On Mon, 2011-10-31 at 21:22 +0100, Thomas Mittelstaedt wrote:
> Just had a segfault in gal_a11y_e_cell_popup_new. Turned out that
> the cast
> popupcell= E_CELL_POPUP (cell_view->ecell);
>
> would turn up a broken pointer, crashing afterward.
Hi,
it depends on the brokenness kind, if either the cell_view is already
freed, or the cell_view->ecell is pointing to already freed memory. In
both cases you are trying to access maybe-overwritten memory and read
from it, which can do pretty much anything.
> I inserted the following on my side:
>
> ECellPopup *popupcell = NULL;
> ECellView* child_view = NULL;
>
> if (E_IS_CELL_POPUP(cell_view->ecell)) {
> popupcell = E_CELL_POPUP(cell_view->ecell);
> }
That it didn't crash for you is probably just a coincidence, that the
memory (allocated on GSlice) wasn't overwritten yet. You can check with
valgrind, using command like this:
$ G_SLICE=always-malloc valgrind --num-callers=50 evolution &>log.txt
I suppose yours "Just had a segfault" also means that you do not face it
every day, it just happened today, thus you do not have a reproducer for
this?
Bye,
Milan
_______________________________________________
evolution-hackers mailing list
[email protected]
To change your list options or unsubscribe, visit ...
http://mail.gnome.org/mailman/listinfo/evolution-hackers
