#256 Memory Double-Free Problem

[Hiroshi Yoshikawa]

I found a problem double-freeing mainProject->path at exit.
This is caused by the following code in open_project(char *project_filename) in callbacks.c at line 202.

    mainProject->path = project_filename;

I think this should be

    mainProject->path = g_strdup(project_filename);

Because the instance of project_filename is deleted in invoker functions such as callbacks_open_activate() and callbacks_file_drop_event()as follows:

• callbacks_open_activate() or callbacks_file_drop_event() invoke open_file()
• open_file() invokes open_project()
• open_project() sets project_filename to mainProject->path and returns.
• open_file() returns.
• callbacks_open_activate() or callbacks_file_drop_event() delete GList object fns, which includes project_filename instance, like this:

    open_files (fns);
    g_slist_free_full (fns, g_free);

Despite mainProject->path holds no instance, g_free (gerbvProject->path) is executed in gerbv_destroy_project() at exit. This may cause exception 0xc0000374 or FREEZE on Windows.

[Eyal]

I have a version of the code that I ran through valgrind and it passes my tests. I think that valgrind would catch any double open.

My version with fixes is here: https://github.com/eyal0/gerbv

Let me know if that fixes it for you, too.