Opened 10 years ago
Closed 10 years ago
#866 closed defect/bug (fixed)
[valgrind] "invalid read" detected in vehicle_demo
| Reported by: | pini | Owned by: | woglinde |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | core | Version: | git master |
| Severity: | Keywords: | ||
| Cc: | http://wiki.navit-project.org/index.php/user:pini |
Description
Hi,
The demo vehicle used to segfault when reaching a waypoint or destination. I've tracked this one using valgrind:
==32515== Invalid read of size 4 ==32515== at 0x8089BFA: rm_rect_destroy (route.c:3226) ==32515== by 0x806F261: map_rect_destroy (map.c:372) ==32515== by 0x5845057: vehicle_demo_timer (vehicle_demo.c:167) ==32515== by 0x805FB22: callback_call (callback.c:181) ==32515== by 0x805FC35: callback_call_args (callback.c:202) ==32515== by 0x805CC32: event_glib_call_timeout_multi (event_glib.c:107) ==32515== by 0x40A6B8B: ??? (in /lib/libglib-2.0.so.0.2800.6) ==32515== by 0x40A5251: g_main_context_dispatch (in /lib/libglib-2.0.so.0.2800.6) ==32515== by 0x40A5A2F: ??? (in /lib/libglib-2.0.so.0.2800.6) ==32515== by 0x40A60F2: g_main_loop_run (in /lib/libglib-2.0.so.0.2800.6) ==32515== by 0x805CA6B: event_glib_main_loop_run (event_glib.c:34) ==32515== by 0x8062B77: event_main_loop_run (event.c:38) ==32515== by 0x80545E3: main_real (start_real.c:198) ==32515== by 0x8053FCA: main (start.c:25) ==32515== Address 0x5b93310 is 0 bytes inside a block of size 36 free'd ==32515== at 0x4023B6A: free (vg_replace_malloc.c:366) ==32515== by 0x40AC3A5: g_free (in /lib/libglib-2.0.so.0.2800.6) ==32515== by 0x8082A24: route_path_destroy (route.c:416) ==32515== by 0x80843B5: route_remove_waypoint (route.c:1068) ==32515== by 0x80779A8: navit_vehicle_update (navit.c:2795) ==32515== by 0x805FB13: callback_call (callback.c:178) ==32515== by 0x805FC99: callback_list_call_attr (callback.c:219) ==32515== by 0x805FD5C: callback_list_call_attr_args (callback.c:235) ==32515== by 0x5844FF0: vehicle_demo_timer (vehicle_demo.c:158) ==32515== by 0x805FB22: callback_call (callback.c:181) ==32515== by 0x805FC35: callback_call_args (callback.c:202) ==32515== by 0x805CC32: event_glib_call_timeout_multi (event_glib.c:107) ==32515== by 0x40A6B8B: ??? (in /lib/libglib-2.0.so.0.2800.6) ==32515== by 0x40A5251: g_main_context_dispatch (in /lib/libglib-2.0.so.0.2800.6) ==32515== by 0x40A5A2F: ??? (in /lib/libglib-2.0.so.0.2800.6) ==32515== by 0x40A60F2: g_main_loop_run (in /lib/libglib-2.0.so.0.2800.6) ==32515== by 0x805CA6B: event_glib_main_loop_run (event_glib.c:34) ==32515== by 0x8062B77: event_main_loop_run (event.c:38) ==32515== by 0x80545E3: main_real (start_real.c:198) ==32515== by 0x8053FCA: main (start.c:25)
I'm not self-confident about fixing this one, but my take is that adjusting the reference counter for the route_path might do the trick. Please review the attached patch. With it applied, I've successfully checked that no more invalid read is triggered regarding this route_path.
Thanks.
Attachments (1)
Change History (4)
Changed 10 years ago by pini
comment:1 Changed 10 years ago by woglinde
- Owner changed from KaZeR to woglinde
- Status changed from new to assigned
comment:2 Changed 10 years ago by pini
- Cc http://wiki.navit-project.org/index.php/user:pini added
comment:3 Changed 10 years ago by woglinde
- Resolution set to fixed
- Status changed from assigned to closed
Note: See
TracTickets for help on using
tickets.
Hi,
the patch was applied with revision 4508 http://navit.svn.sourceforge.net/viewvc/navit?view=revision&revision=4508
Bye Henning