Bug 153020

Summary: Crash on im-iiim.so, destroying widget during key_down
Product: [Fedora] Fedora Reporter: Felipe Heidrich <felipe_heidrich>
Component: iiimfAssignee: Akira TAGOH <tagoh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: eng-i18n-bugs
Target Milestone: ---Keywords: i18n
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: iiimf-12.1.1-13.svn2469 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-04-14 05:03:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 125997, 163648    

Description Felipe Heidrich 2005-03-31 22:45:16 UTC 
fedora core 3

Here is the situation, the application wants its dialogs close (cancel) when the
Esc key is hit anywhere in the dialog. When the dialog closes all its children
are destroyed. Let say there is a entry in this dialog, this entry has japanese
input method on (ready to enter kana). The Esc key is hit, first the entry
process its key down handler (call im_filter_key, etc), then the application
process the key and destroy the dialog and all its children along with it. This
cause the application to crash.
I notice that if the application processes the esc key before the gtkentry
nothing bad happens.
The crash seems to happen in the function im_context_iiim_new(), in the module
im-iiim.so, when it attempts to free some memory.
Here is the stack:
#25 	0x08048cd4 	in main () at pr89720.c:38
#24 	0x00bd707e 	in gtk_main () from libgtk-x11-2.0.so.0
#23 	0x007084ef 	in g_main_loop_run () from libglib-2.0.so.0
#22 	0x00708242 	in g_main_context_acquire () from libglib-2.0.so.0
#21 	0x007067bb 	in g_main_context_dispatch () from libglib-2.0.so.0
#20 	0x00a670a2 	in gdk_event_get_graphics_expose () from libgdk-x11-2.0.so.0
#19 	0x00bd7d20 	in gtk_main_do_event () from libgtk-x11-2.0.so.0
#18 	0x00bd7b6a 	in gtk_propagate_event () from libgtk-x11-2.0.so.0
#17 	0x00ccd545 	in gtk_widget_activate () from libgtk-x11-2.0.so.0
#16 	0x007a5f5a 	in g_signal_emit () from libgobject-2.0.so.0
#15 	0x007a5913 	in g_signal_emit_valist () from libgobject-2.0.so.0
#14 	0x007a4646 	in g_signal_has_handler_pending () from libgobject-2.0.so.0	
#13 	0x0078e347 	in g_closure_invoke () from libgobject-2.0.so.0
#12 	0x0078e6b2 	in g_cclosure_new_swap () from libgobject-2.0.so.0
#11 	0x00bd9757 	in gtk_marshal_VOID__UINT_STRING () from libgtk-x11-2.0.so.0
#10 	0x00ce27cb 	in gtk_window_activate_key () from libgtk-x11-2.0.so.0
#9  	0x00cddbc7 	in gtk_window_propagate_key_event () from libgtk-x11-2.0.so.0
#8  	0x007908dc 	in g_object_unref () from libgobject-2.0.so.0
#7  	0x00b7bdb3 	in gtk_entry_set_completion () from libgtk-x11-2.0.so.0
#6  	0x007908dc 	in g_object_unref () from libgobject-2.0.so.0
#5  	0x00bbbf63 	in gtk_im_multicontext_new () from libgtk-x11-2.0.so.0
#4  	0x00bbbd3a 	in gtk_im_multicontext_new () from libgtk-x11-2.0.so.0
#3  	0x007908dc 	in g_object_unref () from libgobject-2.0.so.0
#2  	0x00137326 	in im_context_iiim_new () from im-iiim.so
#1  	0x00a411ef 	in gdk_event_free () from libgdk-x11-2.0.so.0
#0  	0x0070def1 	in g_mem_chunk_free () from libglib-2.0.so.0


Here is the console warnings:
-sh-3.00$ ./t

(t:10190): Gdk-CRITICAL **: file gdkevents.c: line 446 (gdk_event_free):
assertion `event != NULL' failed

(t:10190): Gdk-CRITICAL **: file gdkevents.c: line 446 (gdk_event_free):
assertion `event != NULL' failed

(t:10190): GLib-GObject-CRITICAL **: file gobject.c: line 1579 (g_object_unref):
assertion `G_IS_OBJECT (object)' failed
Segmentation fault

Here is the code to reproduce the bug:

----------------<---------------<-----------------<-------------
#include <gtk/gtk.h>
#include <gdk/gdkkeysyms.h>

int keydown (GtkWidget *widget, GdkEventKey *event, gpointer data) {
	GTK_WIDGET_CLASS (G_OBJECT_GET_CLASS(widget))->key_press_event (widget, event);
	if (event->keyval == GDK_Escape) {
		gtk_widget_destroy (GTK_WIDGET(data));
	}
	return 1;
}

int eventafter (GtkWidget *widget, GdkEvent *event, gpointer data) {
	if (event->type == GDK_KEY_PRESS && event->key.keyval == GDK_Escape) {
		gtk_widget_destroy (GTK_WIDGET(data));
	}
	return 0;
}

int main (int argc, char** argv) {
	GtkWidget *shellHandle, *vboxHandle, *entryHandle, *entryHandle2;
	
	gtk_init_check (&argc, &argv);
	shellHandle = gtk_window_new (GTK_WINDOW_TOPLEVEL);
	vboxHandle = gtk_vbox_new (FALSE, 8);
	entryHandle = gtk_entry_new ();
	entryHandle2 = gtk_entry_new ();
	gtk_container_add (GTK_CONTAINER (shellHandle), vboxHandle);
	gtk_container_add (GTK_CONTAINER (vboxHandle), entryHandle);
	gtk_container_add (GTK_CONTAINER (vboxHandle), entryHandle2);
	
	g_signal_connect (G_OBJECT (entryHandle), "event-after", G_CALLBACK
(eventafter), shellHandle);	
//	g_signal_connect (G_OBJECT (entryHandle), "key-press-event", G_CALLBACK
(keydown), shellHandle);
	g_signal_connect (G_OBJECT (shellHandle), "destroy", G_CALLBACK
(gtk_main_quit), NULL);
	g_signal_connect (G_OBJECT (shellHandle), "delete_event",G_CALLBACK
(gtk_main_quit), NULL);
	gtk_window_set_default_size (GTK_WINDOW (shellHandle), 280, 40);

	gtk_widget_show_all (shellHandle);
	gtk_main();
}

---------<------------------<---------------- 
just compile and run the code above, you can use event-afer or keydown, both
will cause the same segfaults, you just to have the gtkentry keypress handlers
to run first.
Put the focus in the fist entry and change the IM to japanese, make sure its on
(ctrl+space), hit esc, ka-booom.
Comment 1 Akira TAGOH 2005-04-01 02:04:00 UTC 
confirmed crashes on even rawhide.
Comment 2 Akira TAGOH 2005-04-04 14:08:39 UTC 
should be fixed in 12.1.1-11.svn2435.
Comment 3 Felipe Heidrich 2005-04-07 21:10:59 UTC 
12.1.1-11.svn2435 - What is that ?
I need to update some package in my system to fix this problem ?
What package(s) is that, or would it be available ?
Comment 4 Akira TAGOH 2005-04-08 06:41:44 UTC 
It's available on Fedora Core development tree only for now. hopefully the
updated package for FC3 will be available soon.
Comment 5 Felipe Heidrich 2005-04-08 15:44:01 UTC 
Please, let me know when the packages are available.
Comment 6 Lawrence Lim 2005-04-14 05:03:32 UTC 
Tested with iiimf-12.1.1-13.svn2469, confirmed the bug has been fixed. 


Thanks.
Comment 7 Felipe Heidrich 2005-04-18 22:31:21 UTC 
In 
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/Fedora
/RPMS/ I found iiimf-xxx-12.1.1-14.svn2476 files.
Are these files good ? Do I need to install them all or just iiimf-gtk-12.1.1-
14.svn2476.i386.rpm is enough ?
Thanks
Comment 8 Akira TAGOH 2005-04-19 04:10:14 UTC 
It's one in the development version of Fedora Core. You may see the dependencies
problem during installing them on FC3. If you can't solve it, I'd not recommend it.
Comment 9 Felipe Heidrich 2005-04-19 14:48:27 UTC 
Where can I find the right files for FC3? So I can test this bug and 130851 as 
well.
Comment 10 Akira TAGOH 2005-04-20 07:09:01 UTC 
Sorry, we don't still have the package which contains this fix for FC3. we need
to prepare to push it. Please wait for a while. thanks.