Bug 199590 - (gaim) Segfault in GTK Tree View Search
(gaim) Segfault in GTK Tree View Search
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: gaim (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Warren Togami
:
Depends On:
Blocks: FC6Blocker
  Show dependency treegraph
 
Reported: 2006-07-20 12:44 EDT by Warren Togami
Modified: 2007-11-30 17:11 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-21 23:44:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch pulled from SVN (464 bytes, patch)
2006-07-25 11:56 EDT, Stu Tomlinson
no flags Details | Diff

  None (edit)
Description Warren Togami 2006-07-20 12:44:49 EDT
gaim-2.0.0-0.7.beta3.fc6
gtk2-2.10.0-5
glib2-2.12.0-1.1

Segmentation fault happens when I focus in the gaim buddy list and start typing.
 The search thing pops above the buddy list, then it immediately crashes.  It
doesn't seem to crash if the buddy list has fewer entries so it doesn't have a
vertical scrollbar.

msn: S: NS 000: CHL 0 14961219225713142924
msn: C: NS 000: QRY 11 PROD0038W!61ZTF9 32
msn: S: NS 000: QRY 11
g_log: gaim_dbus_pointer_to_id: assertion `id || node == NULL' failed

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208572208 (LWP 10279)]
IA__g_utf8_get_char (p=0x8da4000 <Address 0x8da4000 out of bounds>) at gutf8.c:269
269       unsigned char c = (unsigned char) *p;
(gdb) bt
#0  IA__g_utf8_get_char (p=0x8da4000 <Address 0x8da4000 out of bounds>) at
gutf8.c:269
#1  0x002d8d97 in pango_get_log_attrs (text=0x8d70770 "gareth »", length=8,
level=-1, language=0x0, log_attrs=0x8d60a70,
    attrs_len=9) at break.c:1667
#2  0x006b3a83 in _search_func (model=0x893dc00, column=2, key=0x8d6e7d8 "al",
iter=0xbfcda528, search_data=0x0)
    at gtkblist.c:3425
#3  0x00c64e08 in gtk_tree_view_search_iter (model=0x893dc00,
selection=0x8a4df40, iter=0xbfcda528, text=0x8d6e7d8 "al",
    count=0xbfcda538, n=1) at gtktreeview.c:14029
#4  0x00c66d00 in gtk_tree_view_search_init (entry=0x8a728b0,
tree_view=0x8a57010) at gtktreeview.c:14156
#5  0x00390139 in IA__g_cclosure_marshal_VOID__VOID (closure=0x8d6fe18,
return_value=0x0, n_param_values=1,
    param_values=0xbfcda77c, invocation_hint=0xbfcda68c, marshal_data=0xc66be0)
at gmarshal.c:77
#6  0x00382edb in IA__g_closure_invoke (closure=0x8d6fe18, return_value=0x0,
n_param_values=1, param_values=0xbfcda77c,
    invocation_hint=0xbfcda68c) at gclosure.c:490
#7  0x00393da3 in signal_emit_unlocked_R (node=0x8d6ba80, detail=0,
instance=0x8a728b0, emission_return=0x0,
    instance_and_params=0xbfcda77c) at gsignal.c:2438
#8  0x0039529e in IA__g_signal_emit_valist (instance=0x8a728b0, signal_id=217,
detail=0, var_args=0xbfcda9c8 "")
    at gsignal.c:2197
#9  0x00396cde in IA__g_signal_emit_by_name (instance=0x8a728b0,
detailed_signal=0xd381a8 "changed") at gsignal.c:2265
#10 0x00afb6ef in gtk_entry_real_insert_text (editable=0x8a728b0,
new_text=0x8d7ed88 "l",
    new_text_length=<value optimized out>, position=0xbfcdaf98) at gtkentry.c:2430
#11 0x00b71ed4 in _gtk_marshal_VOID__STRING_INT_POINTER (closure=0x8d6ba08,
return_value=0x0, n_param_values=4,
    param_values=0xbfcdac7c, invocation_hint=0xbfcdab8c, marshal_data=0xafb4b0)
at gtkmarshalers.c:1145
#12 0x00381767 in g_type_iface_meta_marshal (closure=0x8d6ba08,
return_value=0x0, n_param_values=4,
    param_values=0xbfcdac7c, invocation_hint=0xbfcdab8c, marshal_data=0x1) at
gclosure.c:590
#13 0x00382edb in IA__g_closure_invoke (closure=0x8d6ba08, return_value=0x0,
n_param_values=4, param_values=0xbfcdac7c,
    invocation_hint=0xbfcdab8c) at gclosure.c:490
#14 0x003943f3 in signal_emit_unlocked_R (node=0x8d6a7c8, detail=0,
instance=0x8a728b0, emission_return=0x0,
    instance_and_params=0xbfcdac7c) at gsignal.c:2476
#15 0x0039529e in IA__g_signal_emit_valist (instance=0x8a728b0, signal_id=215,
detail=0,
    var_args=0xbfcdaed4 "x�\b�\n") at gsignal.c:2197
#16 0x00396cde in IA__g_signal_emit_by_name (instance=0x8a728b0,
detailed_signal=0xcd0001 "insert_text") at gsignal.c:2265
#17 0x00af6e1e in gtk_entry_insert_text (editable=0x8a728b0, new_text=0x8d7ed78
"l", new_text_length=1,
    position=0xbfcdaf98) at gtkentry.c:2130
#18 0x00af1df2 in IA__gtk_editable_insert_text (editable=0x8a728b0,
new_text=0x8d7ed78 "l", new_text_length=1,
    position=0xbfcdaf98) at gtkeditable.c:110
#19 0x00af4475 in gtk_entry_enter_text (entry=0x8a728b0, str=0x8d7ed78 "l") at
gtkentry.c:2936
#20 0x0038f909 in IA__g_cclosure_marshal_VOID__STRING (closure=0x8a5cce0,
return_value=0x0, n_param_values=2,
    param_values=0xbfcdb1ec, invocation_hint=0xbfcdb0fc, marshal_data=0xaf44e0)
at gmarshal.c:496
---Type <return> to continue, or q <return> to quit---
#21 0x00382edb in IA__g_closure_invoke (closure=0x8a5cce0, return_value=0x0,
n_param_values=2, param_values=0xbfcdb1ec,
    invocation_hint=0xbfcdb0fc) at gclosure.c:490
#22 0x00393da3 in signal_emit_unlocked_R (node=0x8a662a0, detail=0,
instance=0x8d6c090, emission_return=0x0,
    instance_and_params=0xbfcdb1ec) at gsignal.c:2438
#23 0x0039529e in IA__g_signal_emit_valist (instance=0x8d6c090, signal_id=185,
detail=0, var_args=0xbfcdb43c "\002")
    at gsignal.c:2197
#24 0x00396cde in IA__g_signal_emit_by_name (instance=0x8d6c090,
detailed_signal=0xcd0327 "commit") at gsignal.c:2265
#25 0x00b533ce in gtk_im_multicontext_commit_cb (slave=0x88e9330, str=0x8d7e838
"l", multicontext=0x8d6c090)
    at gtkimmulticontext.c:424
#26 0x0038f909 in IA__g_cclosure_marshal_VOID__STRING (closure=0x8d6fb80,
return_value=0x0, n_param_values=2,
    param_values=0xbfcdb68c, invocation_hint=0xbfcdb59c, marshal_data=0xb533a0)
at gmarshal.c:496
#27 0x00382edb in IA__g_closure_invoke (closure=0x8d6fb80, return_value=0x0,
n_param_values=2, param_values=0xbfcdb68c,
    invocation_hint=0xbfcdb59c) at gclosure.c:490
#28 0x00393da3 in signal_emit_unlocked_R (node=0x8a662a0, detail=0,
instance=0x88e9330, emission_return=0x0,
    instance_and_params=0xbfcdb68c) at gsignal.c:2438
#29 0x0039529e in IA__g_signal_emit_valist (instance=0x88e9330, signal_id=185,
detail=0, var_args=0xbfcdb8dc "`Í¿l\206;")
    at gsignal.c:2197
#30 0x00396cde in IA__g_signal_emit_by_name (instance=0x88e9330,
detailed_signal=0x5fddedc "commit") at gsignal.c:2265
#31 0x05fd77ac in scim_bridge_client_imcontext_update_preedit () from
/usr/lib/gtk-2.0/immodules/im-scim-bridge.so
#32 0x0038f909 in IA__g_cclosure_marshal_VOID__STRING (closure=0x8ba45d8,
return_value=0x0, n_param_values=2,
    param_values=0xbfcdbb2c, invocation_hint=0xbfcdba3c, marshal_data=0x5fd7750)
at gmarshal.c:496
#33 0x00382edb in IA__g_closure_invoke (closure=0x8ba45d8, return_value=0x0,
n_param_values=2, param_values=0xbfcdbb2c,
    invocation_hint=0xbfcdba3c) at gclosure.c:490
#34 0x00393da3 in signal_emit_unlocked_R (node=0x8a662a0, detail=0,
instance=0x89d6048, emission_return=0x0,
    instance_and_params=0xbfcdbb2c) at gsignal.c:2438
#35 0x0039529e in IA__g_signal_emit_valist (instance=0x89d6048, signal_id=185,
detail=0, var_args=0xbfcdbd7c "")
    at gsignal.c:2197
#36 0x00396cde in IA__g_signal_emit_by_name (instance=0x89d6048,
detailed_signal=0xcd0327 "commit") at gsignal.c:2265
#37 0x00b51af6 in gtk_im_context_simple_commit_char (context=0x89d6048, ch=108)
at gtkimcontextsimple.c:1011
#38 0x00b52271 in gtk_im_context_simple_filter_keypress (context=0x89d6048,
event=0x8a71c68) at gtkimcontextsimple.c:1222
#39 0x00b50fe3 in IA__gtk_im_context_filter_keypress (context=0x89d6048,
key=0x8a71c68) at gtkimcontext.c:288
#40 0x05fd745a in scim_bridge_client_imcontext_update_preedit () from
/usr/lib/gtk-2.0/immodules/im-scim-bridge.so
#41 0x00b50fe3 in IA__gtk_im_context_filter_keypress (context=0x88e9330,
key=0x8a71c68) at gtkimcontext.c:288
#42 0x00b53dc5 in gtk_im_multicontext_filter_keypress (context=0x8d6c090,
event=0x8a71c68) at gtkimmulticontext.c:286
#43 0x00b50fe3 in IA__gtk_im_context_filter_keypress (context=0x8d6c090,
key=0x8a71c68) at gtkimcontext.c:288
#44 0x00af9ae2 in gtk_entry_key_press (widget=0x8a728b0, event=0x8a71c68) at
gtkentry.c:1948
#45 0x00b735b0 in _gtk_marshal_BOOLEAN__BOXED (closure=0x88c8660,
return_value=0xbfcdc090, n_param_values=2,
---Type <return> to continue, or q <return> to quit---
    param_values=0xbfcdc16c, invocation_hint=0xbfcdc07c, marshal_data=0xaf9a30)
at gtkmarshalers.c:83
#46 0x003816f9 in g_type_class_meta_marshal (closure=0x88c8660,
return_value=0xbfcdc090, n_param_values=2,
    param_values=0xbfcdc16c, invocation_hint=0xbfcdc07c, marshal_data=0xcc) at
gclosure.c:567
#47 0x00382fbd in IA__g_closure_invoke (closure=0x88c8660,
return_value=0xbfcdc090, n_param_values=2,
    param_values=0xbfcdc16c, invocation_hint=0xbfcdc07c) at gclosure.c:490
#48 0x003943f3 in signal_emit_unlocked_R (node=0x88c8888, detail=0,
instance=0x8a728b0, emission_return=0xbfcdc32c,
    instance_and_params=0xbfcdc16c) at gsignal.c:2476
#49 0x00395067 in IA__g_signal_emit_valist (instance=0x8a728b0, signal_id=39,
detail=0,
    var_args=0xbfcdc3b0 "�Ϳh\034\b(\b\177�) at gsignal.c:2207
#50 0x00395459 in IA__g_signal_emit (instance=0x8a728b0, signal_id=39, detail=0)
at gsignal.c:2241
#51 0x00c85fd8 in gtk_widget_event_internal (widget=0x8a728b0, event=0x8a71c68)
at gtkwidget.c:3901
#52 0x00c96067 in IA__gtk_window_propagate_key_event (window=0x8d6b000,
event=0x8a71c68) at gtkwindow.c:4671
#53 0x00c990dc in gtk_window_key_press_event (widget=0x8d6b000, event=0x8a71c68)
at gtkwindow.c:4701
#54 0x00b735b0 in _gtk_marshal_BOOLEAN__BOXED (closure=0x88c8660,
return_value=0xbfcdc5b0, n_param_values=2,
    param_values=0xbfcdc68c, invocation_hint=0xbfcdc59c, marshal_data=0xc99090)
at gtkmarshalers.c:83
#55 0x003816f9 in g_type_class_meta_marshal (closure=0x88c8660,
return_value=0xbfcdc5b0, n_param_values=2,
    param_values=0xbfcdc68c, invocation_hint=0xbfcdc59c, marshal_data=0xcc) at
gclosure.c:567
#56 0x00382edb in IA__g_closure_invoke (closure=0x88c8660,
return_value=0xbfcdc5b0, n_param_values=2,
    param_values=0xbfcdc68c, invocation_hint=0xbfcdc59c) at gclosure.c:490
#57 0x003943f3 in signal_emit_unlocked_R (node=0x88c8888, detail=0,
instance=0x8d6b000, emission_return=0xbfcdc84c,
    instance_and_params=0xbfcdc68c) at gsignal.c:2476
#58 0x00395067 in IA__g_signal_emit_valist (instance=0x8d6b000, signal_id=39,
detail=0, var_args=0xbfcdc8d0 "�Ϳh\034\b")
    at gsignal.c:2207
#59 0x00395459 in IA__g_signal_emit (instance=0x8d6b000, signal_id=39, detail=0)
at gsignal.c:2241
#60 0x00c85fd8 in gtk_widget_event_internal (widget=0x8d6b000, event=0x8a71c68)
at gtkwidget.c:3901
#61 0x00b6ca8a in IA__gtk_propagate_event (widget=0x8d6b000, event=0x8a71c68) at
gtkmain.c:2161
#62 0x00b6dc57 in IA__gtk_main_do_event (event=0x8a71c68) at gtkmain.c:1421
#63 0x002630ca in gdk_event_dispatch (source=0x8892c08, callback=0,
user_data=0x0) at gdkevents-x11.c:2320
#64 0x007982f2 in IA__g_main_context_dispatch (context=0x8892c50) at gmain.c:2043
#65 0x0079b2cf in g_main_context_iterate (context=0x8892c50, block=1,
dispatch=1, self=0x88767b8) at gmain.c:2675
#66 0x0079b679 in IA__g_main_loop_run (loop=0x8c48a78) at gmain.c:2879
#67 0x00b6e0d4 in IA__gtk_main () at gtkmain.c:1000
#68 0x006f8ffa in main (argc=2, argv=0xbfcdecf4) at gtkmain.c:765
Comment 1 Ray Strode [halfline] 2006-07-24 13:44:29 EDT
still happening in the latest rawhide, with the latest dbus?  J5 thinks this may
have been a d-bus problem.
Comment 2 Warren Togami 2006-07-24 14:26:55 EDT
dbus-0.90-8
gaim-2.0.0-0.8.beta3.fc6
gtk2-2.10.1-1
glib-1.2.10-21.fc6

Yes, still happening.
Comment 3 Matthias Clasen 2006-07-25 09:52:50 EDT
"gareth »" of length 8 certainly looks like non-utf8 text to me. 
If it was utf-8, it should be 9 bytes long...
Comment 4 Warren Togami 2006-07-25 10:11:11 EDT
Reassigning back to gaim.
Comment 5 Mark Doliner 2006-07-25 11:51:47 EDT
Warren, is there someone in your buddy list with the screen name, alias, or
friendly name "gareth »"?  On what protocol?  Does it still crash if you remove
them?
Comment 6 Stu Tomlinson 2006-07-25 11:55:05 EDT
This is fixed in Gaim SVN, I'd point you to the ViewSVN URL for it if ViewSVN
was actually working. I'll attach the relevant patch to this bug.
Comment 7 Stu Tomlinson 2006-07-25 11:56:44 EDT
Created attachment 132999 [details]
patch pulled from SVN
Comment 8 Matthias Clasen 2006-09-21 21:17:55 EDT
Warren, should this bug be closed ?

Considering 

* Tue Jul 25 2006 Warren Togami <wtogami@redhat.com> - 2:2.0.0-0.9.beta3
- fix crash with certain UTF-8 names in buddy list (#199590)
Comment 9 Warren Togami 2006-09-21 23:44:32 EDT
yes, thanks for pointing it out

Note You need to log in before you can comment on or make changes to this bug.