Bug#430630: Memory corruption due to update_trans_effect() using stale icon parameters

Josselin Mouette joss at debian.org
Tue Jun 26 07:33:15 UTC 2007


forwarded 430630 http://bugzilla.gnome.org/show_bug.cgi?id=446558
thanks

Le mardi 26 juin 2007 à 08:29 +0200, Michel Dänzer a écrit :
> Since the upgrade to 2.18, I had been plagued by gnome-session hanging
> on startup of any 'non-trivial' session. Attaching gdb showed the hang
> to be a deadlock because it crashed somewhere inside the glibc memory
> management code, and the signal handler tried to use memory management
> functions as well, so it hung waiting for the glibc internal memory
> management mutex.
> 
> After a long debugging session chasing countless red herrings, I finally
> tracked down the cause of the crash. update_trans_effect could end up
> using stale icon dimensions, so it would write beyond the end of the
> memory allocated for the pixel data. The attached patch fixes this.

Thanks a lot for tracking this down. It seems it was already fixed
upstream with the following change:
http://svn.gnome.org/viewcvs/gnome-session/trunk/gnome-session/splash-widget.c?r1=4329&r2=4382

-- 
 .''`.
: :' :      We are debian.org. Lower your prices, surrender your code.
`. `'       We will add your hardware and software distinctiveness to
  `-        our own. Resistance is futile.






More information about the pkg-gnome-maintainers mailing list