Closed Bug 394876 Opened 12 years ago Closed 12 years ago

moz_gtk_option_menu_get_metrics is incorrectly freeing border

Categories

(Core Graveyard :: GFX: Gtk, defect)

1.8 Branch
x86
Linux
defect
Not set

Tracking

(Not tracked)

VERIFIED DUPLICATE of bug 389801

People

(Reporter: fred, Unassigned)

Details

Attachments

(1 file)

moz_gtk_option_menu_get_metrics is using g_free instead of gtk_border_free to free a GtkBorder.

This is causing crashes with glib 2.12.0 / gtk+ 2.11.x with introduction of g_slice (to reproduce, use ThinIce gtk engine and try to create a new mail in Thunderbird).
Yes, I can confirm that we see a bunch of crashes with various themes in ubuntu. the backtrace looks like:

#0 raise () from /lib/libc.so.6
#1 abort () from /lib/libc.so.6
#2 __libc_message () from /lib/libc.so.6
#3 malloc_printerr () from /lib/libc.so.6
#4 free () from /lib/libc.so.6
#5 g_free () from /usr/lib/libglib-2.0.so.0
#6 moz_gtk_widget_paint (widget=MOZ_GTK_DROPDOWN, drawable=0x93adec0, rect=0xbfc02fdc, cliprect=0xbfc02fbc, state=0xbfc02ffc, flags=0) at gtk2drawing.c:555
#7 nsNativeThemeGTK::DrawWidgetBackground (this=0x867e968, aContext=0x92f6578, aFrame=0x845c148, aWidgetType=101 'e', aRect=@0xbfc03218, aClipRect=@0xbfc032b0) at nsNativeThemeGTK.cpp:464
#8 nsCSSRendering::PaintBackgroundWithSC (aPresContext=0x942f4b8, aRenderingContext=@0x92f6578, aForFrame=0x845c148, aDirtyRect=@0xbfc032b0, aBorderArea=@0xbfc03218, aColor=@0x921080c, aBorder=@0x9232e70, aPadding=@0x9232ee8, aUsePrintSettings=0, aBGClipRect=0x0) at nsCSSRendering.cpp:2837
#9 nsCSSRendering::PaintBackground (aPresContext=0x942f4b8, aRenderingContext=@0x92f6578, aForFrame=0x845c148, aDirtyRect=@0xbfc032b0, aBorderArea=@0xbfc03218, aBorder=@0x9232e70, aPadding=@0x9232ee8, aUsePrintSettings=0, aBGClipRect=0x0) at nsCSSRendering.cpp:2761


Comment on attachment 279610 [details] [diff] [review]
use gtk_border_free, not g_free

please review. trunk + branches are affected.
Attachment #279610 - Flags: review?(roc)
Bug 389801 has a patch already with r+sr.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 389801
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.