Opened 9 years ago

Closed 9 years ago

#866 closed defect/bug (fixed)

[valgrind] "invalid read" detected in vehicle_demo

Reported by: pini Owned by: woglinde
Priority: major Milestone:
Component: core Version: git master
Severity: Keywords:
Cc: http://wiki.navit-project.org/index.php/user:pini

Description

Hi,

The demo vehicle used to segfault when reaching a waypoint or destination. I've tracked this one using valgrind:

==32515== Invalid read of size 4
==32515==    at 0x8089BFA: rm_rect_destroy (route.c:3226)
==32515==    by 0x806F261: map_rect_destroy (map.c:372)
==32515==    by 0x5845057: vehicle_demo_timer (vehicle_demo.c:167)
==32515==    by 0x805FB22: callback_call (callback.c:181)
==32515==    by 0x805FC35: callback_call_args (callback.c:202)
==32515==    by 0x805CC32: event_glib_call_timeout_multi (event_glib.c:107)
==32515==    by 0x40A6B8B: ??? (in /lib/libglib-2.0.so.0.2800.6)
==32515==    by 0x40A5251: g_main_context_dispatch (in /lib/libglib-2.0.so.0.2800.6)
==32515==    by 0x40A5A2F: ??? (in /lib/libglib-2.0.so.0.2800.6)
==32515==    by 0x40A60F2: g_main_loop_run (in /lib/libglib-2.0.so.0.2800.6)
==32515==    by 0x805CA6B: event_glib_main_loop_run (event_glib.c:34)
==32515==    by 0x8062B77: event_main_loop_run (event.c:38)
==32515==    by 0x80545E3: main_real (start_real.c:198)
==32515==    by 0x8053FCA: main (start.c:25)
==32515==  Address 0x5b93310 is 0 bytes inside a block of size 36 free'd
==32515==    at 0x4023B6A: free (vg_replace_malloc.c:366)
==32515==    by 0x40AC3A5: g_free (in /lib/libglib-2.0.so.0.2800.6)
==32515==    by 0x8082A24: route_path_destroy (route.c:416)
==32515==    by 0x80843B5: route_remove_waypoint (route.c:1068)
==32515==    by 0x80779A8: navit_vehicle_update (navit.c:2795)
==32515==    by 0x805FB13: callback_call (callback.c:178)
==32515==    by 0x805FC99: callback_list_call_attr (callback.c:219)
==32515==    by 0x805FD5C: callback_list_call_attr_args (callback.c:235)
==32515==    by 0x5844FF0: vehicle_demo_timer (vehicle_demo.c:158)
==32515==    by 0x805FB22: callback_call (callback.c:181)
==32515==    by 0x805FC35: callback_call_args (callback.c:202)
==32515==    by 0x805CC32: event_glib_call_timeout_multi (event_glib.c:107)
==32515==    by 0x40A6B8B: ??? (in /lib/libglib-2.0.so.0.2800.6)
==32515==    by 0x40A5251: g_main_context_dispatch (in /lib/libglib-2.0.so.0.2800.6)
==32515==    by 0x40A5A2F: ??? (in /lib/libglib-2.0.so.0.2800.6)
==32515==    by 0x40A60F2: g_main_loop_run (in /lib/libglib-2.0.so.0.2800.6)
==32515==    by 0x805CA6B: event_glib_main_loop_run (event_glib.c:34)
==32515==    by 0x8062B77: event_main_loop_run (event.c:38)
==32515==    by 0x80545E3: main_real (start_real.c:198)
==32515==    by 0x8053FCA: main (start.c:25)

I'm not self-confident about fixing this one, but my take is that adjusting the reference counter for the route_path might do the trick. Please review the attached patch. With it applied, I've successfully checked that no more invalid read is triggered regarding this route_path.

Thanks.

Attachments (1)

valgrind-waypoint.patch (2.0 KB) - added by pini 9 years ago.

Download all attachments as: .zip

Change History (4)

Changed 9 years ago by pini

comment:1 Changed 9 years ago by woglinde

  • Owner changed from KaZeR to woglinde
  • Status changed from new to assigned

comment:2 Changed 9 years ago by pini

  • Cc http://wiki.navit-project.org/index.php/user:pini added

comment:3 Changed 9 years ago by woglinde

  • Resolution set to fixed
  • Status changed from assigned to closed

Hi,

the patch was applied with revision 4508 http://navit.svn.sourceforge.net/viewvc/navit?view=revision&revision=4508

Bye Henning

Note: See TracTickets for help on using tickets.