.0(g_signal_emit+0x83)[0x2b586fc45523]
/opt/gnome/lib64/libgtk-x11-2.0.so.0[0x2b586efd99e9]
/opt/gnome/lib64/libgobject-2.0.so.0(g_closure_invoke+0x11d)[0x2b586fc3438d]
/opt/gnome/lib64/libgobject-2.0.so.0[0x2b586fc4433c]
/opt/gnome/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x844)[0x2b586fc45344]
/opt/gnome/lib64/libgobject-2.0.so.0(g_signal_emit+0x83)[0x2b586fc45523]
/opt/gnome/lib64/libgtk-x11-2.0.so.0[0x2b586efd8559]
/opt/gnome/lib64/libgtk-x11-2.0.so.0[0x2b586f094d8d]
/opt/gnome/lib64/libgobject-2.0.so.0(g_closure_invoke+0x11d)[0x2b586fc3438d]
/opt/gnome/lib64/libgobject-2.0.so.0[0x2b586fc44507]
/opt/gnome/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x615)[0x2b586fc45115]
/opt/gnome/lib64/libgobject-2.0.so.0(g_signal_emit+0x83)[0x2b586fc45523]
/opt/gnome/lib64/libgtk-x11-2.0.so.0[0x2b586f16ee2e]
/opt/gnome/lib64/libgtk-x11-2.0.so.0(IA__gtk_propagate_event+0xfd)[0x2b586f08ea5d]
/opt/gnome/lib64/libgtk-x11-2.0.so.0(IA__gtk_main_do_event+0x321)[0x2b586f08fa91]
/opt/gnome/lib64/libgdk-x11-2.0.so.0[0x2b586f3dc51c]
/opt/gnome/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x1ba)[0x2b586ff9b2ba]
/opt/gnome/lib64/libglib-2.0.so.0[0x2b586ff9e345]
/opt/gnome/lib64/libglib-2.0.so.0(g_main_loop_run+0x1d5)[0x2b586ff9e655]
/opt/gnome/lib64/libbonobo-2.so.0(bonobo_main+0x46)[0x2b586dcd62b6]
ghex2(main+0x25d)[0x410dad]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x2b5870df60f4]
ghex2[0x40ae49]
======= Memory map: ========
00400000-00420000 r-xp 00000000 08:06 20400                              /opt/gnome/bin/ghex20051f000-00521000 rw-p 0001f000 08:06 20400                              /opt/gnome/bin/ghex200521000-0078d000 rw-p 00521000 00:00 0                                  [heap]
2b586c057000-2b586c072000 r-xp 00000000 08:06 10747                      /lib64/ld-2.3.90.so
2b586c072000-2b586c073000 rw-p 2b586c072000 00:00 0
2b586c09a000-2b586c09b000 rw-p 2b586c09a000 00:00 0
2b586c09b000-2b586c0d0000 r--s 00000000 08:06 141902                     /var/run/nscd/passwd2b586c0d0000-2b586c103000 r--p 00000000 08:06 233904                     /usr/lib/locale/cs_CZ.utf8/LC_CTYPE
2b586c103000-2b586c10a000 r--s 00000000 08:06 77885                      /usr/lib64/gconv/gconv-modules.cache
2b586c171000-2b586c173000 rw-p 0001a000 08:06 10747                      /lib64/ld-2.3.90.so
2b586c173000-2b586c207000 r-xp 00000000 08:06 210042                     /opt/gnome/lib64/libgnomeui-2.so.0.1200.0
2b586c207000-2b586c306000 ---p 00094000 08:06 210042                     /opt/gnome/lib64/libgnomeui-2.so.0.1200.0
2b586c306000-2b586c30c000 rw-p 00093000 08:06 210042                     /opt/gnome/lib64/libgnomeui-2.so.0.1200.0
2b586c30c000-2b586c32d000 r-xp 00000000 08:06 208063                     /usr/lib64/libjpeg.so.62.0.0
2b586c32d000-2b586c42c000 ---p 00021000 08:06 208063                     /usr/lib64/libjpeg.so.62.0.0
2b586c42c000-2b586c42d000 rw-p 00020000 08:06 208063                     /usr/lib64/libjpeg.so.62.0.0
2b586c42d000-2b586c496000 r-xp 00000000 08:06 125716                     /opt/gnome/lib64/libbonoboui-2.so.0.0.0
2b586c496000-2b586c596000 ---p 00069000 08:06 125716                     /opt/gnome/lib64/libbonoboui-2.so.0.0.0
2b586c596000-2b586c59b000 rw-p 00069000 08:06 125716                     /opt/gnome/lib64/libbonoboui-2.so.0.0.0
2b586c59b000-2b586c59c000 rw-p 2b586c59b000 00:00 0
2b586c59c000-2b586c5a5000 r-xp 00000000 08:06 188236                     /usr/X11R6/lib64/libSM.so.6.0
2b586c5a5000-2b586c6a5000 ---p 00009000 08:06 188236                     /usr/X11R6/lib64/libSM.so.6.0
2b586c6a5000-2b586c
Comment 1 Stanislav Brabec 2006-03-06 18:10:25 UTC 
#4  0x00002b06728109ac in *__GI___libc_free (mem=0x6) at malloc.c:3433
#5  0x000000000040e9ad in find_next_cb (button=<value optimized out>, dialog=0x730b60)
    at findreplace.c:538
#6  0x00002b06715ff38d in g_closure_invoke (closure=0x668b40, return_value=0x0,
    n_param_values=1, param_values=0x7fff3d084810, invocation_hint=0x7fff3d0846d0)
    at gclosure.c:492
#7  0x00002b067160eeed in signal_emit_unlocked_R (node=0x69f590, detail=0, instance=0x736ae0,
    emission_return=0x0, instance_and_params=0x7fff3d084810) at gsignal.c:2485
#8  0x00002b0671610344 in g_signal_emit_valist (instance=0x736ae0,
    signal_id=<value optimized out>, detail=0, var_args=0x7fff3d084a90) at gsignal.c:2244
#9  0x00002b0671610523 in g_signal_emit (instance=0xc0e, signal_id=3086, detail=6)
    at gsignal.c:2288
#10 0x00002b06709a49e9 in gtk_real_button_released (button=0xc0e) at gtkbutton.c:1369
#11 0x00002b06715ff38d in g_closure_invoke (closure=0x691400, return_value=0x0,
    n_param_values=1, param_values=0x7fff3d084e20, invocation_hint=0x7fff3d084ce0)
    at gclosure.c:492
#12 0x00002b067160f33c in signal_emit_unlocked_R (node=0x69f480, detail=0, instance=0x736ae0,
    emission_return=0x0, instance_and_params=0x7fff3d084e20) at gsignal.c:2415
#13 0x00002b0671610344 in g_signal_emit_valist (instance=0x736ae0,
    signal_id=<value optimized out>, detail=0, var_args=0x7fff3d0850a0) at gsignal.c:2244
#14 0x00002b0671610523 in g_signal_emit (instance=0xc0e, signal_id=3086, detail=6)
    at gsignal.c:2288
#15 0x00002b06709a3559 in gtk_button_button_release (widget=0xc0e, event=0xc0e)
    at gtkbutton.c:1262
#16 0x00002b0670a5fd8d in _gtk_marshal_BOOLEAN__BOXED (closure=0x56abd0,
    return_value=0x7fff3d085360, n_param_values=<value optimized out>,
    param_values=0x7fff3d085460, invocation_hint=<value optimized out>,
    marshal_data=0x2b06709a3540) at gtkmarshalers.c:83
#17 0x00002b06715ff38d in g_closure_invoke (closure=0x56abd0, return_value=0x7fff3d085360,
    n_param_values=2, param_values=0x7fff3d085460, invocation_hint=0x7fff3d085320)
    at gclosure.c:492
#18 0x00002b067160f507 in signal_emit_unlocked_R (node=0x56ac60, detail=0, instance=0x736ae0,
    emission_return=0x7fff3d085680, instance_and_params=0x7fff3d085460) at gsignal.c:2523
#19 0x00002b0671610115 in g_signal_emit_valist (instance=0x736ae0,
    signal_id=<value optimized out>, detail=0, var_args=0x7fff3d0856e0) at gsignal.c:2254
#20 0x00002b0671610523 in g_signal_emit (instance=0xc0e, signal_id=3086, detail=6)
    at gsignal.c:2288
#21 0x00002b0670b39e2e in gtk_widget_event_internal (widget=0x736ae0, event=0x6fd110)
    at gtkwidget.c:3735
#22 0x00002b0670a59a5d in IA__gtk_propagate_event (widget=0x736ae0, event=0x6fd110)
    at gtkmain.c:2176
#23 0x00002b0670a5aa91 in IA__gtk_main_do_event (event=0x6fd110) at gtkmain.c:1413
#24 0x00002b0670da751c in gdk_event_dispatch (source=<value optimized out>,
#25 0x00002b06719662ba in g_main_context_dispatch (context=0x558210) at gmain.c:1934
#26 0x00002b0671969345 in g_main_context_iterate (context=0x558210, block=1, dispatch=1,
    self=<value optimized out>) at gmain.c:2565
#27 0x00002b0671969655 in g_main_loop_run (loop=0x531d30) at gmain.c:2769
#28 0x00002b066f6a12b6 in bonobo_main () at bonobo-main.c:394
#29 0x0000000000410dad in main (argc=2, argv=0x6060d0) at main.c:127
Comment 2 Stanislav Brabec 2006-04-14 15:20:13 UTC 
Actually, to reproduce:
1. Ctrl+F
2. Click to right part of window (string entry)
3. Write a string
4. Move cursor to different position of string entry using mouse.

=> Crash
Comment 3 Stanislav Brabec 2006-04-19 17:34:03 UTC 
Reported upstream http://bugzilla.gnome.org/show_bug.cgi?id=339055
Comment 4 Stanislav Brabec 2006-04-19 17:45:58 UTC 
And fixed.