Public bug reported:
This issue is causing segfaults in Trusty. Here is the valgrind output:
==8100== Invalid read of size 4
==8100== at 0x5A479E: PyObject_Free (obmalloc.c:987)
==8100== by 0x443D7A: xmlparse_ParseFile.45364 (pyexpat.c:865)
==8100== by 0x4B410B: PyEval_EvalFrameEx (ceval.c:4057)
==8100== by 0x5A1969: function_call.70433 (ceval.c:3439)
==8100== by 0x4DCF0B: method_call.65011 (abstract.c:2064)
==8100== by 0x56BA13: slot_tp_init.6802 (abstract.c:2064)
==8100== by 0x4C9856: type_call.6601 (typeobject.c:754)
==8100== by 0x4B42E5: PyEval_EvalFrameEx (abstract.c:2064)
==8100== by 0x4B3CA4: PyEval_EvalFrameEx (ceval.c:4157)
==8100== by 0x5A1969: function_call.70433 (ceval.c:3439)
==8100== by 0x4DCF0B: method_call.65011 (abstract.c:2064)
==8100== by 0x56BA13: slot_tp_init.6802 (abstract.c:2064)
==8100== by 0x4C9856: type_call.6601 (typeobject.c:754)
==8100== by 0x581889: PyObject_Call (abstract.c:2064)
==8100== by 0x4B19F3: PyEval_EvalFrameEx (ceval.c:4384)
==8100== by 0x5A1046: PyEval_EvalCodeEx (ceval.c:3439)
==8100== by 0x4B4401: PyEval_EvalFrameEx (ceval.c:4167)
==8100== by 0x5A1969: function_call.70433 (ceval.c:3439)
==8100== by 0x581889: PyObject_Call (abstract.c:2064)
==8100== by 0x4B19F3: PyEval_EvalFrameEx (ceval.c:4384)
==8100== by 0x5A1969: function_call.70433 (ceval.c:3439)
==8100== by 0x4DCF0B: method_call.65011 (abstract.c:2064)
==8100== by 0x56B5D6: slot_tp_call.6815 (abstract.c:2064)
==8100== by 0x4B42E5: PyEval_EvalFrameEx (abstract.c:2064)
==8100== by 0x4B3CA4: PyEval_EvalFrameEx (ceval.c:4157)
==8100== Address 0x19df7020 is 64 bytes inside a block of size 72 free'd
==8100== at 0x4C2B60C: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8100== by 0x7037AB2: _pygi_argument_to_object (in
/usr/lib/python3/dist-packages/gi/_gi.cpython-33m-x86_64-linux-gnu.so)
==8100== by 0x7037D7F: _pygi_argument_to_object (in
/usr/lib/python3/dist-packages/gi/_gi.cpython-33m-x86_64-linux-gnu.so)
==8100== by 0x703A43D: _pygi_closure_handle (in
/usr/lib/python3/dist-packages/gi/_gi.cpython-33m-x86_64-linux-gnu.so)
==8100== by 0x816C8CA: ffi_closure_unix64_inner (in
/usr/lib/x86_64-linux-gnu/libffi.so.6.0.1)
==8100== by 0x816CC43: ffi_closure_unix64 (in
/usr/lib/x86_64-linux-gnu/libffi.so.6.0.1)
==8100== by 0x816CADB: ffi_call_unix64 (in
/usr/lib/x86_64-linux-gnu/libffi.so.6.0.1)
==8100== by 0x816C40B: ffi_call (in
/usr/lib/x86_64-linux-gnu/libffi.so.6.0.1)
==8100== by 0x74BAE24: g_cclosure_marshal_generic_va (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3800.1)
==8100== by 0x74BA3B6: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3800.1)
==8100== by 0x74D2E81: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3800.1)
==8100== by 0x74D4011: g_signal_emit_by_name (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3800.1)
==8100== by 0x7E9EE46: ??? (in
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.3800.1)
==8100== by 0x7EC0B10: ??? (in
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.3800.1)
==8100== by 0x77433B5: g_main_context_dispatch (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
==8100== by 0x7743707: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
==8100== by 0x77437AB: g_main_context_iteration (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
==8100== by 0x7E9DA8B: g_application_run (in
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.3800.1)
==8100== by 0x816CADB: ffi_call_unix64 (in
/usr/lib/x86_64-linux-gnu/libffi.so.6.0.1)
==8100== by 0x816C40B: ffi_call (in
/usr/lib/x86_64-linux-gnu/libffi.so.6.0.1)
==8100== by 0x7280CC8: g_callable_info_invoke (in
/usr/lib/libgirepository-1.0.so.1.0.0)
==8100== by 0x7282006: g_function_info_invoke (in
/usr/lib/libgirepository-1.0.so.1.0.0)
==8100== by 0x703D546: pygi_callable_info_invoke (in
/usr/lib/python3/dist-packages/gi/_gi.cpython-33m-x86_64-linux-gnu.so)
==8100== by 0x703352D: _callable_info_call (in
/usr/lib/python3/dist-packages/gi/_gi.cpython-33m-x86_64-linux-gnu.so)
==8100== by 0x4B42E5: PyEval_EvalFrameEx (abstract.c:2064)
==8100==
==8100== Conditional jump or move depends on uninitialised value(s)
==8100== at 0x5A47A7: PyObject_Free (obmalloc.c:987)
==8100== by 0x443D7A: xmlparse_ParseFile.45364 (pyexpat.c:865)
==8100== by 0x4B410B: PyEval_EvalFrameEx (ceval.c:4057)
==8100== by 0x5A1969: function_call.70433 (ceval.c:3439)
==8100== by 0x4DCF0B: method_call.65011 (abstract.c:2064)
==8100== by 0x56BA13: slot_tp_init.6802 (abstract.c:2064)
==8100== by 0x4C9856: type_call.6601 (typeobject.c:754)
==8100== by 0x4B42E5: PyEval_EvalFrameEx (abstract.c:2064)
==8100== by 0x4B3CA4: PyEval_EvalFrameEx (ceval.c:4157)
==8100== by 0x5A1969: function_call.70433 (ceval.c:3439)
==8100== by 0x4DCF0B: method_call.65011 (abstract.c:2064)
==8100== by 0x56BA13: slot_tp_init.6802 (abstract.c:2064)
==8100== by 0x4C9856: type_call.6601 (typeobject.c:754)
==8100== by 0x581889: PyObject_Call (abstract.c:2064)
==8100== by 0x4B19F3: PyEval_EvalFrameEx (ceval.c:4384)
==8100== by 0x5A1046: PyEval_EvalCodeEx (ceval.c:3439)
==8100== by 0x4B4401: PyEval_EvalFrameEx (ceval.c:4167)
==8100== by 0x5A1969: function_call.70433 (ceval.c:3439)
==8100== by 0x581889: PyObject_Call (abstract.c:2064)
==8100== by 0x4B19F3: PyEval_EvalFrameEx (ceval.c:4384)
==8100== by 0x5A1969: function_call.70433 (ceval.c:3439)
==8100== by 0x4DCF0B: method_call.65011 (abstract.c:2064)
==8100== by 0x56B5D6: slot_tp_call.6815 (abstract.c:2064)
==8100== by 0x4B42E5: PyEval_EvalFrameEx (abstract.c:2064)
==8100== by 0x4B3CA4: PyEval_EvalFrameEx (ceval.c:4157)
==8100==
==8100== Use of uninitialised value of size 8
==8100== at 0x5A47C0: PyObject_Free (obmalloc.c:987)
==8100== by 0x443D7A: xmlparse_ParseFile.45364 (pyexpat.c:865)
==8100== by 0x4B410B: PyEval_EvalFrameEx (ceval.c:4057)
==8100== by 0x5A1969: function_call.70433 (ceval.c:3439)
==8100== by 0x4DCF0B: method_call.65011 (abstract.c:2064)
==8100== by 0x56BA13: slot_tp_init.6802 (abstract.c:2064)
==8100== by 0x4C9856: type_call.6601 (typeobject.c:754)
==8100== by 0x4B42E5: PyEval_EvalFrameEx (abstract.c:2064)
==8100== by 0x4B3CA4: PyEval_EvalFrameEx (ceval.c:4157)
==8100== by 0x5A1969: function_call.70433 (ceval.c:3439)
==8100== by 0x4DCF0B: method_call.65011 (abstract.c:2064)
==8100== by 0x56BA13: slot_tp_init.6802 (abstract.c:2064)
==8100== by 0x4C9856: type_call.6601 (typeobject.c:754)
==8100== by 0x581889: PyObject_Call (abstract.c:2064)
==8100== by 0x4B19F3: PyEval_EvalFrameEx (ceval.c:4384)
==8100== by 0x5A1046: PyEval_EvalCodeEx (ceval.c:3439)
==8100== by 0x4B4401: PyEval_EvalFrameEx (ceval.c:4167)
==8100== by 0x5A1969: function_call.70433 (ceval.c:3439)
==8100== by 0x581889: PyObject_Call (abstract.c:2064)
==8100== by 0x4B19F3: PyEval_EvalFrameEx (ceval.c:4384)
==8100== by 0x5A1969: function_call.70433 (ceval.c:3439)
==8100== by 0x4DCF0B: method_call.65011 (abstract.c:2064)
==8100== by 0x56B5D6: slot_tp_call.6815 (abstract.c:2064)
==8100== by 0x4B42E5: PyEval_EvalFrameEx (abstract.c:2064)
==8100== by 0x4B3CA4: PyEval_EvalFrameEx (ceval.c:4157)
==8100==
==8100== Conditional jump or move depends on uninitialised value(s)
==8100== at 0x9FF334F: gdk_pixbuf_get_from_surface (in
/usr/lib/x86_64-linux-gnu/libgdk-3.so.0.800.4)
==8100== by 0x9B4A390: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9A4E2B7: gtk_icon_set_render_icon_pixbuf (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9A4EEA7: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9A4F276: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9A4F47C: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9A60A21: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9A60A87: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9AF3FF0: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9AF4172: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x99A7916: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9AF3FF0: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9AF4172: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x99B33E6: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9AF3FF0: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9AF4172: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9AF3FF0: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9AF4172: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9AF4491: gtk_widget_get_preferred_size (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9B4DAA6: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9B4E208: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9B4E453: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9AF3F67: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9AF4172: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100== by 0x9A48148: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.800.4)
==8100==
Let me know if you need any more information.
** Affects: pygobject (Ubuntu)
Importance: High
Assignee: Martin Pitt (pitti)
Status: New
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to pygobject in Ubuntu.
https://bugs.launchpad.net/bugs/1246516
Title:
Memory from slice allocator passed to PyObject_Free
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pygobject/+bug/1246516/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
