Invalid read under idle_monitor_dispatch_timeout()
Running gnome-shell under valgrind shows this claim. Looks like a use-after-free, which can cause trouble. As the code looks the same in 3.28.3 I fill it here as well.
==1243== Thread 1:
==1243== Invalid read of size 8
==1243== at 0x1033B0557: idle_monitor_dispatch_timeout (meta-idle-monitor.c:323)
==1243== by 0x1018C2048: g_main_dispatch (gmain.c:3175)
==1243== by 0x1018C2048: g_main_context_dispatch (gmain.c:3828)
==1243== by 0x1018C23A7: g_main_context_iterate.isra.19 (gmain.c:3901)
==1243== by 0x1018C2679: g_main_loop_run (gmain.c:4097)
==1243== by 0x1033F61DB: meta_run (main.c:666)
==1243== by 0x40217B: main (main.c:534)
==1243== Address 0x127ceace8 is 56 bytes inside a block of size 64 free'd
==1243== at 0x100C2B06D: free (vg_replace_malloc.c:540)
==1243== by 0x1018C779D: g_free (gmem.c:194)
==1243== by 0x1018DF2BF: g_slice_free1 (gslice.c:1136)
==1243== by 0x1018B0859: g_hash_table_remove_internal (ghash.c:1376)
==1243== by 0x1033B04AA: meta_idle_monitor_remove_watch (meta-idle-monitor.c:471)
==1243== by 0x106B82DEB: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.1)
==1243== by 0x106B82714: ffi_call (in /usr/lib64/libffi.so.6.0.1)
==1243== by 0x10290491F: ??? (in /usr/lib64/libgjs.so.0.0.0)
==1243== by 0x10290613A: ??? (in /usr/lib64/libgjs.so.0.0.0)
==1243== by 0x10A732526: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A725EA4: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A732058: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A7322BF: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A732628: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A5FC5E4: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A73236B: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A958415: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x1C9906AAFA95: ???
==1243== by 0x126B22077: ???
==1243== by 0x1C9906AAE887: ???
==1243== by 0x10A932649: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A93665A: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A72E023: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A732058: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A7322BF: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A732628: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A5CC230: JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x102929725: gjs_call_function_value (in /usr/lib64/libgjs.so.0.0.0)
==1243== by 0x1028FF8CC: gjs_closure_invoke (in /usr/lib64/libgjs.so.0.0.0)
==1243== by 0x1029066BB: ??? (in /usr/lib64/libgjs.so.0.0.0)
==1243== Block was alloc'd at
==1243== at 0x100C29F73: malloc (vg_replace_malloc.c:309)
==1243== by 0x1018C768D: g_malloc (gmem.c:99)
==1243== by 0x1018DEC8D: g_slice_alloc (gslice.c:1025)
==1243== by 0x1018DF1ED: g_slice_alloc0 (gslice.c:1051)
==1243== by 0x1033AFF16: make_watch (meta-idle-monitor.c:344)
==1243== by 0x1033B0370: meta_idle_monitor_add_idle_watch (meta-idle-monitor.c:411)
==1243== by 0x106B82DEB: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.1)
==1243== by 0x106B82714: ffi_call (in /usr/lib64/libffi.so.6.0.1)
==1243== by 0x10290491F: ??? (in /usr/lib64/libgjs.so.0.0.0)
==1243== by 0x10290613A: ??? (in /usr/lib64/libgjs.so.0.0.0)
==1243== by 0x10A732526: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A725EA4: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A732058: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A7322BF: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A732628: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A5FC5E4: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A73236B: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A958415: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x1C9906AAFA95: ???
==1243== by 0x126B22077: ???
==1243== by 0x1C9906AAE887: ???
==1243== by 0x10A932649: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A93665A: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A72E023: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A732058: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A7322BF: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A732628: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A5FC5E4: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A73236B: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
==1243== by 0x10A958415: ??? (in /usr/lib64/libmozjs-52.so.0.0.0)
Edited by Milan Crha