[Bug 787996] New: nautilus segfaults in libtotem-properties/gstreamer code when closing nautilus info
GStreamer (GNOME Bugzilla)
bugzilla at gnome.org
Thu Sep 21 15:15:03 UTC 2017
https://bugzilla.gnome.org/show_bug.cgi?id=787996
Bug ID: 787996
Summary: nautilus segfaults in libtotem-properties/gstreamer
code when closing nautilus info
Classification: Platform
Product: GStreamer
Version: 1.12.2
OS: Linux
Status: NEW
Severity: normal
Priority: Normal
Component: don't know
Assignee: gstreamer-bugs at lists.freedesktop.org
Reporter: seb128 at ubuntu.com
QA Contact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
Using Ubuntu artful with GNOME 3.26 and gstreamer 1.12.2
- open nautilus
- open the file properties of a mp3
- close the dialog
nautilus segfault, valgrind shows an invalid read in totem/gstreamer code
==1107== Invalid read of size 8
==1107== at 0x1CEB4F2B: discovered_cb (totem-properties-view.c:287)
==1107== by 0xDB1EE17: ffi_call_unix64 (in
/usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==1107== by 0xDB1E879: ffi_call (in
/usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==1107== by 0x70DF798: g_cclosure_marshal_generic (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70DEF9C: g_closure_invoke (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70F1D5D: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70FA534: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70FAF4E: g_signal_emit (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x1D4D912B: discoverer_collect (gstdiscoverer.c:1344)
==1107== by 0x1D4D9560: discoverer_bus_cb (gstdiscoverer.c:1682)
==1107== by 0xDB1EE17: ffi_call_unix64 (in
/usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==1107== by 0xDB1E879: ffi_call (in
/usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==1107== by 0x70DF798: g_cclosure_marshal_generic (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70DEF9C: g_closure_invoke (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70F1D5D: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70FA534: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70FAF4E: g_signal_emit (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x1D732DA1: gst_bus_async_signal_func (in
/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.1202.0)
==1107== by 0x1D733BD5: ??? (in
/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.1202.0)
==1107== by 0x5090DE4: g_main_context_dispatch (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==1107== by 0x50911AF: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==1107== by 0x509123B: g_main_context_iteration (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==1107== by 0x6DD5BEC: g_application_run (in
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.5400.0)
==1107== by 0x14FF7B: main (in /usr/bin/nautilus)
==1107== Address 0x1ff642c0 is 384 bytes inside a block of size 400 free'd
==1107== at 0x4C30D3B: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1107== by 0x7103B62: g_type_free_instance (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x55B79E7: gtk_notebook_forall (gtknotebook.c:4578)
==1107== by 0x54C4AAD: gtk_container_destroy (gtkcontainer.c:1700)
==1107== by 0x70DEEB0: g_closure_invoke (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70F1ED1: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70FA534: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70FAF4E: g_signal_emit (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x56E0CBB: gtk_widget_dispose (gtkwidget.c:12070)
==1107== by 0x70E5707: g_object_run_dispose (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x5479A1B: gtk_box_forall (gtkbox.c:2671)
==1107== by 0x54C4AAD: gtk_container_destroy (gtkcontainer.c:1700)
==1107== by 0x70DEEB0: g_closure_invoke (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70F1ED1: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70FA534: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70FAF4E: g_signal_emit (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x56E0CBB: gtk_widget_dispose (gtkwidget.c:12070)
==1107== by 0x70E5707: g_object_run_dispose (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x56ECFC8: gtk_window_forall (gtkwindow.c:8503)
==1107== by 0x54C4AAD: gtk_container_destroy (gtkcontainer.c:1700)
==1107== by 0x70DEF9C: g_closure_invoke (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70F1ED1: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70FA534: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70FAF4E: g_signal_emit (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x56E0CBB: gtk_widget_dispose (gtkwidget.c:12070)
==1107== by 0x56F48D7: gtk_window_dispose (gtkwindow.c:3154)
==1107== by 0x70E5707: g_object_run_dispose (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70DEF9C: g_closure_invoke (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70F17D7: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70FA534: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== Block was alloc'd at
==1107== at 0x4C2FB0F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1107== by 0x5096538: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==1107== by 0x50AE0B5: g_slice_alloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==1107== by 0x50AE548: g_slice_alloc0 (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==1107== by 0x7103865: g_type_create_instance (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70E4357: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70E5E04: g_object_new_with_properties (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x70E6880: g_object_new (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5400.0)
==1107== by 0x1CEB553A: totem_properties_view_new
(totem-properties-view.c:383)
==1107== by 0x1CEB497E: totem_properties_get_pages
(totem-properties-main.c:117)
==1107== by 0x15BD03: ??? (in /usr/bin/nautilus)
==1107== by 0x15FE05: ??? (in /usr/bin/nautilus)
==1107== by 0x1F1D4A: ??? (in /usr/bin/nautilus)
==1107== by 0x5090DE4: g_main_context_dispatch (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==1107== by 0x50911AF: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==1107== by 0x509123B: g_main_context_iteration (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==1107== by 0x6DD5BEC: g_application_run (in
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.5400.0)
==1107== by 0x14FF7B: main (in /usr/bin/nautilus)
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list