Closed Bug 45499 Opened 25 years ago Closed 25 years ago

D&D causes a crash with profilable glib, because memory allocated by g_malloc() is freed by free().

Categories

(SeaMonkey :: Bookmarks & History, defect, P3)

Product:
SeaMonkey
Component:
Bookmarks & History
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: inoue, Assigned: blizzard)

Details

(Keywords: crash)

From Bugzilla Helper: User-Agent: Mozilla/4.72 [en] (X11; I; Linux 2.2.17 i686; Nav) BuildID: 2000061408 In nsDragService::DataGetSignal()(mozilla/widget/src/gtk/nsDragService.cpp): "tmpData" is freed by g_free(), although it was allocated by malloc(). It should be either of followings, 1)"tmpData" should be allocated with g_malloc(), or 2)"tmpData" should be freed with free(). Reproducible: Always Steps to Reproduce: 1.Use a profilable glib(--enable-mem-profile). 2.Drag and drop an entry into a folder on the bookmark window. 3. Actual Results: It causes a crash. Expected Results: I'm using a profilable glib, which I specified --enable-mem-profile during the compilation. The glib is sensitive with a memory allocation problem. Typically, when a memory allocated by g_malloc() is freed by free() instead of g_frer(), it could cause a crash. This is a calling stack when "tmpData" is allocated, (gdb) where #0 PR_Malloc (size=88) at prmem.c:38 #1 0x40121eb3 in nsMemoryImpl::Alloc (this=0x80665c8, size=88) at nsMemoryImpl.cpp:106 #2 0x401226f5 in nsMemory::Clone (ptr=0x8972688, size=88) at nsMemoryImpl.cpp:281 #3 0x400dea92 in nsSupportsWStringImpl::GetData (this=0x896d568, aData=0xbfffc4e8) at nsSupportsPrimitives. cpp:193 #4 0x40ab4e1c in nsPrimitiveHelpers::CreateDataFromPrimitive (aFlavor=0xbfffc518 "moz/rdfitem", aPrimitive= 0x896d568, aDataBuff=0xbfffc4e8, aDataLen=86) at nsPrimitiveHelpers.cpp:119 #5 0x40a8b815 in nsDragService::DataGetSignal (this=0x8156af8, widget=0x815bafc, context=0x89a90a4, selecti on_data=0xbfffcdc8, info=500, time=0, data=0x0) at nsDragService.cpp:473 #6 0x40a8bca6 in invisibleDragDataGet (widget=0x815bafc, context=0x89a90a4, selection_data=0xbfffcdc8, info =500, aTime=0, data=0x0) at nsDragService.cpp:622
Adding crash keyword
Keywords: crash
glib -> pavlov
Assignee: slamm → pavlov
dnd->blizzard... i'll fix this today if I get to it... after the 800 other bug messages i have in my mailbox.
Assignee: pavlov → blizzard
Status: UNCONFIRMED → NEW
Ever confirmed: true
mass assign
Status: NEW → ASSIGNED
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
rubber-stamping VERIFIED
Status: RESOLVED → VERIFIED
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.