Bug 985559
| Summary: | gtk_file_chooser_button crash | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Dov Grobgeld <dov.grobgeld> | ||||
| Component: | mingw-gtk2 | Assignee: | Richard W.M. Jones <rjones> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 19 | CC: | erik-fedora, fedora, rjones | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | mingw-gtk2-2.24.20-3.fc19 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-08-15 02:36:23 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
I managed to generate a stack dump of the crash: Program received signal SIGSEGV, Segmentation fault. 0x619227b6 in gtk_tree_model_get_valist () from c:\Program Files\GtkWinCrash\bin\libgtk-win32-2.0-0.dll (gdb) where #0 0x619227b6 in gtk_tree_model_get_valist () from c:\Program Files\GtkWinCrash\bin\libgtk-win32-2.0-0.dll #1 0x619229aa in gtk_tree_model_get () from c:\Program Files\GtkWinCrash\bin\libgtk-win32-2.0-0.dll #2 0x617ea684 in combo_box_row_separator_func () from c:\Program Files\GtkWinCrash\bin\libgtk-win32-2.0-0.dll #3 0x617c16c5 in tree_column_row_is_sensitive () from c:\Program Files\GtkWinCrash\bin\libgtk-win32-2.0-0.dll #4 0x617c7917 in gtk_combo_box_list_button_released () from c:\Program Files\GtkWinCrash\bin\libgtk-win32-2.0-0.dll #5 0x61849ecc in _gtk_marshal_BOOLEAN__BOXED () from c:\Program Files\GtkWinCrash\bin\libgtk-win32-2.0-0.dll #6 0x63a45df2 in ?? () from c:\Program Files\GtkWinCrash\bin\libgobject-2.0-0.dll #7 0x61849e50 in gtk_marshal_VOID__UINT_STRING () from c:\Program Files\GtkWinCrash\bin\libgtk-win32-2.0-0.dll #8 0xabababab in ?? () #9 0xfeeefeee in ?? () #10 0x00000000 in ?? () Could you please try again with mingw-gtk 2.24.20? This was just pushed to F19 earlier today: https://admin.fedoraproject.org/updates/FEDORA-2013-12635/mingw-gtk2-2.24.20-1.fc17 Unfortunately it still crashes in gtk_tree_model_get_valist(). Here's the crash message:
Program received signal SIGSEGV, Segmentation fault.
0x6193137f in gtk_tree_model_get_valist (
tree_model=tree_model@entry=0xa7c550, iter=iter@entry=0x22f9b0,
var_args=0x22f8fc "\037∙\"", var_args@entry=0x22f8f8 "\002")
at ../../gtk/gtktreemodel.c:1470
1470 ../../gtk/gtktreemodel.c: No such file or directory.
Unfortunately 2.24.20 still crashes in gtk_tree_model_get_valist(). Here's the crash message:
Program received signal SIGSEGV, Segmentation fault.
0x6193137f in gtk_tree_model_get_valist (
tree_model=tree_model@entry=0xa7c550, iter=iter@entry=0x22f9b0,
var_args=0x22f8fc "\037∙\"", var_args@entry=0x22f8f8 "\002")
at ../../gtk/gtktreemodel.c:1470
1470 ../../gtk/gtktreemodel.c: No such file or directory.
Sorry for the duplicate message mess. (How do you erase a comment from the bug history). I should have provided the complete stack trace. Here it is:
(gdb) where
#0 0x6193137f in gtk_tree_model_get_valist (
tree_model=tree_model@entry=0xa7c550, iter=iter@entry=0x22f9b0,
var_args=0x22f8fc "\037∙\"", var_args@entry=0x22f8f8 "\002")
at ../../gtk/gtktreemodel.c:1470
#1 0x6193155a in gtk_tree_model_get (tree_model=tree_model@entry=0xa7c550,
iter=iter@entry=0x22f9b0) at ../../gtk/gtktreemodel.c:1432
#2 0x617ee5e4 in combo_box_row_separator_func (model=0xa7c550,
iter=0x22f9b0, user_data=0x0) at ../../gtk/gtkfilechooserbutton.c:2365
#3 0x617c40a5 in tree_column_row_is_sensitive (
combo_box=combo_box@entry=0xa7d038, iter=iter@entry=0x22f9b0)
at ../../gtk/gtkcombobox.c:1904
#4 0x617c9f37 in gtk_combo_box_list_button_released (widget=0xb23398,
event=0xa78a50, data=0xa7d038) at ../../gtk/gtkcombobox.c:4160
#5 0x6185145f in _gtk_marshal_BOOLEAN__BOXED (closure=0xa961a0,
return_value=0x22fae8, n_param_values=2, param_values=0x22fb60,
invocation_hint=0x22fb0c, marshal_data=0x0)
at ../../gtk/gtkmarshalers.c:86
#6 0x63a45df2 in ?? () from c:\Program Files\GtkWinCrash\bin\libgobject-2.0-0.dll
#7 0x618513d0 in gtk_marshal_VOID__UINT_STRING ()
from c:\Program Files\GtkWinCrash\bin\libgtk-win32-2.0-0.dll
#8 0x00a7d038 in ?? ()
Cannot access memory at address 0x40000006
Okay too bad.. Then I think it would be better if you could file this bug upstream at http://bugzilla.gnome.org I've been trying to debug this issue and I must say that I find it difficult to imagine how this can be a source code bug.
Part of the code stack from gtkcombobox.c holds this code:
gtk_tree_model_get_iter (priv->model, &iter, path);
gtk_tree_path_free (path);
gtk_combo_box_popdown (combo_box);
if (tree_column_row_is_sensitive (combo_box, &iter))
gtk_combo_box_set_active_iter (combo_box, &iter);
and the call to tree_column_row_is_sensitive() crashes. Both the arguments combo_box and iter are valid as I have verified in the debugger.
The actual crash takes place in gtk_tree_model_get_valist() which does the call G_VALUE_LCOPY() which causes the segfault.
Sigh... Why do I always encounter these strange gtk bugs under windows. If there at least was valgrind for windows. :-(
I think I found it, and it does seem to be a gtk bug. The problem is in the call to gtk_combo_box_popdown(combo_box) above, which invalidates the iterator in iter. This causes an assertion failure in tree_column_row_is_sensitive(). Who knows why it doesn't crash in posix... So it seems all that is needed is swapping the gtk_combo_box_popdown() and the gtk_tree_model_get_iter(). I'll file a bug in gnome. gtk bug filed at: https://bugzilla.gnome.org/show_bug.cgi?id=704508 I managed to recompile gtk for windows and have verified that the following patch solves the crash:
> diff -u gtk+-2.24.20/gtk/gtkcombobox.c.org gtk+-2.24.20/gtk/gtkcombobox.c
--- gtk+-2.24.20/gtk/gtkcombobox.c.org 2013-03-12 22:25:23.000000000 +0200
+++ gtk+-2.24.20/gtk/gtkcombobox.c 2013-07-20 23:38:34.248516146 +0300
@@ -4152,11 +4152,11 @@
if (!ret)
return TRUE; /* clicked outside window? */
+ gtk_combo_box_popdown (combo_box);
+
gtk_tree_model_get_iter (priv->model, &iter, path);
gtk_tree_path_free (path);
- gtk_combo_box_popdown (combo_box);
-
if (tree_column_row_is_sensitive (combo_box, &iter))
gtk_combo_box_set_active_iter (combo_box, &iter);
mingw-gtk2-2.24.20-3.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/mingw-gtk2-2.24.20-3.fc19 mingw-gtk2-2.24.20-3.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/mingw-gtk2-2.24.20-3.fc18 Thanks a lot! I'll test it tonight. Note that I have not even received a comment upstream. I guess that no one in the gtk project is particularly interested in windows bugs... Yeah I agree. Apparently there's no real Windows maintainer of the gtk stack. Therefore various proposed patches keep on lingering in GNOME bugzilla waiting to be reviewed with nobody picking them up.. Package mingw-gtk2-2.24.20-3.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing mingw-gtk2-2.24.20-3.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-14231/mingw-gtk2-2.24.20-3.fc19 then log in and leave karma (feedback). mingw-gtk2-2.24.20-3.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. mingw-gtk2-2.24.20-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 774915 [details] A small c-program illustrating the bug. Description of problem: The gtk_file_chooser_button widget crashes in mingw32. Version-Release number of selected component (if applicable): mingw32-gtk2-2.24.19 How reproducible: Every time. Steps to Reproduce: 1. Compile attached program gtk-win-crash.c as follows: i686-w64-mingw32-gcc -o gtk-win-crash.obj -c -mms-bitfields -Wall -g -I/usr/i686-w64-mingw32/sys-root/mingw/include/gtk-2.0 -I/usr/i686-w64-mingw32/sys-root/mingw/lib/gtk-2.0/include -I/usr/i686-w64-mingw32/sys-root/mingw/include/atk-1.0 -I/usr/i686-w64-mingw32/sys-root/mingw/include/cairo -I/usr/i686-w64-mingw32/sys-root/mingw/include/gdk-pixbuf-2.0 -I/usr/i686-w64-mingw32/sys-root/mingw/include/pango-1.0 -I/usr/i686-w64-mingw32/sys-root/mingw/include/glib-2.0 -I/usr/i686-w64-mingw32/sys-root/mingw/lib/glib-2.0/include -I/usr/i686-w64-mingw32/sys-root/mingw/include/pixman-1 -I/usr/i686-w64-mingw32/sys-root/mingw/include -I/usr/i686-w64-mingw32/sys-root/mingw/include/freetype2 -I/usr/i686-w64-mingw32/sys-root/mingw/include/libpng15 -I/usr/i686-w64-mingw32/sys-root/mingw/include/harfbuzz gtk-win-crash.c i686-w64-mingw32-gcc -o gtk-win-crash.exe -mwindows -Wl,-luuid gtk-win-crash.obj -L/usr/i686-w64-mingw32/sys-root/mingw/lib -lgtk-win32-2.0 -lgdk-win32-2.0 -limm32 -lshell32 -lole32 -latk-1.0 -lpangocairo-1.0 -lgio-2.0 -lgdk_pixbuf-2.0 -lpangoft2-1.0 -lpangowin32-1.0 -lgdi32 -lfreetype -lfontconfig -lpango-1.0 -lm -lcairo -lgobject-2.0 -lglib-2.0 -lintl 2. Copy gtk-win-crash.exe and gtk runtime to windows xp environment. 3. Run program 4. Press file chooser button and choose an arbitrary directory. Actual results: The program crashes. Expected results: No crash. Additional info: