You need to sign in or sign up before continuing.

Use-after-free on plugin exit

Steps to reproduce:

Xfce Panel -> Panel Preferences... -> Items -> +Add -> "Window Header - Title"
Don't close the "Panel Preferences" window opened in step 1
Maximize/unmaximize some windows to verify that the plugin has been added to the panel
Click -Remove in the "Panel Preferences" window to remove the plugin added in step 1

Valgrind output (1 example of many such lines):

==2012== Invalid write of size 8
==2012==    at 0x485DDE9: active_window_changed (wck-utils.c:224)
==2012==    by 0x544AB4C: g_cclosure_marshal_VOID__OBJECT (gmarshal.c:1852)
....
==2012==  Address 0x9c1a848 is 24 bytes inside a block of size 112 free'd
==2012==    at 0x48439EF: free (vg_replace_malloc.c:872)
==2012==    by 0x550F2A8: g_free (gmem.c:199)
==2012==    by 0x552B927: g_slice_free1 (gslice.c:1183)
==2012==    by 0x485A0B3: windowck_free (windowck.c:300)
==2012==    by 0x5449824: g_cclosure_marshal_VOID__VOID (gmarshal.c:117)
....
==2012==  Block was alloc'd at
==2012==    at 0x4840895: malloc (vg_replace_malloc.c:381)
==2012==    by 0x550F1A8: g_malloc (gmem.c:106)
==2012==    by 0x552B0C0: g_slice_alloc (gslice.c:1072)
==2012==    by 0x485AB0C: windowck_construct (windowck.c:400)
==2012==    by 0x485ABD8: xfce_panel_module_realize (windowck.c:409)

In the Valgrind output: active_window_changed() is being called after windowck_free().