394876 - moz_gtk_option_menu_get_metrics is incorrectly freeing border

Status: VERIFIED DUPLICATE of bug 389801

Description

[Frederic Crozat]

Created attachment 279610 [details] [diff] [review]
use gtk_border_free, not g_free

moz_gtk_option_menu_get_metrics is using g_free instead of gtk_border_free to free a GtkBorder.

This is causing crashes with glib 2.12.0 / gtk+ 2.11.x with introduction of g_slice (to reproduce, use ThinIce gtk engine and try to create a new mail in Thunderbird).

Comment 1

[Alexander Sack]

Yes, I can confirm that we see a bunch of crashes with various themes in ubuntu. the backtrace looks like:

#0 raise () from /lib/libc.so.6
#1 abort () from /lib/libc.so.6
#2 __libc_message () from /lib/libc.so.6
#3 malloc_printerr () from /lib/libc.so.6
#4 free () from /lib/libc.so.6
#5 g_free () from /usr/lib/libglib-2.0.so.0
#6 moz_gtk_widget_paint (widget=MOZ_GTK_DROPDOWN, drawable=0x93adec0, rect=0xbfc02fdc, cliprect=0xbfc02fbc, state=0xbfc02ffc, flags=0) at gtk2drawing.c:555
#7 nsNativeThemeGTK::DrawWidgetBackground (this=0x867e968, aContext=0x92f6578, aFrame=0x845c148, aWidgetType=101 'e', aRect=@0xbfc03218, aClipRect=@0xbfc032b0) at nsNativeThemeGTK.cpp:464
#8 nsCSSRendering::PaintBackgroundWithSC (aPresContext=0x942f4b8, aRenderingContext=@0x92f6578, aForFrame=0x845c148, aDirtyRect=@0xbfc032b0, aBorderArea=@0xbfc03218, aColor=@0x921080c, aBorder=@0x9232e70, aPadding=@0x9232ee8, aUsePrintSettings=0, aBGClipRect=0x0) at nsCSSRendering.cpp:2837
#9 nsCSSRendering::PaintBackground (aPresContext=0x942f4b8, aRenderingContext=@0x92f6578, aForFrame=0x845c148, aDirtyRect=@0xbfc032b0, aBorderArea=@0xbfc03218, aBorder=@0x9232e70, aPadding=@0x9232ee8, aUsePrintSettings=0, aBGClipRect=0x0) at nsCSSRendering.cpp:2761

Comment 2

[Alexander Sack]

Comment on attachment 279610 [details] [diff] [review]
use gtk_border_free, not g_free

please review. trunk + branches are affected.

Comment 3

[Christian Persch (GNOME) (away; not receiving bug mail)]

Bug 389801 has a patch already with r+sr.