Bug 199590

Summary: (gaim) Segfault in GTK Tree View Search
Product: [Fedora] Fedora Reporter: Warren Togami <wtogami>
Component: gaimAssignee: Warren Togami <wtogami>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: eblanton, lschiere+bugs, mark, mclasen, redhat-bugzilla, rstrode, stu
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-22 03:44:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 150224    
Attachments:
Description Flags
patch pulled from SVN none

Description Warren Togami 2006-07-20 16:44:49 UTC 
gaim-2.0.0-0.7.beta3.fc6
gtk2-2.10.0-5
glib2-2.12.0-1.1

Segmentation fault happens when I focus in the gaim buddy list and start typing.
 The search thing pops above the buddy list, then it immediately crashes.  It
doesn't seem to crash if the buddy list has fewer entries so it doesn't have a
vertical scrollbar.

msn: S: NS 000: CHL 0 14961219225713142924
msn: C: NS 000: QRY 11 PROD0038W!61ZTF9 32
msn: S: NS 000: QRY 11
g_log: gaim_dbus_pointer_to_id: assertion `id || node == NULL' failed

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208572208 (LWP 10279)]
IA__g_utf8_get_char (p=0x8da4000 <Address 0x8da4000 out of bounds>) at gutf8.c:269
269       unsigned char c = (unsigned char) *p;
(gdb) bt
#0  IA__g_utf8_get_char (p=0x8da4000 <Address 0x8da4000 out of bounds>) at
gutf8.c:269
#1  0x002d8d97 in pango_get_log_attrs (text=0x8d70770 "gareth »", length=8,
level=-1, language=0x0, log_attrs=0x8d60a70,
    attrs_len=9) at break.c:1667
#2  0x006b3a83 in _search_func (model=0x893dc00, column=2, key=0x8d6e7d8 "al",
iter=0xbfcda528, search_data=0x0)
    at gtkblist.c:3425
#3  0x00c64e08 in gtk_tree_view_search_iter (model=0x893dc00,
selection=0x8a4df40, iter=0xbfcda528, text=0x8d6e7d8 "al",
    count=0xbfcda538, n=1) at gtktreeview.c:14029
#4  0x00c66d00 in gtk_tree_view_search_init (entry=0x8a728b0,
tree_view=0x8a57010) at gtktreeview.c:14156
#5  0x00390139 in IA__g_cclosure_marshal_VOID__VOID (closure=0x8d6fe18,
return_value=0x0, n_param_values=1,
    param_values=0xbfcda77c, invocation_hint=0xbfcda68c, marshal_data=0xc66be0)
at gmarshal.c:77
#6  0x00382edb in IA__g_closure_invoke (closure=0x8d6fe18, return_value=0x0,
n_param_values=1, param_values=0xbfcda77c,
    invocation_hint=0xbfcda68c) at gclosure.c:490
#7  0x00393da3 in signal_emit_unlocked_R (node=0x8d6ba80, detail=0,
instance=0x8a728b0, emission_return=0x0,
    instance_and_params=0xbfcda77c) at gsignal.c:2438
#8  0x0039529e in IA__g_signal_emit_valist (instance=0x8a728b0, signal_id=217,
detail=0, var_args=0xbfcda9c8 "")
    at gsignal.c:2197
#9  0x00396cde in IA__g_signal_emit_by_name (instance=0x8a728b0,
detailed_signal=0xd381a8 "changed") at gsignal.c:2265
#10 0x00afb6ef in gtk_entry_real_insert_text (editable=0x8a728b0,
new_text=0x8d7ed88 "l",
    new_text_length=<value optimized out>, position=0xbfcdaf98) at gtkentry.c:2430
#11 0x00b71ed4 in _gtk_marshal_VOID__STRING_INT_POINTER (closure=0x8d6ba08,
return_value=0x0, n_param_values=4,
    param_values=0xbfcdac7c, invocation_hint=0xbfcdab8c, marshal_data=0xafb4b0)
at gtkmarshalers.c:1145
#12 0x00381767 in g_type_iface_meta_marshal (closure=0x8d6ba08,
return_value=0x0, n_param_values=4,
    param_values=0xbfcdac7c, invocation_hint=0xbfcdab8c, marshal_data=0x1) at
gclosure.c:590
#13 0x00382edb in IA__g_closure_invoke (closure=0x8d6ba08, return_value=0x0,
n_param_values=4, param_values=0xbfcdac7c,
    invocation_hint=0xbfcdab8c) at gclosure.c:490
#14 0x003943f3 in signal_emit_unlocked_R (node=0x8d6a7c8, detail=0,
instance=0x8a728b0, emission_return=0x0,
    instance_and_params=0xbfcdac7c) at gsignal.c:2476
#15 0x0039529e in IA__g_signal_emit_valist (instance=0x8a728b0, signal_id=215,
detail=0,
    var_args=0xbfcdaed4 "x�\b�\n") at gsignal.c:2197
#16 0x00396cde in IA__g_signal_emit_by_name (instance=0x8a728b0,
detailed_signal=0xcd0001 "insert_text") at gsignal.c:2265
#17 0x00af6e1e in gtk_entry_insert_text (editable=0x8a728b0, new_text=0x8d7ed78
"l", new_text_length=1,
    position=0xbfcdaf98) at gtkentry.c:2130
#18 0x00af1df2 in IA__gtk_editable_insert_text (editable=0x8a728b0,
new_text=0x8d7ed78 "l", new_text_length=1,
    position=0xbfcdaf98) at gtkeditable.c:110
#19 0x00af4475 in gtk_entry_enter_text (entry=0x8a728b0, str=0x8d7ed78 "l") at
gtkentry.c:2936
#20 0x0038f909 in IA__g_cclosure_marshal_VOID__STRING (closure=0x8a5cce0,
return_value=0x0, n_param_values=2,
    param_values=0xbfcdb1ec, invocation_hint=0xbfcdb0fc, marshal_data=0xaf44e0)
at gmarshal.c:496
---Type <return> to continue, or q <return> to quit---
#21 0x00382edb in IA__g_closure_invoke (closure=0x8a5cce0, return_value=0x0,
n_param_values=2, param_values=0xbfcdb1ec,
    invocation_hint=0xbfcdb0fc) at gclosure.c:490
#22 0x00393da3 in signal_emit_unlocked_R (node=0x8a662a0, detail=0,
instance=0x8d6c090, emission_return=0x0,
    instance_and_params=0xbfcdb1ec) at gsignal.c:2438
#23 0x0039529e in IA__g_signal_emit_valist (instance=0x8d6c090, signal_id=185,
detail=0, var_args=0xbfcdb43c "\002")
    at gsignal.c:2197
#24 0x00396cde in IA__g_signal_emit_by_name (instance=0x8d6c090,
detailed_signal=0xcd0327 "commit") at gsignal.c:2265
#25 0x00b533ce in gtk_im_multicontext_commit_cb (slave=0x88e9330, str=0x8d7e838
"l", multicontext=0x8d6c090)
    at gtkimmulticontext.c:424
#26 0x0038f909 in IA__g_cclosure_marshal_VOID__STRING (closure=0x8d6fb80,
return_value=0x0, n_param_values=2,
    param_values=0xbfcdb68c, invocation_hint=0xbfcdb59c, marshal_data=0xb533a0)
at gmarshal.c:496
#27 0x00382edb in IA__g_closure_invoke (closure=0x8d6fb80, return_value=0x0,
n_param_values=2, param_values=0xbfcdb68c,
    invocation_hint=0xbfcdb59c) at gclosure.c:490
#28 0x00393da3 in signal_emit_unlocked_R (node=0x8a662a0, detail=0,
instance=0x88e9330, emission_return=0x0,
    instance_and_params=0xbfcdb68c) at gsignal.c:2438
#29 0x0039529e in IA__g_signal_emit_valist (instance=0x88e9330, signal_id=185,
detail=0, var_args=0xbfcdb8dc "`Í¿l\206;")
    at gsignal.c:2197
#30 0x00396cde in IA__g_signal_emit_by_name (instance=0x88e9330,
detailed_signal=0x5fddedc "commit") at gsignal.c:2265
#31 0x05fd77ac in scim_bridge_client_imcontext_update_preedit () from
/usr/lib/gtk-2.0/immodules/im-scim-bridge.so
#32 0x0038f909 in IA__g_cclosure_marshal_VOID__STRING (closure=0x8ba45d8,
return_value=0x0, n_param_values=2,
    param_values=0xbfcdbb2c, invocation_hint=0xbfcdba3c, marshal_data=0x5fd7750)
at gmarshal.c:496
#33 0x00382edb in IA__g_closure_invoke (closure=0x8ba45d8, return_value=0x0,
n_param_values=2, param_values=0xbfcdbb2c,
    invocation_hint=0xbfcdba3c) at gclosure.c:490
#34 0x00393da3 in signal_emit_unlocked_R (node=0x8a662a0, detail=0,
instance=0x89d6048, emission_return=0x0,
    instance_and_params=0xbfcdbb2c) at gsignal.c:2438
#35 0x0039529e in IA__g_signal_emit_valist (instance=0x89d6048, signal_id=185,
detail=0, var_args=0xbfcdbd7c "")
    at gsignal.c:2197
#36 0x00396cde in IA__g_signal_emit_by_name (instance=0x89d6048,
detailed_signal=0xcd0327 "commit") at gsignal.c:2265
#37 0x00b51af6 in gtk_im_context_simple_commit_char (context=0x89d6048, ch=108)
at gtkimcontextsimple.c:1011
#38 0x00b52271 in gtk_im_context_simple_filter_keypress (context=0x89d6048,
event=0x8a71c68) at gtkimcontextsimple.c:1222
#39 0x00b50fe3 in IA__gtk_im_context_filter_keypress (context=0x89d6048,
key=0x8a71c68) at gtkimcontext.c:288
#40 0x05fd745a in scim_bridge_client_imcontext_update_preedit () from
/usr/lib/gtk-2.0/immodules/im-scim-bridge.so
#41 0x00b50fe3 in IA__gtk_im_context_filter_keypress (context=0x88e9330,
key=0x8a71c68) at gtkimcontext.c:288
#42 0x00b53dc5 in gtk_im_multicontext_filter_keypress (context=0x8d6c090,
event=0x8a71c68) at gtkimmulticontext.c:286
#43 0x00b50fe3 in IA__gtk_im_context_filter_keypress (context=0x8d6c090,
key=0x8a71c68) at gtkimcontext.c:288
#44 0x00af9ae2 in gtk_entry_key_press (widget=0x8a728b0, event=0x8a71c68) at
gtkentry.c:1948
#45 0x00b735b0 in _gtk_marshal_BOOLEAN__BOXED (closure=0x88c8660,
return_value=0xbfcdc090, n_param_values=2,
---Type <return> to continue, or q <return> to quit---
    param_values=0xbfcdc16c, invocation_hint=0xbfcdc07c, marshal_data=0xaf9a30)
at gtkmarshalers.c:83
#46 0x003816f9 in g_type_class_meta_marshal (closure=0x88c8660,
return_value=0xbfcdc090, n_param_values=2,
    param_values=0xbfcdc16c, invocation_hint=0xbfcdc07c, marshal_data=0xcc) at
gclosure.c:567
#47 0x00382fbd in IA__g_closure_invoke (closure=0x88c8660,
return_value=0xbfcdc090, n_param_values=2,
    param_values=0xbfcdc16c, invocation_hint=0xbfcdc07c) at gclosure.c:490
#48 0x003943f3 in signal_emit_unlocked_R (node=0x88c8888, detail=0,
instance=0x8a728b0, emission_return=0xbfcdc32c,
    instance_and_params=0xbfcdc16c) at gsignal.c:2476
#49 0x00395067 in IA__g_signal_emit_valist (instance=0x8a728b0, signal_id=39,
detail=0,
    var_args=0xbfcdc3b0 "�Ϳh\034\b(\b\177�) at gsignal.c:2207
#50 0x00395459 in IA__g_signal_emit (instance=0x8a728b0, signal_id=39, detail=0)
at gsignal.c:2241
#51 0x00c85fd8 in gtk_widget_event_internal (widget=0x8a728b0, event=0x8a71c68)
at gtkwidget.c:3901
#52 0x00c96067 in IA__gtk_window_propagate_key_event (window=0x8d6b000,
event=0x8a71c68) at gtkwindow.c:4671
#53 0x00c990dc in gtk_window_key_press_event (widget=0x8d6b000, event=0x8a71c68)
at gtkwindow.c:4701
#54 0x00b735b0 in _gtk_marshal_BOOLEAN__BOXED (closure=0x88c8660,
return_value=0xbfcdc5b0, n_param_values=2,
    param_values=0xbfcdc68c, invocation_hint=0xbfcdc59c, marshal_data=0xc99090)
at gtkmarshalers.c:83
#55 0x003816f9 in g_type_class_meta_marshal (closure=0x88c8660,
return_value=0xbfcdc5b0, n_param_values=2,
    param_values=0xbfcdc68c, invocation_hint=0xbfcdc59c, marshal_data=0xcc) at
gclosure.c:567
#56 0x00382edb in IA__g_closure_invoke (closure=0x88c8660,
return_value=0xbfcdc5b0, n_param_values=2,
    param_values=0xbfcdc68c, invocation_hint=0xbfcdc59c) at gclosure.c:490
#57 0x003943f3 in signal_emit_unlocked_R (node=0x88c8888, detail=0,
instance=0x8d6b000, emission_return=0xbfcdc84c,
    instance_and_params=0xbfcdc68c) at gsignal.c:2476
#58 0x00395067 in IA__g_signal_emit_valist (instance=0x8d6b000, signal_id=39,
detail=0, var_args=0xbfcdc8d0 "�Ϳh\034\b")
    at gsignal.c:2207
#59 0x00395459 in IA__g_signal_emit (instance=0x8d6b000, signal_id=39, detail=0)
at gsignal.c:2241
#60 0x00c85fd8 in gtk_widget_event_internal (widget=0x8d6b000, event=0x8a71c68)
at gtkwidget.c:3901
#61 0x00b6ca8a in IA__gtk_propagate_event (widget=0x8d6b000, event=0x8a71c68) at
gtkmain.c:2161
#62 0x00b6dc57 in IA__gtk_main_do_event (event=0x8a71c68) at gtkmain.c:1421
#63 0x002630ca in gdk_event_dispatch (source=0x8892c08, callback=0,
user_data=0x0) at gdkevents-x11.c:2320
#64 0x007982f2 in IA__g_main_context_dispatch (context=0x8892c50) at gmain.c:2043
#65 0x0079b2cf in g_main_context_iterate (context=0x8892c50, block=1,
dispatch=1, self=0x88767b8) at gmain.c:2675
#66 0x0079b679 in IA__g_main_loop_run (loop=0x8c48a78) at gmain.c:2879
#67 0x00b6e0d4 in IA__gtk_main () at gtkmain.c:1000
#68 0x006f8ffa in main (argc=2, argv=0xbfcdecf4) at gtkmain.c:765
Comment 1 Ray Strode [halfline] 2006-07-24 17:44:29 UTC 
still happening in the latest rawhide, with the latest dbus?  J5 thinks this may
have been a d-bus problem.
Comment 2 Warren Togami 2006-07-24 18:26:55 UTC 
dbus-0.90-8
gaim-2.0.0-0.8.beta3.fc6
gtk2-2.10.1-1
glib-1.2.10-21.fc6

Yes, still happening.
Comment 3 Matthias Clasen 2006-07-25 13:52:50 UTC 
"gareth »" of length 8 certainly looks like non-utf8 text to me. 
If it was utf-8, it should be 9 bytes long...
Comment 4 Warren Togami 2006-07-25 14:11:11 UTC 
Reassigning back to gaim.
Comment 5 Mark Doliner 2006-07-25 15:51:47 UTC 
Warren, is there someone in your buddy list with the screen name, alias, or
friendly name "gareth »"?  On what protocol?  Does it still crash if you remove
them?
Comment 6 Stu Tomlinson 2006-07-25 15:55:05 UTC 
This is fixed in Gaim SVN, I'd point you to the ViewSVN URL for it if ViewSVN
was actually working. I'll attach the relevant patch to this bug.
Comment 7 Stu Tomlinson 2006-07-25 15:56:44 UTC 
Created attachment 132999 [details]
patch pulled from SVN
Comment 8 Matthias Clasen 2006-09-22 01:17:55 UTC 
Warren, should this bug be closed ?

Considering 

* Tue Jul 25 2006 Warren Togami <wtogami> - 2:2.0.0-0.9.beta3
- fix crash with certain UTF-8 names in buddy list (#199590)
Comment 9 Warren Togami 2006-09-22 03:44:32 UTC 
yes, thanks for pointing it out