Bug 153020 - Crash on im-iiim.so, destroying widget during key_down
Crash on im-iiim.so, destroying widget during key_down
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: iiimf (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Akira TAGOH
: i18n
Depends On:
Blocks: IIIMF 163648
  Show dependency treegraph
 
Reported: 2005-03-31 17:45 EST by Felipe Heidrich
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: iiimf-12.1.1-13.svn2469
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-14 01:03:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Felipe Heidrich 2005-03-31 17:45:16 EST
fedora core 3

Here is the situation, the application wants its dialogs close (cancel) when the
Esc key is hit anywhere in the dialog. When the dialog closes all its children
are destroyed. Let say there is a entry in this dialog, this entry has japanese
input method on (ready to enter kana). The Esc key is hit, first the entry
process its key down handler (call im_filter_key, etc), then the application
process the key and destroy the dialog and all its children along with it. This
cause the application to crash.
I notice that if the application processes the esc key before the gtkentry
nothing bad happens.
The crash seems to happen in the function im_context_iiim_new(), in the module
im-iiim.so, when it attempts to free some memory.
Here is the stack:
#25 	0x08048cd4 	in main () at pr89720.c:38
#24 	0x00bd707e 	in gtk_main () from libgtk-x11-2.0.so.0
#23 	0x007084ef 	in g_main_loop_run () from libglib-2.0.so.0
#22 	0x00708242 	in g_main_context_acquire () from libglib-2.0.so.0
#21 	0x007067bb 	in g_main_context_dispatch () from libglib-2.0.so.0
#20 	0x00a670a2 	in gdk_event_get_graphics_expose () from libgdk-x11-2.0.so.0
#19 	0x00bd7d20 	in gtk_main_do_event () from libgtk-x11-2.0.so.0
#18 	0x00bd7b6a 	in gtk_propagate_event () from libgtk-x11-2.0.so.0
#17 	0x00ccd545 	in gtk_widget_activate () from libgtk-x11-2.0.so.0
#16 	0x007a5f5a 	in g_signal_emit () from libgobject-2.0.so.0
#15 	0x007a5913 	in g_signal_emit_valist () from libgobject-2.0.so.0
#14 	0x007a4646 	in g_signal_has_handler_pending () from libgobject-2.0.so.0	
#13 	0x0078e347 	in g_closure_invoke () from libgobject-2.0.so.0
#12 	0x0078e6b2 	in g_cclosure_new_swap () from libgobject-2.0.so.0
#11 	0x00bd9757 	in gtk_marshal_VOID__UINT_STRING () from libgtk-x11-2.0.so.0
#10 	0x00ce27cb 	in gtk_window_activate_key () from libgtk-x11-2.0.so.0
#9  	0x00cddbc7 	in gtk_window_propagate_key_event () from libgtk-x11-2.0.so.0
#8  	0x007908dc 	in g_object_unref () from libgobject-2.0.so.0
#7  	0x00b7bdb3 	in gtk_entry_set_completion () from libgtk-x11-2.0.so.0
#6  	0x007908dc 	in g_object_unref () from libgobject-2.0.so.0
#5  	0x00bbbf63 	in gtk_im_multicontext_new () from libgtk-x11-2.0.so.0
#4  	0x00bbbd3a 	in gtk_im_multicontext_new () from libgtk-x11-2.0.so.0
#3  	0x007908dc 	in g_object_unref () from libgobject-2.0.so.0
#2  	0x00137326 	in im_context_iiim_new () from im-iiim.so
#1  	0x00a411ef 	in gdk_event_free () from libgdk-x11-2.0.so.0
#0  	0x0070def1 	in g_mem_chunk_free () from libglib-2.0.so.0


Here is the console warnings:
-sh-3.00$ ./t

(t:10190): Gdk-CRITICAL **: file gdkevents.c: line 446 (gdk_event_free):
assertion `event != NULL' failed

(t:10190): Gdk-CRITICAL **: file gdkevents.c: line 446 (gdk_event_free):
assertion `event != NULL' failed

(t:10190): GLib-GObject-CRITICAL **: file gobject.c: line 1579 (g_object_unref):
assertion `G_IS_OBJECT (object)' failed
Segmentation fault

Here is the code to reproduce the bug:

----------------<---------------<-----------------<-------------
#include <gtk/gtk.h>
#include <gdk/gdkkeysyms.h>

int keydown (GtkWidget *widget, GdkEventKey *event, gpointer data) {
	GTK_WIDGET_CLASS (G_OBJECT_GET_CLASS(widget))->key_press_event (widget, event);
	if (event->keyval == GDK_Escape) {
		gtk_widget_destroy (GTK_WIDGET(data));
	}
	return 1;
}

int eventafter (GtkWidget *widget, GdkEvent *event, gpointer data) {
	if (event->type == GDK_KEY_PRESS && event->key.keyval == GDK_Escape) {
		gtk_widget_destroy (GTK_WIDGET(data));
	}
	return 0;
}

int main (int argc, char** argv) {
	GtkWidget *shellHandle, *vboxHandle, *entryHandle, *entryHandle2;
	
	gtk_init_check (&argc, &argv);
	shellHandle = gtk_window_new (GTK_WINDOW_TOPLEVEL);
	vboxHandle = gtk_vbox_new (FALSE, 8);
	entryHandle = gtk_entry_new ();
	entryHandle2 = gtk_entry_new ();
	gtk_container_add (GTK_CONTAINER (shellHandle), vboxHandle);
	gtk_container_add (GTK_CONTAINER (vboxHandle), entryHandle);
	gtk_container_add (GTK_CONTAINER (vboxHandle), entryHandle2);
	
	g_signal_connect (G_OBJECT (entryHandle), "event-after", G_CALLBACK
(eventafter), shellHandle);	
//	g_signal_connect (G_OBJECT (entryHandle), "key-press-event", G_CALLBACK
(keydown), shellHandle);
	g_signal_connect (G_OBJECT (shellHandle), "destroy", G_CALLBACK
(gtk_main_quit), NULL);
	g_signal_connect (G_OBJECT (shellHandle), "delete_event",G_CALLBACK
(gtk_main_quit), NULL);
	gtk_window_set_default_size (GTK_WINDOW (shellHandle), 280, 40);

	gtk_widget_show_all (shellHandle);
	gtk_main();
}

---------<------------------<---------------- 
just compile and run the code above, you can use event-afer or keydown, both
will cause the same segfaults, you just to have the gtkentry keypress handlers
to run first.
Put the focus in the fist entry and change the IM to japanese, make sure its on
(ctrl+space), hit esc, ka-booom.
Comment 1 Akira TAGOH 2005-03-31 21:04:00 EST
confirmed crashes on even rawhide.
Comment 2 Akira TAGOH 2005-04-04 10:08:39 EDT
should be fixed in 12.1.1-11.svn2435.
Comment 3 Felipe Heidrich 2005-04-07 17:10:59 EDT
12.1.1-11.svn2435 - What is that ?
I need to update some package in my system to fix this problem ?
What package(s) is that, or would it be available ?
Comment 4 Akira TAGOH 2005-04-08 02:41:44 EDT
It's available on Fedora Core development tree only for now. hopefully the
updated package for FC3 will be available soon.
Comment 5 Felipe Heidrich 2005-04-08 11:44:01 EDT
Please, let me know when the packages are available.
Comment 6 Lawrence Lim 2005-04-14 01:03:32 EDT
Tested with iiimf-12.1.1-13.svn2469, confirmed the bug has been fixed. 


Thanks.
Comment 7 Felipe Heidrich 2005-04-18 18:31:21 EDT
In 
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/Fedora
/RPMS/ I found iiimf-xxx-12.1.1-14.svn2476 files.
Are these files good ? Do I need to install them all or just iiimf-gtk-12.1.1-
14.svn2476.i386.rpm is enough ?
Thanks
Comment 8 Akira TAGOH 2005-04-19 00:10:14 EDT
It's one in the development version of Fedora Core. You may see the dependencies
problem during installing them on FC3. If you can't solve it, I'd not recommend it.
Comment 9 Felipe Heidrich 2005-04-19 10:48:27 EDT
Where can I find the right files for FC3? So I can test this bug and 130851 as 
well.
Comment 10 Akira TAGOH 2005-04-20 03:09:01 EDT
Sorry, we don't still have the package which contains this fix for FC3. we need
to prepare to push it. Please wait for a while. thanks.

Note You need to log in before you can comment on or make changes to this bug.