| ID: | 3679 |
| From: | pc...@cuvoodoo.info |
| Date: | Tue, 14 Jan 2020 11:28:10 +0100 |
| Subject: | [pcb-rnd] double free |
| replies: | 3681 from miloh <fr...@gmail.com> , 3683 from ge...@igor2.repo.hu |
the following manipulation will cause pcb-rnd to crash: - select all elements - copy (place in buffer) - paste once - paste a second time - undo (the second paste) - paste a third time -> crash gdb say: free(): double free detected in tcache 2 Program received signal SIGABRT, Aborted. 0x00007ffff6417f25 in raise () from /usr/lib/libc.so.6 (gdb) bt #0 0x00007ffff6417f25 in raise () at /usr/lib/libc.so.6 #1 0x00007ffff6401897 in abort () at /usr/lib/libc.so.6 #2 0x00007ffff645b258 in __libc_message () at /usr/lib/libc.so.6 #3 0x00007ffff646277a in () at /usr/lib/libc.so.6 #4 0x00007ffff646459d in _int_free () at /usr/lib/libc.so.6 #5 0x000055555568d144 in pcb_text_free () #6 0x000055555568e88f in pcb_textop_destroy () #7 0x0000555555694514 in pcb_object_operation () #8 0x00005555556a0587 in pcb_destroy_object () #9 0x00005555556b6a38 in () #10 0x00005555556bf0e6 in uundo_list_truncate_redo () #11 0x00005555556bf40a in uundo_append () #12 0x00005555556b8767 in pcb_undo_add_obj_to_create () #13 0x000055555566a8cc in pcb_lineop_copy () #14 0x000055555561c396 in pcb_buffer_copy_to_layout () #15 0x00005555556b287d in pcb_tool_buffer_notify_mode () #16 0x00005555556b168c in pcb_notify_mode () #17 0x0000555555647b2c in () #18 0x00005555555d27ec in pcb_actionv_ () #19 0x00005555555d2b2d in () #20 0x00005555555d3445 in () #21 0x00005555555de7a4 in pcb_hid_cfg_action () #22 0x00005555555df3cc in hid_cfg_mouse_action () #23 0x00005555558f70f0 in ghid_port_button_press_cb () #24 0x00007ffff7a077cc in () at /usr/lib/libgtk-x11-2.0.so.0 #25 0x00007ffff7260d5a in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0 #26 0x00007ffff724e88e in () at /usr/lib/libgobject-2.0.so.0 #27 0x00007ffff7251f1c in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0 #28 0x00007ffff72537f0 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0 #29 0x00007ffff7b22235 in () at /usr/lib/libgtk-x11-2.0.so.0 #30 0x00007ffff7a05a0e in gtk_propagate_event () at /usr/lib/libgtk-x11-2.0.so.0 #31 0x00007ffff7a05e43 in gtk_main_do_event () at /usr/lib/libgtk-x11-2.0.so.0 #32 0x00007ffff767ed5e in () at /usr/lib/libgdk-x11-2.0.so.0 #33 0x00007ffff717439e in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0 #34 0x00007ffff71761b1 in () at /usr/lib/libglib-2.0.so.0 #35 0x00007ffff71770c3 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0 #36 0x00007ffff7a04df3 in gtk_main () at /usr/lib/libgtk-x11-2.0.so.0 #37 0x00005555558fb4fb in () #38 0x00005555555d1555 in main () This is pcb-rnd 2.2.0-rc1 (svn r29146) OS: arch amd64 you can find the layout I used to trigger here, along with the coredump: https://tsaitgaist.info/private/pcb-rnd_double-free.tar.bz2
Reply subtree:
3679 [pcb-rnd] double free from pc...@cuvoodoo.info
3681 Re: [pcb-rnd] double free from miloh <fr...@gmail.com>
3683 Re: [pcb-rnd] double free from ge...@igor2.repo.hu
3686 Re: [pcb-rnd] double free from pc...@cuvoodoo.info