! Please note that this is a snapshot of our old Bugzilla server, which is read only since May 29, 2020. Please go to gitlab.xfce.org for our new server !
Crashing with Error in xfce4-screenshooter: free(): invalid pointer
Status:
RESOLVED: FIXED
Priority:
High
Severity:
major
Product:
Xfce4-screenshooter
Component:
General

Comments

Description Andre Miranda editbugs 2017-06-24 23:21:09 CEST 
Steps to reproduce:
- Take any screenshot
- Select the option to Host on ZimageZ
- Cancel the upload

Expected results:
- The program exits cleanly

Actual results:
- Ugly crash

Also reproducible with:
- Dismiss the imgur successful upload dialog
- Dismiss the imgur failed upload dialog (e.g. disconnect from internet)

My previous findings[1]:

1c462a0 - Port from deprecated GValueArray to GArray
     Bug *probably* introduced here, works but parameter strings are broken.

     Crash in screenshooter_simple_job_finalize (GObject *object)
        /* release the param values */
     -  g_value_array_free (simple_job->param_values);
     +  g_array_unref (simple_job->param_values); <-- Here

     More precisely here (on the second pass):
https://github.com/GNOME/glib/blob/e5ed410c8c0fe823883b65b293fb2d9c9d12673a/glib/garray.c#L362

6de6b7e - Fix crash in GValueArray handling (#11879)
     Causes: assertion failed: (err != NULL || exo_job_is_cancelled (job))
             [1]    12539 abort (core dumped) src/xfce4-screenshooter

4569b71 - Fix crash when uploading to zimagez, followup to 6de6b7e (#11879)
     Fixes the previous crash but the current crash is already present.

1 - https://mail.xfce.org/pipermail/xfce4-dev/2017-April/031892.html
Comment 1 Evangelos Foutras 2017-06-25 03:29:44 CEST 
I have reverted the original fix and implemented a new minimal fix; please see the following branch on GitHub:

https://github.com/foutrelis/xfce4-screenshooter/commits/bug-13684

commit 07dfa8e1b7a7c2ea02dc088ca1a68d7517712b45 (HEAD -> bug-13684, github/bug-13684)
Author: Evangelos Foutras <evangelos@foutrelis.com>
Date:   Sun Jun 25 04:02:23 2017 +0300

    Implement alternate fix for crash on upload (#11879)
    
    The original fix complicated the code by individually allocating GValue
    objects and then storing pointers to them in the job parameters array.
    
    While the crash on upload was fixed, the program would still crash on
    exit due to the clear_func used for the array (g_free); as per GLib's
    documentation, "clear_func is expected to clear the contents of the
    array element it is given, but not free the element itself".
    
    The minimal fix in this commit should fix the original issue, and also
    the crash on program exit (bug #13684).

(I'm somewhat confident that the fix is correct and won't introduce any new issues.)
Comment 2 Git Bot editbugs 2017-06-27 00:58:34 CEST 
Evangelos Foutras referenced this bugreport in commit 07dfa8e1b7a7c2ea02dc088ca1a68d7517712b45

Implement alternate fix for crash on upload (#11879)

https://git.xfce.org/apps/xfce4-screenshooter/commit?id=07dfa8e1b7a7c2ea02dc088ca1a68d7517712b45
Comment 3 Andre Miranda editbugs 2017-06-27 02:52:16 CEST 
Fixed, thanks Evangelos!

Bug #13684

Reported by:
Andre Miranda
Reported on: 2017-06-24
Last modified on: 2017-06-27

People

Assignee:
Andre Miranda
CC List:
1 user

Version

Version:
1.9.0
Target Milestone:
1.9.1

Attachments

Additional information