Bugzilla – Bug 155494
ghex crashes in search
Last modified: 2006-04-19 17:45:58 UTC
How to reproduce: Try to use search (I have been searching for "png" and pressed Next): hammer:~ # ghex2 /opt/gnome/bin/sound-juicer *** glibc detected *** ghex2: free(): invalid next size (fast): 0x0000000000768190 *** ======= Backtrace: ========= /lib64/libc.so.6[0x2b5870e4438e] /lib64/libc.so.6(__libc_free+0x6c)[0x2b5870e459ac] ghex2[0x40e9ad] /opt/gnome/lib64/libgobject-2.0.so.0(g_closure_invoke+0x11d)[0x2b586fc3438d] /opt/gnome/lib64/libgobject-2.0.so.0[0x2b586fc43eed] /opt/gnome/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x844)[0x2b586fc45344] /opt/gnome/lib64/libgobject-2.0.so.0(g_signal_emit+0x83)[0x2b586fc45523] /opt/gnome/lib64/libgtk-x11-2.0.so.0[0x2b586efd99e9] /opt/gnome/lib64/libgobject-2.0.so.0(g_closure_invoke+0x11d)[0x2b586fc3438d] /opt/gnome/lib64/libgobject-2.0.so.0[0x2b586fc4433c] /opt/gnome/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x844)[0x2b586fc45344] /opt/gnome/lib64/libgobject-2.0.so.0(g_signal_emit+0x83)[0x2b586fc45523] /opt/gnome/lib64/libgtk-x11-2.0.so.0[0x2b586efd8559] /opt/gnome/lib64/libgtk-x11-2.0.so.0[0x2b586f094d8d] /opt/gnome/lib64/libgobject-2.0.so.0(g_closure_invoke+0x11d)[0x2b586fc3438d] /opt/gnome/lib64/libgobject-2.0.so.0[0x2b586fc44507] /opt/gnome/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x615)[0x2b586fc45115] /opt/gnome/lib64/libgobject-2.0.so.0(g_signal_emit+0x83)[0x2b586fc45523] /opt/gnome/lib64/libgtk-x11-2.0.so.0[0x2b586f16ee2e] /opt/gnome/lib64/libgtk-x11-2.0.so.0(IA__gtk_propagate_event+0xfd)[0x2b586f08ea5d] /opt/gnome/lib64/libgtk-x11-2.0.so.0(IA__gtk_main_do_event+0x321)[0x2b586f08fa91] /opt/gnome/lib64/libgdk-x11-2.0.so.0[0x2b586f3dc51c] /opt/gnome/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x1ba)[0x2b586ff9b2ba] /opt/gnome/lib64/libglib-2.0.so.0[0x2b586ff9e345] /opt/gnome/lib64/libglib-2.0.so.0(g_main_loop_run+0x1d5)[0x2b586ff9e655] /opt/gnome/lib64/libbonobo-2.so.0(bonobo_main+0x46)[0x2b586dcd62b6] ghex2(main+0x25d)[0x410dad] /lib64/libc.so.6(__libc_start_main+0xf4)[0x2b5870df60f4] ghex2[0x40ae49] ======= Memory map: ======== 00400000-00420000 r-xp 00000000 08:06 20400 /opt/gnome/bin/ghex20051f000-00521000 rw-p 0001f000 08:06 20400 /opt/gnome/bin/ghex200521000-0078d000 rw-p 00521000 00:00 0 [heap] 2b586c057000-2b586c072000 r-xp 00000000 08:06 10747 /lib64/ld-2.3.90.so 2b586c072000-2b586c073000 rw-p 2b586c072000 00:00 0 2b586c09a000-2b586c09b000 rw-p 2b586c09a000 00:00 0 2b586c09b000-2b586c0d0000 r--s 00000000 08:06 141902 /var/run/nscd/passwd2b586c0d0000-2b586c103000 r--p 00000000 08:06 233904 /usr/lib/locale/cs_CZ.utf8/LC_CTYPE 2b586c103000-2b586c10a000 r--s 00000000 08:06 77885 /usr/lib64/gconv/gconv-modules.cache 2b586c171000-2b586c173000 rw-p 0001a000 08:06 10747 /lib64/ld-2.3.90.so 2b586c173000-2b586c207000 r-xp 00000000 08:06 210042 /opt/gnome/lib64/libgnomeui-2.so.0.1200.0 2b586c207000-2b586c306000 ---p 00094000 08:06 210042 /opt/gnome/lib64/libgnomeui-2.so.0.1200.0 2b586c306000-2b586c30c000 rw-p 00093000 08:06 210042 /opt/gnome/lib64/libgnomeui-2.so.0.1200.0 2b586c30c000-2b586c32d000 r-xp 00000000 08:06 208063 /usr/lib64/libjpeg.so.62.0.0 2b586c32d000-2b586c42c000 ---p 00021000 08:06 208063 /usr/lib64/libjpeg.so.62.0.0 2b586c42c000-2b586c42d000 rw-p 00020000 08:06 208063 /usr/lib64/libjpeg.so.62.0.0 2b586c42d000-2b586c496000 r-xp 00000000 08:06 125716 /opt/gnome/lib64/libbonoboui-2.so.0.0.0 2b586c496000-2b586c596000 ---p 00069000 08:06 125716 /opt/gnome/lib64/libbonoboui-2.so.0.0.0 2b586c596000-2b586c59b000 rw-p 00069000 08:06 125716 /opt/gnome/lib64/libbonoboui-2.so.0.0.0 2b586c59b000-2b586c59c000 rw-p 2b586c59b000 00:00 0 2b586c59c000-2b586c5a5000 r-xp 00000000 08:06 188236 /usr/X11R6/lib64/libSM.so.6.0 2b586c5a5000-2b586c6a5000 ---p 00009000 08:06 188236 /usr/X11R6/lib64/libSM.so.6.0 2b586c6a5000-2b586c
#4 0x00002b06728109ac in *__GI___libc_free (mem=0x6) at malloc.c:3433 #5 0x000000000040e9ad in find_next_cb (button=<value optimized out>, dialog=0x730b60) at findreplace.c:538 #6 0x00002b06715ff38d in g_closure_invoke (closure=0x668b40, return_value=0x0, n_param_values=1, param_values=0x7fff3d084810, invocation_hint=0x7fff3d0846d0) at gclosure.c:492 #7 0x00002b067160eeed in signal_emit_unlocked_R (node=0x69f590, detail=0, instance=0x736ae0, emission_return=0x0, instance_and_params=0x7fff3d084810) at gsignal.c:2485 #8 0x00002b0671610344 in g_signal_emit_valist (instance=0x736ae0, signal_id=<value optimized out>, detail=0, var_args=0x7fff3d084a90) at gsignal.c:2244 #9 0x00002b0671610523 in g_signal_emit (instance=0xc0e, signal_id=3086, detail=6) at gsignal.c:2288 #10 0x00002b06709a49e9 in gtk_real_button_released (button=0xc0e) at gtkbutton.c:1369 #11 0x00002b06715ff38d in g_closure_invoke (closure=0x691400, return_value=0x0, n_param_values=1, param_values=0x7fff3d084e20, invocation_hint=0x7fff3d084ce0) at gclosure.c:492 #12 0x00002b067160f33c in signal_emit_unlocked_R (node=0x69f480, detail=0, instance=0x736ae0, emission_return=0x0, instance_and_params=0x7fff3d084e20) at gsignal.c:2415 #13 0x00002b0671610344 in g_signal_emit_valist (instance=0x736ae0, signal_id=<value optimized out>, detail=0, var_args=0x7fff3d0850a0) at gsignal.c:2244 #14 0x00002b0671610523 in g_signal_emit (instance=0xc0e, signal_id=3086, detail=6) at gsignal.c:2288 #15 0x00002b06709a3559 in gtk_button_button_release (widget=0xc0e, event=0xc0e) at gtkbutton.c:1262 #16 0x00002b0670a5fd8d in _gtk_marshal_BOOLEAN__BOXED (closure=0x56abd0, return_value=0x7fff3d085360, n_param_values=<value optimized out>, param_values=0x7fff3d085460, invocation_hint=<value optimized out>, marshal_data=0x2b06709a3540) at gtkmarshalers.c:83 #17 0x00002b06715ff38d in g_closure_invoke (closure=0x56abd0, return_value=0x7fff3d085360, n_param_values=2, param_values=0x7fff3d085460, invocation_hint=0x7fff3d085320) at gclosure.c:492 #18 0x00002b067160f507 in signal_emit_unlocked_R (node=0x56ac60, detail=0, instance=0x736ae0, emission_return=0x7fff3d085680, instance_and_params=0x7fff3d085460) at gsignal.c:2523 #19 0x00002b0671610115 in g_signal_emit_valist (instance=0x736ae0, signal_id=<value optimized out>, detail=0, var_args=0x7fff3d0856e0) at gsignal.c:2254 #20 0x00002b0671610523 in g_signal_emit (instance=0xc0e, signal_id=3086, detail=6) at gsignal.c:2288 #21 0x00002b0670b39e2e in gtk_widget_event_internal (widget=0x736ae0, event=0x6fd110) at gtkwidget.c:3735 #22 0x00002b0670a59a5d in IA__gtk_propagate_event (widget=0x736ae0, event=0x6fd110) at gtkmain.c:2176 #23 0x00002b0670a5aa91 in IA__gtk_main_do_event (event=0x6fd110) at gtkmain.c:1413 #24 0x00002b0670da751c in gdk_event_dispatch (source=<value optimized out>, #25 0x00002b06719662ba in g_main_context_dispatch (context=0x558210) at gmain.c:1934 #26 0x00002b0671969345 in g_main_context_iterate (context=0x558210, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2565 #27 0x00002b0671969655 in g_main_loop_run (loop=0x531d30) at gmain.c:2769 #28 0x00002b066f6a12b6 in bonobo_main () at bonobo-main.c:394 #29 0x0000000000410dad in main (argc=2, argv=0x6060d0) at main.c:127
Actually, to reproduce: 1. Ctrl+F 2. Click to right part of window (string entry) 3. Write a string 4. Move cursor to different position of string entry using mouse. => Crash
Reported upstream http://bugzilla.gnome.org/show_bug.cgi?id=339055
And fixed.