#811 Memory corruption when browsing samba shares

1.2
closed-fixed
pcmanfm (119)
7
2015-01-28
2013-11-26
alister.hood
No

With libfm and pcmanfm from current git, if I navigate a samba share using the address bar, occasionally it doesn't work, just dropping me back to the previous directory.
When this happens, if I try repeatedly I usually get a segfault, three of which are in the comments of #3615237
When running under valgrind as instructed there, occasionally it still does not work, but it does not segfault - if I keep trying eventually it works. But I do see this in the log:

==13278== Invalid read of size 1
==13278== at 0x4B794BA: g_str_hash (in /usr/lib/libglib-2.0.so.0.3800.1)
==13278== by 0x495F3CE: fm_path_hash (fm-path.c:1361)
==13278== by 0x4B78159: ??? (in /usr/lib/libglib-2.0.so.0.3800.1)
==13278== by 0x4958A2F: fm_folder_dispose (fm-folder.c:932)
==13278== by 0x4B041B7: g_object_unref (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x42214C0: fm_folder_model_set_folder (fm-folder-model.c:573)
==13278== by 0x422176F: fm_folder_model_dispose (fm-folder-model.c:340)
==13278== by 0x4B041B7: g_object_unref (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x44945DE: gtk_tree_view_set_model (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x423B202: fm_standard_view_set_model (fm-standard-view.c:1617)
==13278== by 0x42251BA: fm_folder_view_set_model (fm-folder-view.c:666)
==13278== by 0x805A54C: fm_tab_page_chdir_without_history (tab-page.c:686)
==13278== Address 0xff447c5 is 21 bytes inside a block of size 27 free'd
==13278== at 0x402A45C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==13278== by 0x4B8F2EF: g_free (in /usr/lib/libglib-2.0.so.0.3800.1)
==13278== by 0x495D8B7: fm_path_unref (fm-path.c:844)
==13278== by 0x422E160: fm_path_entry_activate (fm-path-entry.c:257)
==13278== by 0x4B01692: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4AFFA6D: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B11FB8: ??? (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B18B72: g_signal_emitv (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x42C27B2: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2D57: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2FC9: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C4023: gtk_bindings_activate_event (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278==
==13278== Invalid read of size 1
==13278== at 0x4B794D4: g_str_hash (in /usr/lib/libglib-2.0.so.0.3800.1)
==13278== by 0x495F3CE: fm_path_hash (fm-path.c:1361)
==13278== by 0x4B78159: ??? (in /usr/lib/libglib-2.0.so.0.3800.1)
==13278== by 0x4958A2F: fm_folder_dispose (fm-folder.c:932)
==13278== by 0x4B041B7: g_object_unref (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x42214C0: fm_folder_model_set_folder (fm-folder-model.c:573)
==13278== by 0x422176F: fm_folder_model_dispose (fm-folder-model.c:340)
==13278== by 0x4B041B7: g_object_unref (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x44945DE: gtk_tree_view_set_model (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x423B202: fm_standard_view_set_model (fm-standard-view.c:1617)
==13278== by 0x42251BA: fm_folder_view_set_model (fm-folder-view.c:666)
==13278== by 0x805A54C: fm_tab_page_chdir_without_history (tab-page.c:686)
==13278== Address 0xff447c6 is 22 bytes inside a block of size 27 free'd
==13278== at 0x402A45C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==13278== by 0x4B8F2EF: g_free (in /usr/lib/libglib-2.0.so.0.3800.1)
==13278== by 0x495D8B7: fm_path_unref (fm-path.c:844)
==13278== by 0x422E160: fm_path_entry_activate (fm-path-entry.c:257)
==13278== by 0x4B01692: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4AFFA6D: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B11FB8: ??? (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B18B72: g_signal_emitv (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x42C27B2: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2D57: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2FC9: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C4023: gtk_bindings_activate_event (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278==
==13278== Invalid read of size 4
==13278== at 0x495F3CF: fm_path_hash (fm-path.c:1362)
==13278== by 0x4B78159: ??? (in /usr/lib/libglib-2.0.so.0.3800.1)
==13278== by 0x4958A2F: fm_folder_dispose (fm-folder.c:932)
==13278== by 0x4B041B7: g_object_unref (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x42214C0: fm_folder_model_set_folder (fm-folder-model.c:573)
==13278== by 0x422176F: fm_folder_model_dispose (fm-folder-model.c:340)
==13278== by 0x4B041B7: g_object_unref (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x44945DE: gtk_tree_view_set_model (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x423B202: fm_standard_view_set_model (fm-standard-view.c:1617)
==13278== by 0x42251BA: fm_folder_view_set_model (fm-folder-view.c:666)
==13278== by 0x805A54C: fm_tab_page_chdir_without_history (tab-page.c:686)
==13278== by 0x8058AB8: fm_main_win_chdir (main-win.c:1353)
==13278== Address 0xff447b4 is 4 bytes inside a block of size 27 free'd
==13278== at 0x402A45C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==13278== by 0x4B8F2EF: g_free (in /usr/lib/libglib-2.0.so.0.3800.1)
==13278== by 0x495D8B7: fm_path_unref (fm-path.c:844)
==13278== by 0x422E160: fm_path_entry_activate (fm-path-entry.c:257)
==13278== by 0x4B01692: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4AFFA6D: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B11FB8: ??? (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B18B72: g_signal_emitv (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x42C27B2: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2D57: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2FC9: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C4023: gtk_bindings_activate_event (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278==
==13278== Invalid read of size 4
==13278== at 0x495D7FD: fm_path_unref (fm-path.c:820)
==13278== by 0x4958A42: fm_folder_dispose (fm-folder.c:934)
==13278== by 0x4B041B7: g_object_unref (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x42214C0: fm_folder_model_set_folder (fm-folder-model.c:573)
==13278== by 0x422176F: fm_folder_model_dispose (fm-folder-model.c:340)
==13278== by 0x4B041B7: g_object_unref (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x44945DE: gtk_tree_view_set_model (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x423B202: fm_standard_view_set_model (fm-standard-view.c:1617)
==13278== by 0x42251BA: fm_folder_view_set_model (fm-folder-view.c:666)
==13278== by 0x805A54C: fm_tab_page_chdir_without_history (tab-page.c:686)
==13278== by 0x8058AB8: fm_main_win_chdir (main-win.c:1353)
==13278== by 0x8058BCF: on_location_activate (main-win.c:156)
==13278== Address 0xff447b0 is 0 bytes inside a block of size 27 free'd
==13278== at 0x402A45C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==13278== by 0x4B8F2EF: g_free (in /usr/lib/libglib-2.0.so.0.3800.1)
==13278== by 0x495D8B7: fm_path_unref (fm-path.c:844)
==13278== by 0x422E160: fm_path_entry_activate (fm-path-entry.c:257)
==13278== by 0x4B01692: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4AFFA6D: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B11FB8: ??? (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B18B72: g_signal_emitv (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x42C27B2: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2D57: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2FC9: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C4023: gtk_bindings_activate_event (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278==
==13278== Invalid read of size 4
==13278== at 0x495D7FD: fm_path_unref (fm-path.c:820)
==13278== by 0x4954825: fm_file_info_clear (fm-file-info.c:796)
==13278== by 0x495494E: fm_file_info_unref (fm-file-info.c:864)
==13278== by 0x4958A58: fm_folder_dispose (fm-folder.c:940)
==13278== by 0x4B041B7: g_object_unref (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x42214C0: fm_folder_model_set_folder (fm-folder-model.c:573)
==13278== by 0x422176F: fm_folder_model_dispose (fm-folder-model.c:340)
==13278== by 0x4B041B7: g_object_unref (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x44945DE: gtk_tree_view_set_model (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x423B202: fm_standard_view_set_model (fm-standard-view.c:1617)
==13278== by 0x42251BA: fm_folder_view_set_model (fm-folder-view.c:666)
==13278== by 0x805A54C: fm_tab_page_chdir_without_history (tab-page.c:686)
==13278== Address 0xff447b0 is 0 bytes inside a block of size 27 free'd
==13278== at 0x402A45C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==13278== by 0x4B8F2EF: g_free (in /usr/lib/libglib-2.0.so.0.3800.1)
==13278== by 0x495D8B7: fm_path_unref (fm-path.c:844)
==13278== by 0x422E160: fm_path_entry_activate (fm-path-entry.c:257)
==13278== by 0x4B01692: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4AFFA6D: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B11FB8: ??? (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B18B72: g_signal_emitv (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x42C27B2: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2D57: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2FC9: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C4023: gtk_bindings_activate_event (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278==
==13278== Invalid read of size 4
==13278== at 0x495D7FD: fm_path_unref (fm-path.c:820)
==13278== by 0x423797E: fm_side_pane_chdir (fm-side-pane.c:284)
==13278== by 0x805A51F: fm_tab_page_chdir_without_history (tab-page.c:732)
==13278== by 0x8058AB8: fm_main_win_chdir (main-win.c:1353)
==13278== by 0x8058BCF: on_location_activate (main-win.c:156)
==13278== by 0x4B01692: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4AFFA6D: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B11FB8: ??? (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B18B72: g_signal_emitv (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x42C27B2: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2D57: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2FC9: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== Address 0xff447b0 is 0 bytes inside a block of size 27 free'd
==13278== at 0x402A45C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==13278== by 0x4B8F2EF: g_free (in /usr/lib/libglib-2.0.so.0.3800.1)
==13278== by 0x495D8B7: fm_path_unref (fm-path.c:844)
==13278== by 0x422E160: fm_path_entry_activate (fm-path-entry.c:257)
==13278== by 0x4B01692: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4AFFA6D: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B11FB8: ??? (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x4B18B72: g_signal_emitv (in /usr/lib/libgobject-2.0.so.0.3800.1)
==13278== by 0x42C27B2: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2D57: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C2FC9: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)
==13278== by 0x42C4023: gtk_bindings_activate_event (in /usr/lib/libgtk-x11-2.0.so.0.2400.20)

Discussion

    • assigned_to: nobody --> lstranger
    • priority: 5 --> 7
    • milestone: --> 1.2
    • labels: --> pcmanfm
     
  • I could not reproduce the issue yet but I've probably found the place which may cause it and pushed a fix into the pcmanfm Git. Test it please. Thank you very much.

     
  • alister.hood
    alister.hood
    2013-11-26

    Not so lucky :(
    I even got a crash when running in valgrind now.
    I can't post that many invalid reads and writes here, so I've put the full log in my dropbox:
    https://db.tt/HJcPtnUz

     
  • That is very bad and strange. :( I would be very glad if you could give me detailed instructions how you reproduce the issue, I would like to try to reproduce it, I cannot fix it until I reproduce it. Thank you very much.

     
  • alister.hood
    alister.hood
    2013-11-27

    All I do is browse around in a samba share by typing folder paths and pressing enter, until one fails. I then try the same path again, repeating until it crashes. Why it fails in the first place I can't imagine...
    Sometimes it occurs on the very first directory I try to change into, other times I have to try a very large number of directories before one fails.
    When I first reported this in the other ticket I'm pretty sure I'd had a couple of crashes which weren't quite the same because I wasn't retrying a failed change of directory. But I haven't seen any more of those since.

     
  • alister.hood
    alister.hood
    2013-11-30

    I can no longer reproduce.
    Hopefully it is all fixed ;)

     
  • alister.hood
    alister.hood
    2013-11-30

    • status: open --> closed-fixed