Closed Bug 440426 Opened 17 years ago Closed 7 years ago

libXUL: Invalid read of size 4

Categories

(Core Graveyard :: Embedding: GTK Widget, defect)

Product:
Core Graveyard
Component:
Embedding: GTK Widget
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: turtle, Unassigned)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.9) Gecko/2008052912 Firefox/3.0 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.9) Gecko/2008052912 Firefox/3.0 When embedding 'gtk_moz_embed_new' in an external application, showing the 'moz_embed' segfaults the external application because of an illegal read. Example trace, using Valgrind and GTK-server: peter[demo-gtk]$ valgrind ./gtk-server -stdin ==994== Memcheck, a memory error detector. ==994== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==994== Using LibVEX rev 1732, a library for dynamic binary translation. ==994== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==994== Using valgrind-3.2.3, a dynamic binary instrumentation framework. ==994== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==994== For more details, rerun with: -v ==994== gtk_init ==994== ==994== Syscall param writev(vector[...]) points to uninitialised byte(s) ==994== at 0x470B9A3: writev (in /lib/libc-2.5.so) ==994== by 0x49B34EA: (within /usr/lib/libxcb.so.1.0.0) ==994== by 0x49B3A0A: (within /usr/lib/libxcb.so.1.0.0) ==994== by 0x49B3B2B: (within /usr/lib/libxcb.so.1.0.0) ==994== by 0x49B3C67: xcb_flush (in /usr/lib/libxcb.so.1.0.0) ==994== by 0x47C7319: _XSend (in /usr/lib/libX11.so.6.2.0) ==994== by 0x47B4C61: XQueryExtension (in /usr/lib/libX11.so.6.2.0) ==994== by 0x47A946D: XInitExtension (in /usr/lib/libX11.so.6.2.0) ==994== by 0x486FEEF: XFixesFindDisplay (in /usr/lib/libXfixes.so.3.1.0) ==994== by 0x487019B: XFixesQueryExtension (in /usr/lib/libXfixes.so.3.1.0) ==994== by 0x43B2708: gdk_display_open (in /usr/lib/libgdk-x11-2.0.so.0.1000.14) ==994== by 0x438FB4E: gdk_display_open_default_libgtk_only (in /usr/lib/libgdk-x11-2.0.so.0.1000.14) ==994== Address 0x69B0238 is 4,680 bytes inside a block of size 8,552 alloc'd ==994== at 0x4021778: calloc (vg_replace_malloc.c:279) ==994== by 0x49B36E3: xcb_connect_to_fd (in /usr/lib/libxcb.so.1.0.0) ==994== by 0x49B5CD0: xcb_connect (in /usr/lib/libxcb.so.1.0.0) ==994== by 0x47C643A: _XConnectXCB (in /usr/lib/libX11.so.6.2.0) ==994== by 0x47AEA82: XOpenDisplay (in /usr/lib/libX11.so.6.2.0) ==994== by 0x43B2551: gdk_display_open (in /usr/lib/libgdk-x11-2.0.so.0.1000.14) ==994== by 0x438FB4E: gdk_display_open_default_libgtk_only (in /usr/lib/libgdk-x11-2.0.so.0.1000.14) ==994== by 0x416A43E: gtk_init_check (in /usr/lib/libgtk-x11-2.0.so.0.1000.14) ==994== by 0x416A473: gtk_init (in /usr/lib/libgtk-x11-2.0.so.0.1000.14) ==994== by 0x805F03A: cinv_function_invoke (cinvoke.c:413) ==994== by 0x804AEB6: Void_GUI (gtk-server.c:1352) ==994== by 0x805402C: Call_Realize (gtk-server.c:2751) ok gtk_window_new 0 111173632 gtk_window_set_size_request 111173632 700 500 -1 gtk_widget_set_size_request 111173632 700 500 ok gtk_moz_embed_set_comp_path /home/peter/apps/firefox ok gtk_moz_embed_set_profile_path /tmp mozilla ok gtk_moz_embed_new 110909080 gtk_container_add 111173632 110909080 ok gtk_moz_embed_load_url 110909080 'http://www.google.com' ok gtk_widget_show_all 111173632 ==994== ==994== Invalid read of size 4 ==994== at 0x5B8ECBF: (within /home/peter/apps/firefox/libxul.so) ==994== by 0x5B8D5AB: (within /home/peter/apps/firefox/libxul.so) ==994== by 0x4563DEA: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.1400.1) ==994== by 0x4555697: (within /usr/lib/libgobject-2.0.so.0.1400.1) ==994== by 0x4556E5B: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1400.1) ==994== by 0x45673ED: (within /usr/lib/libgobject-2.0.so.0.1400.1) ==994== by 0x4568CFB: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1400.1) ==994== by 0x4568EAD: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1400.1) ==994== by 0x4288086: gtk_widget_realize (in /usr/lib/libgtk-x11-2.0.so.0.1000.14) ==994== by 0x4288377: gtk_widget_map (in /usr/lib/libgtk-x11-2.0.so.0.1000.14) ==994== by 0x4297B74: (within /usr/lib/libgtk-x11-2.0.so.0.1000.14) ==994== by 0x4563DEA: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.1400.1) ==994== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==994== ==994== ERROR SUMMARY: 166 errors from 14 contexts (suppressed: 0 from 0) ==994== malloc/free: in use at exit: 845,710 bytes in 7,538 blocks. ==994== malloc/free: 13,980 allocs, 6,442 frees, 1,534,543 bytes allocated. ==994== For counts of detected errors, rerun with: -v ==994== searching for pointers to 7,538 not-freed blocks. ==994== checked 2,669,748 bytes. ==994== ==994== LEAK SUMMARY: ==994== definitely lost: 702 bytes in 48 blocks. ==994== possibly lost: 43,363 bytes in 53 blocks. ==994== still reachable: 801,645 bytes in 7,437 blocks. ==994== suppressed: 0 bytes in 0 blocks. ==994== Rerun with --leak-check=full to see details of leaked memory. Segmentation error Reproducible: Always Steps to Reproduce: Reuse above steps in the example, or embed 'moz_embed' in an external application, reading the component from libxul.so Actual Results: Crash of external application Expected Results: No crash of external application
please install debugging symbols for all packages on your system libc, x, xcb, glib, gdk, gtk, mozilla, gtkmozembed, .... stack traces without symbols are useless.
Component: General → Embedding: GTK Widget
Product: Firefox → Core
QA Contact: general → gtk-widget
Product: Core → Core Graveyard
Embedding: GTK Widget isn't a thing, closing.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.