Bug#519043: twinkle: invalid free() when closing log window

Frédéric Brière fbriere at fbriere.net
Tue Mar 10 00:58:14 UTC 2009 

Package: twinkle
Version: 1.2-3
Severity: important

(This may look like a duplicate of #471381, but it's not, at least as
far as I can tell.)


I'm occasionally getting a SIGABRT when closing the Log window.  While I
couldn't find a regular pattern that triggers this, it's quite easy to
provoke by brute force:

  1. Select Open/Log
  2. Press the Close button [*]
  3. Press the Register button a couple of times, to grow the log
  4. Rinse, repeat

  [*] Having the window manager close the window works too.  Pressing
      <ESC> may not, though.


Eventually, step 2 will trigger a SIGABRT due to delete() being called
on something that probably no longer exists.  Whether this is a Twinkle
bug or a QT bug is beyond me, so I leave it all in your wise hands.

Here's a backtrace using 1:1.4.2-1 :


*** glibc detected *** /usr/bin/twinkle: free(): invalid pointer: 0x097918cf ***
#0  0xb7f55424 in __kernel_vsyscall ()
#1  0xb699e640 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0xb69a0008 in *__GI_abort () at abort.c:88
#3  0xb69dbe2d in __libc_message (do_abort=2, 
    fmt=0xb6ab6188 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#4  0xb69e21e4 in malloc_printerr (action=2, 
    str=0xb6ab3064 "free(): invalid pointer", ptr=0x97918cf) at malloc.c:5994
#5  0xb69e4196 in *__GI___libc_free (mem=0x97918cf) at malloc.c:3625
#6  0xb6bc0341 in operator delete () from /usr/lib/libstdc++.so.6
#7  0xb702c98c in QMapPrivate<int, QTextParagraphSelection>::clear (
    this=0x96743b0, p=0x97918cf) at ../include/qmap.h:493
#8  0xb700865a in ~QTextParagraph (this=0x97365a0) at ../include/qmap.h:480
#9  0xb701580a in QTextDocument::removeSelectedText (this=0x95dd030, id=32000, 
    cursor=0x95d4658) at kernel/qrichtext.cpp:2963
#10 0xb711cd3b in QTextEdit::removeSelectedText (this=0x9595b40, selNum=32000)
    at widgets/qtextedit.cpp:1935
#11 0xb711a200 in QTextEdit::clear (this=0x9595b40)
    at widgets/qtextedit.cpp:5478
#12 0x08131f41 in LogViewForm::closeEvent (this=0x95db000, ev=0xbff706b0)
    at .ui/../logviewform.ui.h:60
#13 0xb6fe78ef in QWidget::event (this=0x95db000, e=0xbff706b0)
    at kernel/qwidget.cpp:4821
#14 0xb6f487c5 in QApplication::internalNotify (this=0x93d1e70, 
    receiver=0x95db000, e=0xbff706b0) at kernel/qapplication.cpp:2638
#15 0xb6f4977d in QApplication::notify (this=0x93d1e70, receiver=0x95db000, 
    e=0xbff706b0) at kernel/qapplication.cpp:2526
#16 0xb7ba6c22 in KApplication::notify () from /usr/lib/libkdecore.so.4
#17 0xb6fe633d in QWidget::close (this=0x95db000, alsoDelete=false)
    at kernel/qapplication.h:523
#18 0xb7310513 in QWidget::qt_invoke (this=0x95db000, _id=33, _o=0xbff70774)
    at .moc/release-shared-mt/../../kernel/qwidget.h:871
#19 0xb7332b42 in QDialog::qt_invoke (this=0x95db000, _id=33, _o=0xbff70774)
    at .moc/release-shared-mt/moc_qdialog.cpp:112
#20 0xb6fad1aa in QObject::activate_signal (this=0x9465218, clist=0x95ab398, 
    o=0xbff70774) at kernel/qobject.cpp:2359
#21 0xb6faf6cb in QObject::activate_signal (this=0x9465218, signal=4)
    at kernel/qobject.cpp:2328
#22 0xb731245c in QButton::clicked (this=0x9465218)
    at .moc/release-shared-mt/moc_qbutton.cpp:152
#23 0xb7047300 in QButton::mouseReleaseEvent (this=0x9465218, e=0xbff70c14)
    at widgets/qbutton.cpp:839
#24 0xb6fe7727 in QWidget::event (this=0x9465218, e=0xbff70c14)
    at kernel/qwidget.cpp:4705
#25 0xb6f487c5 in QApplication::internalNotify (this=0x93d1e70, 
    receiver=0x9465218, e=0xbff70c14) at kernel/qapplication.cpp:2638
#26 0xb6f499e2 in QApplication::notify (this=0x93d1e70, receiver=0x9465218, 
    e=0xbff70c14) at kernel/qapplication.cpp:2424
#27 0xb7ba6c22 in KApplication::notify () from /usr/lib/libkdecore.so.4
#28 0xb6ee2fbe in QApplication::sendSpontaneousEvent (receiver=0x9465218, 
    event=0xbff70c14) at kernel/qapplication.h:526
#29 0xb6edff21 in QETWidget::translateMouseEvent (this=0x9465218, 
    event=0xbff70f08) at kernel/qapplication_x11.cpp:4347
#30 0xb6edf334 in QApplication::x11ProcessEvent (this=0x93d1e70, 
    event=0xbff70f08) at kernel/qapplication_x11.cpp:3524
#31 0xb6ef2e2c in QEventLoop::processEvents (this=0x93f9260, 
    flags=<value optimized out>) at kernel/qeventloop_x11.cpp:195
#32 0xb6f611a0 in QEventLoop::enterLoop (this=0x93f9260)
    at kernel/qeventloop.cpp:201
#33 0xb6f61066 in QEventLoop::exec (this=0x93f9260)
    at kernel/qeventloop.cpp:148
#34 0xb6f48e5f in QApplication::exec (this=0x93d1e70)
    at kernel/qapplication.cpp:2761
#35 0x0807fe60 in t_gui::run (this=0x9406720) at gui.cpp:757
#36 0x0806f899 in main (argc=Cannot access memory at address 0x5247
) at main.cpp:1021



-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26 (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

More information about the Pkg-voip-maintainers mailing list