According to valgrind, the memory used in CUpDownClient::GetDownloadState has been previously freed in CClientReqSocket::Disconnect. cur_sock has been retrieved from socket_list in this routine:
void CListenSocket::Process()
{
// 042e + Kry changes for Destroy
NEWPOSITION pos2;
m_OpenSocketsInterval = 0;
opensockets = 0;
for(NEWPOSITION pos1 = socket_list.GetHeadPosition(); (pos2 = pos1) != NULL;) {
socket_list.GetNext(pos1);
CClientReqSocket* cur_sock = socket_list.GetAt(pos2);
opensockets++;
if (!cur_sock->OnDestroy) {
cur_sock->CheckTimeOut();
}
}
if ((GetOpenSockets()+5 < app_prefs->GetMaxConnections() || theApp.serverconnect->IsConnecting()) && !bListening) {
ReStartListening();
}
}
The call that originated the error, which is curiously not listed in the backtrace, was to this routine:
uint16 CPartFile::GetNotCurrentSourcesCount()
{
uint16 counter=0;
NEWPOSITION pos1,pos2;
for (int sl=0;sl for (pos1 = srclists[sl].GetHeadPosition();( pos2 = pos1 ) != NULL;){
srclists[sl].GetNext(pos1);
CUpDownClient* cur_src = srclists[sl].GetAt(pos2);
if (cur_src->GetDownloadState()!=DS_ONQUEUE && cur_src->GetDownloadState()!=DS_DOWNLOADING) {
counter++;
}
}
}
return counter;
}
The relevant line is the one with two calls to cur_src->GetDownloadState(). As we can see, cur_src was retrieved from srclists.
----------------
Valgrind output:
----------------
==888==
==888== Invalid read of size 1
==888== at 0x8148000: CUpDownClient::GetDownloadState() (updownclient.h:277)
==888== by 0x8184102: CDownloadListCtrl::DrawFileItem(wxDC*, int, RECT*, CtrlItem_Struct*) (DownloadListCtrl.cpp
:953)
==888== by 0x8182217: CDownloadListCtrl::OnDrawItem(int, wxDC*, wxRect const&, wxRect const&, bool) (DownloadLis
tCtrl.cpp:489)
==888== by 0x81CB15B: wxODListMainWindow::OnPaint(wxPaintEvent&) (listctrl.cpp:2999)
==888== by 0x721E61: wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) (in /usr/lib/libwx_gtk-2.4.so.0.1.1
)
==888== by 0x721C8E: wxEvtHandler::ProcessEvent(wxEvent&) (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888== by 0x6D6504: wxWindow::GtkSendPaintEvents() (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888== by 0x6D62A8: wxWindow::GtkUpdate() (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888== by 0x6D4F31: wxWindow::OnInternalIdle() (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888== by 0x6868E3: wxApp::CallInternalIdle(wxWindow*) (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888== Address 0x41CF7C26 is 382 bytes inside a block of size 572 free'd
==888== at 0x36464C: __builtin_delete (vg_replace_malloc.c:244)
==888== by 0x813F6EF: CClientReqSocket::Disconnect(CString) (ListenSocket.cpp:145)
==888== by 0x813F497: CClientReqSocket::CheckTimeOut() (ListenSocket.cpp:115)
==888== by 0x8146EA8: CListenSocket::Process() (ListenSocket.cpp:1841)
==888== by 0x828CA97: TimerProc() (UploadQueue.cpp:756)
==888== by 0x8295358: CamuleDlg::OnUQTimer(wxTimerEvent&) (amuleDlg.cpp:344)
==888== by 0x721E61: wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) (in /usr/lib/libwx_gtk-2.4.so.0.1.1
)
==888== by 0x721C8E: wxEvtHandler::ProcessEvent(wxEvent&) (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888== by 0x7AD866: wxTimerBase::Notify() (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888== by 0x6CA96B: timeout_callback (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888==
==888== ---- Attach to GDB ? --- [Return/N/n/Y/y/C/c] ---- y
==888== starting GDB with cmd: /usr/bin/gdb -nw /proc/888/exe 888
---------------
gdb backtraces:
---------------
vg_do_syscall3 (syscallno=4294966784, arg1=992, arg2=0, arg3=0)
at vg_mylibc.c:92
92 vg_mylibc.c: No such file or directory.
in vg_mylibc.c
(gdb) bt
#0 vg_do_syscall3 (syscallno=4294966784, arg1=992, arg2=0, arg3=0)
at vg_mylibc.c:92
#1 0x00be09fd in vgPlain_system (cmd=0x0) at vg_mylibc.c:1277
#2 0x00bdbe00 in vgPlain_start_GDB_whilst_on_client_stack () at vg_main.c:1816
#3 0x00be42ac in vgPlain_swizzle_esp_then_start_GDB ()
from /usr/lib/valgrind/valgrind.so
#4 0x08148000 in CUpDownClient::GetDownloadState() (this=0xbff4b1e8)
at updownclient.h:277
#5 0x08148000 in CUpDownClient::GetDownloadState() (this=0x41f49234)
at updownclient.h:277
#6 0x08184103 in CDownloadListCtrl::DrawFileItem(wxDC*, int, RECT*, CtrlItem_Struct*) (this=0x5e43030, dc=0xbff4b840, nColumn=6, lpRect=0xbff4b6c0,
lpCtrlItem=0x3e042a0) at DownloadListCtrl.cpp:953
#7 0x08182218 in CDownloadListCtrl::OnDrawItem(int, wxDC*, wxRect const&, wxRect const&, bool) (this=0x5e43030, item=13, dc=0xbff4b840, rect=@0xbff4b810,
rectHL=@0xbff4b770, highlighted=false) at DownloadListCtrl.cpp:489
#8 0x081cb15c in wxODListMainWindow::OnPaint(wxPaintEvent&) (this=0x5e4383c)
at listctrl.cpp:2999
#9 0x00721e62 in wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) ()
from /usr/lib/libwx_gtk-2.4.so.0
#10 0x00721c8f in wxEvtHandler::ProcessEvent(wxEvent&) ()
from /usr/lib/libwx_gtk-2.4.so.0
#11 0x006d6505 in wxWindow::GtkSendPaintEvents() ()
from /usr/lib/libwx_gtk-2.4.so.0
#12 0x006d62a9 in wxWindow::GtkUpdate() () from /usr/lib/libwx_gtk-2.4.so.0
#13 0x006d4f32 in wxWindow::OnInternalIdle() ()
from /usr/lib/libwx_gtk-2.4.so.0
#14 0x006868e4 in wxApp::CallInternalIdle(wxWindow*) ()
from /usr/lib/libwx_gtk-2.4.so.0
#15 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
from /usr/lib/libwx_gtk-2.4.so.0
#16 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
from /usr/lib/libwx_gtk-2.4.so.0
#17 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
from /usr/lib/libwx_gtk-2.4.so.0
#18 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
from /usr/lib/libwx_gtk-2.4.so.0
#19 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
from /usr/lib/libwx_gtk-2.4.so.0
#20 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
from /usr/lib/libwx_gtk-2.4.so.0
#21 0x00686780 in wxApp::ProcessIdle() () from /usr/lib/libwx_gtk-2.4.so.0
#22 0x0068610f in wxapp_idle_callback () from /usr/lib/libwx_gtk-2.4.so.0
#23 0x002a34ef in g_timeout_add () from /usr/lib/libglib-1.2.so.0
#24 0x002a235b in g_get_current_time () from /usr/lib/libglib-1.2.so.0
#25 0x002a2846 in g_get_current_time () from /usr/lib/libglib-1.2.so.0
#26 0x002a2af4 in g_main_run () from /usr/lib/libglib-1.2.so.0
#27 0x001b56af in gtk_main () from /usr/lib/libgtk-1.2.so.0
#28 0x006869f2 in wxApp::MainLoop() () from /usr/lib/libwx_gtk-2.4.so.0
#29 0x006d8610 in wxAppBase::OnRun() () from /usr/lib/libwx_gtk-2.4.so.0
#30 0x006870cd in wxEntry(int, char**) () from /usr/lib/libwx_gtk-2.4.so.0
#31 0x0828df7a in main (argc=1, argv=0xbff4c094) at amule.cpp:114
Current language: auto; currently c
(gdb) bt full
#0 vg_do_syscall3 (syscallno=4294966784, arg1=992, arg2=0, arg3=0)
at vg_mylibc.c:92
__res = 4294966784
#1 0x00be09fd in vgPlain_system (cmd=0x0) at vg_mylibc.c:1277
pid = 992
res = -512
environ = {0x0}
#2 0x00bdbe00 in vgPlain_start_GDB_whilst_on_client_stack () at vg_main.c:1816
res = -512
buf = "/usr/bin/gdb -nw /proc/888/exe 888\000Bb\000\000\000@¸ô¿L¹ô¿\021\000\000\000\177\f\177\003+\003\000\000\a\001\000\000b\000\000\000\021\000\000\000+\003\000\000\a\001\000\000b\000\000\000\021\000\000\000XTà\003¬\r\220\000ȱô¿"
#3 0x00be42ac in vgPlain_swizzle_esp_then_start_GDB ()
from /usr/lib/valgrind/valgrind.so
No symbol table info available.
#4 0x08148000 in CUpDownClient::GetDownloadState() (this=0xbff4b1e8)
at updownclient.h:277
No locals.
#5 0x08148000 in CUpDownClient::GetDownloadState() (this=0x41f49234)
at updownclient.h:277
No locals.
#6 0x08184103 in CDownloadListCtrl::DrawFileItem(wxDC*, int, RECT*, CtrlItem_Struct*) (this=0x5e43030, dc=0xbff4b840, nColumn=6, lpRect=0xbff4b6c0,
lpCtrlItem=0x3e042a0) at DownloadListCtrl.cpp:953
sc = 47
ncsc = 394
clipper =
buffer = {<> = {}, }
lpPartFile = (class CPartFile *) 0x41f49234
#7 0x08182218 in CDownloadListCtrl::OnDrawItem(int, wxDC*, wxRect const&, wxRect const&, bool) (this=0x5e43030, item=13, dc=0xbff4b840, rect=@0xbff4b810,
rectHL=@0xbff4b770, highlighted=false) at DownloadListCtrl.cpp:489
iColumn = 6
listitem = {<> = {}, m_mask = 98, m_itemId = 0,
m_col = 0, m_state = 0, m_stateMask = 0, m_text = ,
m_image = -1, m_data = 0, m_format = 0, m_width = 107, m_attr = 0x0,
static sm_classwxListItem = {}}
cx = 107
iCurrent = 6
content = (CtrlItem_Struct *) 0x3e042a0
file = (class CPartFile *) 0x41f49234
mypen =
cur_rec = {left = 811, top = 263, right = 911, bottom = 280}
tree_start = 638
tree_end = 645
notLast = true
notFirst = true
iOffset = 4
iCount = 12
#8 0x081cb15c in wxODListMainWindow::OnPaint(wxPaintEvent&) (this=0x5e4383c)
at listctrl.cpp:2999
line = 13
visibleTo = 16
rectLine =
xOrig = 0
lineHeight = 20
visibleFrom = 0
yOrig = 0
dc =
dev_x = 0
dev_y = 0
#9 0x00721e62 in wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) ()
from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#10 0x00721c8f in wxEvtHandler::ProcessEvent(wxEvent&) ()
from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#11 0x006d6505 in wxWindow::GtkSendPaintEvents() ()
from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#12 0x006d62a9 in wxWindow::GtkUpdate() () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#13 0x006d4f32 in wxWindow::OnInternalIdle() ()
from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#14 0x006868e4 in wxApp::CallInternalIdle(wxWindow*) ()
from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#15 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#16 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#17 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#18 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#19 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
#20 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#21 0x00686780 in wxApp::ProcessIdle() () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#22 0x0068610f in wxapp_idle_callback () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#23 0x002a34ef in g_timeout_add () from /usr/lib/libglib-1.2.so.0
No symbol table info available.
#24 0x002a235b in g_get_current_time () from /usr/lib/libglib-1.2.so.0
No symbol table info available.
#25 0x002a2846 in g_get_current_time () from /usr/lib/libglib-1.2.so.0
No symbol table info available.
#26 0x002a2af4 in g_main_run () from /usr/lib/libglib-1.2.so.0
No symbol table info available.
#27 0x001b56af in gtk_main () from /usr/lib/libgtk-1.2.so.0
No symbol table info available.
#28 0x006869f2 in wxApp::MainLoop() () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#29 0x006d8610 in wxAppBase::OnRun() () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#30 0x006870cd in wxEntry(int, char**) () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#31 0x0828df7a in main (argc=1, argv=0xbff4c094) at amule.cpp:114
No locals.
