Closed Bug 795635 Opened 12 years ago Closed 12 years ago

Read after free in PR_UnloadLibrary

Categories

(Core :: Widget: Gtk, defect)

Product:
Core
Component:
Widget: Gtk
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 795395

People

(Reporter: jseward, Unassigned)

Details

(Keywords: valgrind) 

(Probably wrong guess of Component=Preferences: Backend)

m-c, happens every startup w/ valgrind-3.8 --fair-sched=yes.

Invalid read of size 4
   at 0x419635F: PR_UnloadLibrary (nsprpub/pr/src/linking/prlink.c:962)
   by 0x42131CE: nsGSettingsService::~nsGSettingsService() (toolkit/system/gnome/nsGSettingsService.cpp:328)
   by 0x4213204: nsGSettingsService::Release() (toolkit/system/gnome/nsGSettingsService.cpp:323)
   by 0x420F6E9: nsGSettingsServiceConstructor(nsISupports*, nsID const&, void**) (toolkit/system/gnome/nsGnomeModule.cpp:23)
   by 0x6F8D673: nsComponentManagerImpl::CreateInstanceByContractID(char const*, nsISupports*, nsID const&, void**) (xpcom/components/nsComponentManager.cpp:1006)
   by 0x6F8FC9E: nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&, void**) (xpcom/components/nsComponentManager.cpp:1398)
   by 0x8326542: CallGetService(char const*, nsID const&, void**) (xpcom/glue/nsComponentManagerUtils.cpp:37)
   by 0x832669B: nsGetServiceByContractID::operator()(nsID const&, void**) const (xpcom/glue/nsComponentManagerUtils.cpp:246)
   by 0x83262AB: nsCOMPtr_base::assign_from_gs_contractid(nsGetServiceByContractID, nsID const&) (xpcom/glue/nsCOMPtr.cpp:92)
   by 0x8325A3A: nsGNOMEShellService::Init() (ff-opt/browser/components/shell/src/../../../../dist/include/nsCOMPtr.h:586)
   by 0x8321E06: nsGNOMEShellServiceConstructor(nsISupports*, nsID const&, void**) (browser/components/build/nsModule.cpp:41)
   by 0x6F8D753: nsComponentManagerImpl::CreateInstance(nsID const&, nsISupports*, nsID const&, void**) (xpcom/components/nsComponentManager.cpp:921)

 Address 0x1c40dd80 is 16 bytes inside a block of size 40 free'd
   at 0x402A7DE: free (/home/sewardj/Vg38BRANCH/branch38/coregrind/m_replacemalloc/vg_replace_malloc.c:446)
   by 0x4196452: PR_UnloadLibrary (nsprpub/pr/src/linking/prlink.c:1047)
   by 0x421317B: nsGSettingsService::Init() (toolkit/system/gnome/nsGSettingsService.cpp:315)
   by 0x420F6C5: nsGSettingsServiceConstructor(nsISupports*, nsID const&, void**) (toolkit/system/gnome/nsGnomeModule.cpp:23)
   by 0x6F8D673: nsComponentManagerImpl::CreateInstanceByContractID(char const*, nsISupports*, nsID const&, void**) (xpcom/components/nsComponentManager.cpp:1006)
   by 0x6F8FC9E: nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&, void**) (xpcom/components/nsComponentManager.cpp:1398)
   by 0x8326542: CallGetService(char const*, nsID const&, void**) (xpcom/glue/nsComponentManagerUtils.cpp:37)
   by 0x832669B: nsGetServiceByContractID::operator()(nsID const&, void**) const (xpcom/glue/nsComponentManagerUtils.cpp:246)
   by 0x83262AB: nsCOMPtr_base::assign_from_gs_contractid(nsGetServiceByContractID, nsID const&) (xpcom/glue/nsCOMPtr.cpp:92)
   by 0x8325A3A: nsGNOMEShellService::Init() (ff-opt/browser/components/shell/src/../../../../dist/include/nsCOMPtr.h:586)
   by 0x8321E06: nsGNOMEShellServiceConstructor(nsISupports*, nsID const&, void**) (browser/components/build/nsModule.cpp:41)
   by 0x6F8D753: nsComponentManagerImpl::CreateInstance(nsID const&, nsISupports*, nsID const&, void**) (xpcom/components/nsComponentManager.cpp:921)
Dupe of bug 795395, correct?
Yes, the stacks and line number of "by 0x42131CE: nsGSettingsService::~nsGSettingsService() (toolkit/system/gnome/nsGSettingsService.cpp:328)" are the same, so they are likely dupes.

Resolving DUPLICATE but feel free to reopen if that bug does not fix this issue.
Status: NEW → RESOLVED
Closed: 12 years ago
Component: Preferences: Backend → Widget: Gtk
Resolution: --- → DUPLICATE
Group: core-security
You need to log in before you can comment on or make changes to this bug.