Consistent invalid free() post-cb871c6c
cb871c6c seems to be causing GTK-based applications to crash now.
Not sure how to provide steps to reproduce, since I use jhbuild for the GNOME stack, but it should be reproducible regardless. With gnome-contacts (git master at https://gitlab.gnome.org/GNOME/gnome-contacts), for instance, it happens after some waiting (I just play around resizing the window violently, and it happens eventually). I’ve had better luck with Nautilus (git master at https://gitlab.gnome.org/GNOME/nautilus), since there it happens usually immediately.
Valgrind log from gnome-contacts:
==4896== Invalid free() / delete / delete[] / realloc()
==4896== at 0x4839A0C: free (vg_replace_malloc.c:540)
==4896== by 0x59086BA: _cairo_clip_destroy (cairo-clip.c:137)
==4896== by 0x590A9A6: _cairo_composite_rectangles_fini (cairo-composite-rectangles.c:47)
==4896== by 0x590BC1C: _cairo_compositor_paint (cairo-compositor.c:79)
==4896== by 0x59C6A67: _cairo_xlib_surface_paint (cairo-xlib-surface.c:1574)
==4896== by 0x5984873: _cairo_surface_paint (cairo-surface.c:2198)
==4896== by 0x5918EE7: _cairo_gstate_fill (cairo-gstate.c:1307)
==4896== by 0x59106AC: _cairo_default_context_fill (cairo-default-context.c:1055)
==4896== by 0x5999B43: cairo_fill (cairo.c:2421)
==4896== by 0x510349C: gtk_css_image_linear_draw (gtkcssimagelinear.c:234)
==4896== by 0x50FC8E5: _gtk_css_image_draw (gtkcssimage.c:239)
==4896== by 0x529C68A: _gtk_theming_background_paint_layer (gtkrenderbackground.c:176)
==4896== Address 0x1d0582d4 is 52 bytes inside a block of size 72 alloc'd
==4896== at 0x483880B: malloc (vg_replace_malloc.c:309)
==4896== by 0x59085EA: _cairo_clip_create (cairo-clip.c:111)
==4896== by 0x5908713: _cairo_clip_copy (cairo-clip.c:151)
==4896== by 0x591679F: _cairo_gstate_init_copy (cairo-gstate.c:169)
==4896== by 0x5916B7F: _cairo_gstate_save (cairo-gstate.c:250)
==4896== by 0x590ED76: _cairo_default_context_save (cairo-default-context.c:121)
==4896== by 0x599879A: cairo_save (cairo.c:630)
==4896== by 0x8FA9400: pango_cairo_renderer_show_text_glyphs (pangocairo-render.c:466)
==4896== by 0x8FA98B2: pango_cairo_renderer_draw_glyph_item (pangocairo-render.c:576)
==4896== by 0x588BF38: pango_renderer_draw_glyph_item (pango-renderer.c:715)
==4896== by 0x588BB80: pango_renderer_draw_layout_line (pango-renderer.c:569)
==4896== by 0x588B137: pango_renderer_draw_layout (pango-renderer.c:193)
GDB stack trace from gnome-contacts:
#0 0x00007ffff692153f in raise () from /lib64/libc.so.6
#1 0x00007ffff690b895 in abort () from /lib64/libc.so.6
#2 0x00007ffff6964927 in __libc_message () from /lib64/libc.so.6
#3 0x00007ffff696b25c in malloc_printerr () from /lib64/libc.so.6
#4 0x00007ffff696f17e in free_check.part () from /lib64/libc.so.6
#5 0x00007ffff6dba6bb in _cairo_clip_destroy (clip=0xda60c0) at /home/ekulik/jhbuild/checkout/cairo/src/cairo-clip.c:137
#6 0x00007ffff6dbc9a7 in _cairo_composite_rectangles_fini (extents=0x7fffffffbe60) at /home/ekulik/jhbuild/checkout/cairo/src/cairo-composite-rectangles.c:47
#7 0x00007ffff6dbdc1d in _cairo_compositor_paint (compositor=0x7ffff6f365a0 <compositor>, surface=0xda9630, op=CAIRO_OPERATOR_OVER, source=0x7fffffffc1e0, clip=0xdbfa40) at /home/ekulik/jhbuild/checkout/cairo/src/cairo-compositor.c:79
#8 0x00007ffff6e78a68 in _cairo_xlib_surface_paint (_surface=0xda9630, op=CAIRO_OPERATOR_OVER, source=0x7fffffffc1e0, clip=0xdbfa40) at /home/ekulik/jhbuild/checkout/cairo/src/cairo-xlib-surface.c:1574
#9 0x00007ffff6e36874 in _cairo_surface_paint (surface=0xda9630, op=CAIRO_OPERATOR_OVER, source=0x7fffffffc1e0, clip=0xdbfa40) at /home/ekulik/jhbuild/checkout/cairo/src/cairo-surface.c:2198
#10 0x00007ffff6dcaee8 in _cairo_gstate_fill (gstate=0xda7690, path=0xcdc578) at /home/ekulik/jhbuild/checkout/cairo/src/cairo-gstate.c:1307
#11 0x00007ffff6dc26ad in _cairo_default_context_fill (abstract_cr=0xcdc200) at /home/ekulik/jhbuild/checkout/cairo/src/cairo-default-context.c:1055
#12 0x00007ffff6e4bb44 in cairo_fill (cr=0xcdc200) at /home/ekulik/jhbuild/checkout/cairo/src/cairo.c:2421
#13 0x00007ffff72ae49d in gtk_css_image_linear_draw (image=0x92b840, cr=0xcdc200, width=300, height=46) at /home/ekulik/jhbuild/checkout/gtk+-3/gtk/gtkcssimagelinear.c:234
#14 0x00007ffff72a78e6 in _gtk_css_image_draw (image=0x92b840, cr=0xcdc200, width=300, height=46) at /home/ekulik/jhbuild/checkout/gtk+-3/gtk/gtkcssimage.c:239
#15 0x00007ffff744768b in _gtk_theming_background_paint_layer (bg=0x7fffffffc5d0, idx=0, cr=0xcdc200, blend_mode=GTK_CSS_BLEND_MODE_NORMAL) at /home/ekulik/jhbuild/checkout/gtk+-3/gtk/gtkrenderbackground.c:176
#16 0x00007ffff74480cc in gtk_css_style_render_background (style=0xd828f0, cr=0xcdc200, x=0, y=0, width=300, height=47, junction=GTK_JUNCTION_NONE) at /home/ekulik/jhbuild/checkout/gtk+-3/gtk/gtkrenderbackground.c:402
#17 0x00007ffff7444ebc in gtk_render_background (context=0xbbe940, cr=0xcdc200, x=0, y=0, width=300, height=47) at /home/ekulik/jhbuild/checkout/gtk+-3/gtk/gtkrender.c:260
#18 0x00007ffff6ccd4b4 in hdy_title_bar_draw (widget=0xb2de10, cr=0xcdc200) at ../../../../jhbuild/checkout/libhandy/src/hdy-title-bar.c:153
#19 0x00007ffff7563d12 in gtk_widget_draw_internal (widget=0xb2de10, cr=0xcdc200, clip_to_size=1) at /home/ekulik/jhbuild/checkout/gtk+-3/gtk/gtkwidget.c:7032
#20 0x00007ffff729952a in gtk_container_propagate_draw (container=0xb923f0, child=0xb2de10, cr=0xcdc200) at /home/ekulik/jhbuild/checkout/gtk+-3/gtk/gtkcontainer.c:3853
#21 0x00007ffff7298fe5 in gtk_container_draw (widget=0xb923f0, cr=0xcdc200) at /home/ekulik/jhbuild/checkout/gtk+-3/gtk/gtkcontainer.c:3673
#22 0x00007ffff758cb7d in gtk_window_draw (widget=0xb923f0, cr=0xcdc200) at /home/ekulik/jhbuild/checkout/gtk+-3/gtk/gtkwindow.c:10456
#23 0x00007ffff7563d12 in gtk_widget_draw_internal (widget=0xb923f0, cr=0xcdc200, clip_to_size=1) at /home/ekulik/jhbuild/checkout/gtk+-3/gtk/gtkwidget.c:7032
#24 0x00007ffff75781e9 in gtk_widget_render (widget=0xb923f0, window=0x4e6960, region=0xd208f0) at /home/ekulik/jhbuild/checkout/gtk+-3/gtk/gtkwidget.c:17542
#25 0x00007ffff73ad2f9 in gtk_main_do_event (event=0x7fffffffcb90) at /home/ekulik/jhbuild/checkout/gtk+-3/gtk/gtkmain.c:1838
#26 0x00007ffff6ffa2d5 in _gdk_event_emit (event=0x7fffffffcb90) at /home/ekulik/jhbuild/checkout/gtk+-3/gdk/gdkevents.c:73
#27 0x00007ffff7014c87 in _gdk_window_process_updates_recurse_helper (window=0x4e6960, expose_region=0xd20a80) at /home/ekulik/jhbuild/checkout/gtk+-3/gdk/gdkwindow.c:3852
#28 0x00007ffff7014ea8 in _gdk_window_process_updates_recurse (window=0x4e6960, expose_region=0xd20a80) at /home/ekulik/jhbuild/checkout/gtk+-3/gdk/gdkwindow.c:3909
#29 0x00007ffff7022377 in gdk_window_impl_process_updates_recurse (window=0x4e6960, region=0xd20a80) at /home/ekulik/jhbuild/checkout/gtk+-3/gdk/gdkwindowimpl.c:333
#30 0x00007ffff701513c in gdk_window_process_updates_internal (window=0x4e6960) at /home/ekulik/jhbuild/checkout/gtk+-3/gdk/gdkwindow.c:3998
#31 0x00007ffff70155fd in gdk_window_process_updates_with_mode (window=0x4e6960, recurse_mode=2) at /home/ekulik/jhbuild/checkout/gtk+-3/gdk/gdkwindow.c:4193
#32 0x00007ffff7020fc5 in gdk_window_paint_on_clock (clock=0x8a65f0, data=0x4e6960) at /home/ekulik/jhbuild/checkout/gtk+-3/gdk/gdkwindow.c:11699
#33 0x00007ffff7db546f in g_cclosure_marshal_VOID__VOID (closure=0xd08a60, return_value=0x0, n_param_values=1, param_values=0x7fffffffcf90, invocation_hint=0x7fffffffced0, marshal_data=0x0) at ../../../../jhbuild/checkout/glib/gobject/gmarshal.c:875
#34 0x00007ffff7db2108 in g_closure_invoke (closure=0xd08a60, return_value=0x0, n_param_values=1, param_values=0x7fffffffcf90, invocation_hint=0x7fffffffced0) at ../../../../jhbuild/checkout/glib/gobject/gclosure.c:810
#35 0x00007ffff7dcfd09 in signal_emit_unlocked_R (node=0x4efa90, detail=0, instance=0x8a65f0, emission_return=0x0, instance_and_params=0x7fffffffcf90) at ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3635
#36 0x00007ffff7dcf01a in g_signal_emit_valist (instance=0x8a65f0, signal_id=32, detail=0, var_args=0x7fffffffd238) at ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3391
#37 0x00007ffff7dcf599 in g_signal_emit (instance=0x8a65f0, signal_id=32, detail=0) at ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3447
#38 0x00007ffff7006a1c in _gdk_frame_clock_emit_paint (frame_clock=0x8a65f0) at /home/ekulik/jhbuild/checkout/gtk+-3/gdk/gdkframeclock.c:640
#39 0x00007ffff700756c in gdk_frame_clock_paint_idle (data=0x8a65f0) at /home/ekulik/jhbuild/checkout/gtk+-3/gdk/gdkframeclockidle.c:459
#40 0x00007ffff6feacf5 in gdk_threads_dispatch (data=0x6acf00) at /home/ekulik/jhbuild/checkout/gtk+-3/gdk/gdk.c:770
#41 0x00007ffff7cbdae5 in g_timeout_dispatch (source=0xda8320, callback=0x7ffff6feacb0 <gdk_threads_dispatch>, user_data=0x6acf00) at ../../../../jhbuild/checkout/glib/glib/gmain.c:4678
#42 0x00007ffff7cbbc2d in g_main_dispatch (context=0x4f3710) at ../../../../jhbuild/checkout/glib/glib/gmain.c:3189
#43 0x00007ffff7cbcaff in g_main_context_dispatch (context=0x4f3710) at ../../../../jhbuild/checkout/glib/glib/gmain.c:3854
#44 0x00007ffff7cbcce3 in g_main_context_iterate (context=0x4f3710, block=1, dispatch=1, self=0x9272c0) at ../../../../jhbuild/checkout/glib/glib/gmain.c:3927
#45 0x00007ffff7cbcda7 in g_main_context_iteration (context=0x4f3710, may_block=1) at ../../../../jhbuild/checkout/glib/glib/gmain.c:3988
#46 0x00007ffff7a2f41e in g_application_run (application=0x8e5260, argc=1, argv=0x7fffffffd728) at ../../../../jhbuild/checkout/glib/gio/gapplication.c:2516
#47 0x000000000045ba3b in _vala_main (args=0x7fffffffd728, args_length1=1) at ../../../../jhbuild/checkout/gnome-contacts/src/main.vala:35
#48 0x000000000045baa5 in main (argc=1, argv=0x7fffffffd728) at ../../../../jhbuild/checkout/gnome-contacts/src/main.vala:22