Bug 1295948

Summary: [abrt] evince: find_class_funcs(): evince killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Christian Stadelmann <fedora>
Component: evinceAssignee: Michael Stahl <mstahl>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 23CC: feborges, mhatina, mkasik
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/54d6c5fb946a6d339c836026fdc00e94f82edf57
Whiteboard: abrt_hash:33d5085a8406234f387224737e502939cedef417;VARIANT_ID=workstation;
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-08 16:03:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace
none
File: core_backtrace
none
File: dso_list
none
File: exploitable
none
File: limits
none
File: maps
none
File: namespaces
none
File: open_fds
none
File: proc_pid_status none

Description Christian Stadelmann 2016-01-05 21:17:36 UTC 
Description of problem:
I used the comment function in evince. Evince crashed when saving and when closing.

Version-Release number of selected component:
evince-3.18.2-3.fc23

Additional info:
reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        
crash_function: find_class_funcs
executable:     /usr/bin/evince
kernel:         4.2.8-300.fc23.x86_64
runlevel:       N 5
type:           CCpp

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 find_class_funcs at inspector/object-tree.c:506
 #1 object_get_parent at inspector/object-tree.c:524
 #2 gtk_inspector_object_tree_find_object at inspector/object-tree.c:1172
 #4 gtk_object_tree_remove_dead_object at inspector/object-tree.c:616
 #5 weak_refs_notify at gobject.c:2634
 #7 g_hash_table_remove_all_nodes at ghash.c:548
 #9 g_hash_table_remove_all at ghash.c:1428
 #10 g_hash_table_destroy at ghash.c:1122
 #11 g_hash_table_remove_all_nodes at ghash.c:548
 #13 g_hash_table_remove_all at ghash.c:1428
Comment 1 Christian Stadelmann 2016-01-05 21:17:42 UTC 
Created attachment 1111936 [details]
File: backtrace
Comment 2 Christian Stadelmann 2016-01-05 21:17:43 UTC 
Created attachment 1111937 [details]
File: core_backtrace
Comment 3 Christian Stadelmann 2016-01-05 21:17:45 UTC 
Created attachment 1111938 [details]
File: dso_list
Comment 4 Christian Stadelmann 2016-01-05 21:17:46 UTC 
Created attachment 1111939 [details]
File: exploitable
Comment 5 Christian Stadelmann 2016-01-05 21:17:47 UTC 
Created attachment 1111940 [details]
File: limits
Comment 6 Christian Stadelmann 2016-01-05 21:17:49 UTC 
Created attachment 1111941 [details]
File: maps
Comment 7 Christian Stadelmann 2016-01-05 21:17:51 UTC 
Created attachment 1111942 [details]
File: namespaces
Comment 8 Christian Stadelmann 2016-01-05 21:17:52 UTC 
Created attachment 1111943 [details]
File: open_fds
Comment 9 Christian Stadelmann 2016-01-05 21:17:53 UTC 
Created attachment 1111944 [details]
File: proc_pid_status
Comment 10 Fedora Admin XMLRPC Client 2016-10-14 08:08:13 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 11 Michael Stahl 2016-11-08 16:03:31 UTC 
cannot repro on current F24.

this gtk+ commit looks relevant, the stack in the cited bug looks the same,
so i'm assuming this is fixed:

commit f55e3f7eda1d54d1a87a098822cc5e345b2f36db
Author:     Matthias Clasen <mclasen>
AuthorDate: Sun Oct 25 13:11:17 2015 -0400

    inspector: Be more careful with dead objects
    
    gtk_inspector_object_tree_find_object accesses the type information
    of the object, so we can't safely use it on an already decaying
    object when we get a weak notify. Instead just walk the tree and
    compare pointers, that is safe.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=756852