Invalid read in clutter_click_action_handle_event() when clicking clear icon in search
When clutter_click_action_handle_event()
handles the release of the button for the clear icon in the shell search, this clears the search entry which results in the removal of the icon along with its click action. So by the time g_signal_emit()
has finished, the action has been destroyed. clutter_click_action_handle_event()
is however still trying to access priv->is_held
afterwards.
==292684== Invalid read of size 1
==292684== at 0x5819306: clutter_click_action_handle_event (clutter-click-action.c:423)
==292684== by 0x57E2902: clutter_action_handle_event (clutter-action.c:102)
==292684== by 0x57F9A73: clutter_actor_run_actions (clutter-actor.c:11993)
==292684== by 0x57F9BB1: clutter_actor_event (clutter-actor.c:12031)
==292684== by 0x5808AD5: _clutter_actor_handle_event (clutter-actor.c:18681)
==292684== by 0x58444B4: emit_event_chain (clutter-main.c:665)
==292684== by 0x58444FC: emit_event (clutter-main.c:683)
==292684== by 0x5844A35: _clutter_process_event_details (clutter-main.c:881)
==292684== by 0x5844C8B: _clutter_process_event (clutter-main.c:971)
==292684== by 0x586A1E7: _clutter_stage_queue_event (clutter-stage.c:624)
==292684== by 0x584481D: clutter_do_event (clutter-main.c:811)
==292684== by 0x59C5937: clutter_source_dispatch (meta-backend.c:1119)
==292684== Address 0x2b5274bc is 76 bytes inside a block of size 160 free'd
==292684== at 0x48440E4: free (vg_replace_malloc.c:884)
==292684== by 0x4CF3375: g_type_free_instance (gtype.c:2069)
==292684== by 0x4CEAA08: g_signal_emit_valist (gsignal.c:3514)
==292684== by 0x4CEACEC: g_signal_emit (gsignal.c:3612)
==292684== by 0x581927E: clutter_click_action_handle_event (clutter-click-action.c:401)
==292684== by 0x57E2902: clutter_action_handle_event (clutter-action.c:102)
==292684== by 0x57F9A73: clutter_actor_run_actions (clutter-actor.c:11993)
==292684== by 0x57F9BB1: clutter_actor_event (clutter-actor.c:12031)
==292684== by 0x5808AD5: _clutter_actor_handle_event (clutter-actor.c:18681)
==292684== by 0x58444B4: emit_event_chain (clutter-main.c:665)
==292684== by 0x58444FC: emit_event (clutter-main.c:683)
==292684== by 0x5844A35: _clutter_process_event_details (clutter-main.c:881)
==292684== Block was alloc'd at
==292684== at 0x4846464: calloc (vg_replace_malloc.c:1340)
==292684== by 0x4D77708: g_malloc0 (gmem.c:163)
==292684== by 0x4CF2F9E: g_type_create_instance (gtype.c:1969)
==292684== by 0x4CD7107: g_object_new_internal (gobject.c:2246)
==292684== by 0x4CD870B: g_object_new_with_properties (gobject.c:2409)
==292684== by 0x4CD93C8: g_object_new (gobject.c:2055)
==292684== by 0x58199D6: clutter_click_action_new (clutter-click-action.c:678)
==292684== by 0x5E4EB78: _st_entry_set_icon (st-entry.c:1377)
==292684== by 0x5E4F951: st_entry_set_secondary_icon (st-entry.c:1449)
==292684== by 0x67A6BE5: ??? (in /usr/lib64/libffi.so.8.1.2)
==292684== by 0x67A34BE: ??? (in /usr/lib64/libffi.so.8.1.2)
==292684== by 0x67A618D: ffi_call (in /usr/lib64/libffi.so.8.1.2)