[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] [bug #34690] Segfault from PropertyList.cpp:66.
|
From: |
Bastiaan Jacques |
|
Subject: |
[Gnash-commit] [bug #34690] Segfault from PropertyList.cpp:66. |
|
Date: |
Sun, 30 Oct 2011 00:26:19 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 |
URL:
<http://savannah.gnu.org/bugs/?34690>
Summary: Segfault from PropertyList.cpp:66.
Project: Gnash - The GNU Flash player
Submitted by: bjacques
Submitted on: Sun 30 Oct 2011 02:26:18 CEST
Category: core
Severity: 3 - Normal
Release: master
Status: Confirmed
Privacy: Public
Assigned to: strk
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
Upstream bug is https://bugzilla.redhat.com/show_bug.cgi?id=711518. (Includes
stacktrace.)
STR: gui/gnash https://bugzilla.redhat.com/attachment.cgi?id=510587
Useful output from Valgrind suggests that the as_object is improperly GC'd:
==26943== Thread 1:
==26943== Invalid read of size 8
==26943== at 0x4E56470: gnash::PropertyList::getProperty(gnash::ObjectURI
const&) const (PropertyList.cpp:148)
==26943== by 0x4E7724C: gnash::as_object::getOwnProperty(gnash::ObjectURI
const&) (as_object.cpp:934)
==26943== by 0x4F17D9A: gnash::MovieClip::constructAsScriptObject()
(MovieClip.cpp:1694)
==26943== by 0x4F180C9: gnash::MovieClip::construct(gnash::as_object*)
(MovieClip.cpp:1780)
==26943== by 0x4F162C3:
gnash::MovieClip::attachCharacter(gnash::DisplayObject&, int,
gnash::as_object*) (MovieClip.cpp:1230)
==26943== by 0x4FE19E7: gnash::(anonymous
namespace)::movieclip_attachMovie(gnash::fn_call const&)
(MovieClip_as.cpp:517)
==26943== by 0x4FBCC55: gnash::NativeFunction::call(gnash::fn_call const&)
(NativeFunction.h:65)
==26943== by 0x50B7D62: gnash::(anonymous
namespace)::ActionCallMethod(gnash::ActionExec&) (ASHandlers.cpp:2811)
==26943== by 0x50AD3EE:
gnash::SWF::ActionHandler::execute(gnash::ActionExec&) const
(ASHandlers.cpp:239)
==26943== by 0x50AF812:
gnash::SWF::SWFHandlers::execute(gnash::SWF::ActionType, gnash::ActionExec&)
const (ASHandlers.cpp:432)
==26943== by 0x50C4FDA: gnash::ActionExec::operator()()
(ActionExec.cpp:260)
==26943== by 0x4F61A27: gnash::Function2::call(gnash::fn_call const&)
(Function2.cpp:219)
==26943== Address 0x84b8fa8 is 104 bytes inside a block of size 232 free'd
==26943== at 0x4A062BC: operator delete(void*) (vg_replace_malloc.c:387)
==26943== by 0x4F609D5: gnash::Function::~Function() (Function.h:77)
==26943== by 0x5E54DE8: gnash::GC::cleanUnreachable() (GC.cpp:84)
==26943== by 0x5E54E79: gnash::GC::runCycle() (GC.cpp:125)
==26943== by 0x4EF1992: gnash::GC::fuzzyCollect() (GC.h:251)
==26943== by 0x4EE7306: gnash::movie_root::cleanupAndCollect()
(movie_root.cpp:311)
==26943== by 0x4EE98BB: gnash::movie_root::advanceMovie()
(movie_root.cpp:980)
==26943== by 0x4EE968D: gnash::movie_root::advance() (movie_root.cpp:931)
==26943== by 0x48767A: gnash::Gui::advanceMovie(bool) (gui.cpp:950)
==26943== by 0x4A8586: gnash::NullGui::run() (NullGui.cpp:44)
==26943== by 0x499572: gnash::Player::run(int, char**, std::string const&,
std::string const&) (Player.cpp:645)
==26943== by 0x458A1C: playFile(gnash::Player&, int, char**, std::string
const&) (gnash.cpp:90)
The attached patch appears to solve the problem.
Being thorougly unfamiliar with this code, assigning this to strk.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Sun 30 Oct 2011 02:26:18 CEST Name: gnash-props-fix.diff Size: 538B
By: bjacques
<http://savannah.gnu.org/bugs/download.php?file_id=24245>
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?34690>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Gnash-commit] [bug #34690] Segfault from PropertyList.cpp:66.,
Bastiaan Jacques <=