Bug 1444490
Summary: | Invalid write of size 8 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Milan Crha <mcrha> | ||||||
Component: | at-spi2-atk | Assignee: | Rui Matos <rmatos> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 7.4 | CC: | jkoten, modehnal, tpelka, vbenes | ||||||
Target Milestone: | rc | Keywords: | TestBlocker | ||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | at-spi2-atk-2.22.0-2.el7 | Doc Type: | If docs needed, set a value | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2017-08-01 12:30:39 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 1444405 | ||||||||
Attachments: |
|
Description
Milan Crha
2017-04-21 12:45:25 UTC
Created attachment 1273320 [details]
proposed patch
This fixed the valgrind claim to me.
(In reply to Milan Crha from comment #2) > Created attachment 1273320 [details] > proposed patch > > This fixed the valgrind claim to me. Thank you for the patch. I filed a cleaner version upstream, can you confirm it fixes the crashes for you? It doesn't fix the crash from the other bug report (see comment #0), but it does fix the valgrind claim. Thanks. Created attachment 1273870 [details]
proposed patch - issue ][
Could you include also this patch, please? It fixes some other possible use-after-free issues in the package. It seems that not all code expects atk_object_ref_accessible_child() returning NULL, neither that it can return an object with only one reference, thus the following unref can cause use-after-free eventually.
At least the chunk in impl_GetChildAtIndex() avoids runtime warning about invalid object being passed to g_object_unref(), which happened, in this case, when evolution returned NULL. Evolution returns objects with one reference only often, which tries to address the other chunks here.
Upstream bug for the second issue: https://bugzilla.gnome.org/show_bug.cgi?id=781716 No longer reproducible. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2100 |