Fix use-after-frees caused by weak pointer issues (707456e3) · Commits · GNOME / libgee

Commit 707456e3 authored Oct 04, 2016 by

Ole André Vadla Ravnås Committed by Maciej (Matthew) Piechotka Oct 11, 2016

Fix use-after-frees caused by weak pointer issues

Same issue in HashMap and TreeMap:

```
==3251==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000000870 at pc 0x000108be666b bp 0x7fff571e62b0 sp 0x7fff571e62a8
WRITE of size 8 at 0x604000000870 thread T0
    #0 0x108be666a in g_nullify_pointer gutils.c:2051
    #1 0x108b8c906 in weak_refs_notify gobject.c:2638
    #2 0x108bbb17c in g_data_set_internal gdataset.c:407
    #3 0x108b887db in g_object_unref gobject.c:3148
    #4 0x108a4b0ec in map_tests_test_entry_weak_pointer_lifetime testmap.c:1358

0x604000000870 is located 32 bytes inside of 40-byte region [0x604000000850,0x604000000878)
freed by thread T0 here:
    #0 0x1090f0e29 in wrap_free (libclang_rt.asan_osx_dynamic.dylib+0x4ae29)
    #1 0x108ace566 in gee_hash_map_unset_helper hashmap.c:1692
    #2 0x108acc534 in gee_hash_map_real_unset hashmap.c:1520
    #3 0x108a4b0df in map_tests_test_entry_weak_pointer_lifetime testmap.c:1357

previously allocated by thread T0 here:
    #0 0x1090f0c60 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib+0x4ac60)
    #1 0x108bce848 in g_malloc gmem.c:95
    #2 0x108bd6585 in g_slice_alloc gslice.c:1012
    #3 0x108bd6bee in g_slice_alloc0 gslice.c:1038
    #4 0x108acdc27 in gee_hash_map_node_new hashmap.c:2084
    #5 0x108acc277 in gee_hash_map_real_set hashmap.c:1494
    #6 0x108a4b032 in map_tests_test_entry_weak_pointer_lifetime testmap.c:1311

https://bugzilla.gnome.org/show_bug.cgi?id=772418

parent 2a32dd2f

Hide whitespace changes

Inline Side-by-side

Please register or to comment