Bug 241883 - find_widget_under_pointer NULL deref causes crashes (pidgin, evince, others?)
find_widget_under_pointer NULL deref causes crashes (pidgin, evince, others?)
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: gtk2 (Show other bugs)
8
x86_64 Linux
high Severity medium
: ---
: ---
Assigned To: Warren Togami
bzcl34nup
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-31 08:51 EDT by Adam Tkac
Modified: 2013-04-30 19:35 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-30 10:34:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Tkac 2007-05-31 08:51:36 EDT
Description of problem:
Latest pidgin crashing after while

Version-Release number of selected component (if applicable):
pidgin-2.0.1-1.fc8

How reproducible:
always

Steps to Reproduce:
1. start pidgin
  
Actual results:
***MEMORY-WARNING***: pidgin[3616]: GSlice: g_thread_init() must be called
before all other GLib functions; memory corruption due to late invocation of
g_thread_init() has been detected; this program is likely to crash, leak or
unexpectedly abort soon...
Pidgin has segfaulted and attempted to dump a core file.
This is a bug in the software and has happened through
no fault of your own.

If you can reproduce the crash, please notify the developers
by reporting a bug at:
http://developer.pidgin.im/newticket/

Please make sure to specify what you were doing at the time
and post the backtrace from the core file.  If you do not know
how to get the backtrace, please read the instructions at
http://developer.pidgin.im/wiki/GetABacktrace

If you need further assistance, please IM either SeanEgn or 
LSchiere (via AIM).  Contact information for Sean and Luke 
on other protocols is at
http://developer.pidgin.im/wiki/DeveloperPages
Neúspěšně ukončen (SIGABRT)

Expected results:
nice working
Comment 1 Stu Tomlinson 2007-05-31 22:28:23 EDT
Please would you try this build which includes early initialization of
g_thread_init() and report back on success or failure:

http://koji.fedoraproject.org/scratch/nosnilmot/task_22281/
http://koji.fedoraproject.org/koji/taskinfo?taskID=22283
Comment 2 Adam Tkac 2007-06-01 05:34:30 EDT
Little progress. I'm able start pidgin now but still this warnings exist

***MEMORY-WARNING***: gconftool-2[3263]: GSlice: g_thread_init() must be called
before all other GLib functions; memory corruption due to late invocation of
g_thread_init() has been detected; this program is likely to crash, leak or
unexpectedly abort soon...

***MEMORY-WARNING***: gconftool-2[3264]: GSlice: g_thread_init() must be called
before all other GLib functions; memory corruption due to late invocation of
g_thread_init() has been detected; this program is likely to crash, leak or
unexpectedly abort soon...

***MEMORY-WARNING***: gconftool-2[3266]: GSlice: g_thread_init() must be called
before all other GLib functions; memory corruption due to late invocation of
g_thread_init() has been detected; this program is likely to crash, leak or
unexpectedly abort soon...

***MEMORY-WARNING***: gconftool-2[3268]: GSlice: g_thread_init() must be called
before all other GLib functions; memory corruption due to late invocation of
g_thread_init() has been detected; this program is likely to crash, leak or
unexpectedly abort soon...

***MEMORY-WARNING***: gconftool-2[3270]: GSlice: g_thread_init() must be called
before all other GLib functions; memory corruption due to late invocation of
g_thread_init() has been detected; this program is likely to crash, leak or
unexpectedly abort soon...


When I want write to somebody pidgin crash (sigabrt)

***MEMORY-WARNING***: gconftool-2[3275]: GSlice: g_thread_init() must be called
before all other GLib functions; memory corruption due to late invocation of
g_thread_init() has been detected; this program is likely to crash, leak or
unexpectedly abort soon...
Pidgin has segfaulted and attempted to dump a core file.
This is a bug in the software and has happened through
no fault of your own.

I could upload core dump if you need it

-A-
Comment 3 Stu Tomlinson 2007-06-01 12:01:21 EDT
Those new g_thread_init() warnings are in gconftool-2, not from Pidgin itself,
and shouldn't be crashing pidgin. Please can you get a backtrace from the Pidgin
crash as described here http://fedoraproject.org/wiki/StackTraces

You will need to install the pidgin-debuginfo package from here too
http://koji.fedoraproject.org/scratch/nosnilmot/task_22281/
Comment 4 Bryan O'Sullivan 2007-06-03 00:11:52 EDT
The crash is not related to the g_thread_init warnings, as far as I can tell.

Here's my reproduction recipe.  This is very easy to trigger.  I've bumped the
priority to high because pidgin is completely unusable with this bug.

1.  Start pidgin, log into AIM.
2.  Open a window to chat to a contact online.
3.  Close that window.  Crash!

I'm running pidgin-2.0.1-2.fc8.x86_64 from the koji build you linked to.  It's
crashing inside gtk2.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912499329376 (LWP 21561)]
0x000000315602eb3b in find_widget_under_pointer (window=0xbca9b0, 
    x=0x7fffe5657744, y=0x7fffe5657740) at gtktooltip.c:469
469       while (window && window != event_widget->window)
(gdb) bt
#0  0x000000315602eb3b in find_widget_under_pointer (window=0xbca9b0, 
    x=0x7fffe5657744, y=0x7fffe5657740) at gtktooltip.c:469
#1  0x000000315602f6a2 in _gtk_tooltip_handle_event (event=0x9eece0)
    at gtktooltip.c:533
#2  0x0000003155f5033f in IA__gtk_main_do_event (event=0x9eece0)
    at gtkmain.c:1615
#3  0x0000003156c4b1fc in gdk_event_dispatch (source=<value optimized out>, 
    callback=<value optimized out>, user_data=<value optimized out>)
    at gdkevents-x11.c:2321
#4  0x000000315362ece3 in IA__g_main_context_dispatch (context=0x6ef6a0)
    at gmain.c:2061
#5  0x0000003153631f6d in g_main_context_iterate (context=0x6ef6a0, block=1, 
    dispatch=1, self=<value optimized out>) at gmain.c:2694
#6  0x000000315363227a in IA__g_main_loop_run (loop=0xaf1170) at gmain.c:2898
#7  0x0000003155f508b3 in IA__gtk_main () at gtkmain.c:1142
#8  0x0000000000473515 in main (argc=1, argv=0x7fffe5659cb8) at gtkmain.c:839
(gdb) p event_widget
$1 = (GtkWidget *) 0x0
(gdb) p window
$2 = (GdkWindow *) 0xbca9b0
Comment 5 Warren Togami 2007-06-03 13:46:17 EDT
Hey gtk2 folks, could you please look into this?  The new backtrace appears
entirely in gtk2.
Comment 6 Matthias Clasen 2007-06-03 16:03:18 EDT
gtk2 version ?
Comment 7 Bryan O'Sullivan 2007-06-03 16:17:08 EDT
Whatever is current in rawhide.  I don't have the exact version, because I
accidentally upgraded to the first batch of fc8-tagged packages, then backed
them out back to F7.  This same bug also causes numerous other app crashes; I
get the same backtrace upon exit from evince, for example.
Comment 8 Matthias Clasen 2007-06-03 16:23:37 EDT
That would be gtk2 2.11.0 then...this bug should be fixed in 2.11.1 which will
appear in a few days.
Comment 9 Adam Tkac 2007-06-05 05:05:32 EDT
(In reply to comment #8)
> That would be gtk2 2.11.0 then...this bug should be fixed in 2.11.1 which will
> appear in a few days.

I've built gtk2-2.11.1-1.fc8 from CVS and after quick tests looks fine.

Thanks, Adam
Comment 10 darrell pfeifer 2007-06-11 20:33:43 EDT
Using  gtk2.i386 2.11.2-1.fc8 and the corresponding gtk engines on a rawhide
updated to June 10, Openoffice dies pretty much any time you look at it. Both
writer and spreadsheet will terminate if you do anything at all with the mouse.
For instance, in spreadsheet, clicking on a cell and attempting to edit a
formula causes spreadsheet to die as soon as you click the mouse in the input
field to edit the formula.

Backing out to gtk2-2.10.11-7.fc7 fixes the problem. I'm assuming this problem
is related, if not let me know and I'll open a different bug.
Comment 11 Bug Zapper 2008-04-04 06:56:01 EDT
Based on the date this bug was created, it appears to have been reported
during the development of Fedora 8. In order to refocus our efforts as
a project we are changing the version of this bug to '8'.

If this bug still exists in rawhide, please change the version back to
rawhide.
(If you're unable to change the bug's version, add a comment to the bug
and someone will change it for you.)

Thanks for your help and we apologize for the interruption.

The process we're following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.
Comment 12 Adam Tkac 2008-09-30 10:34:33 EDT
This problem was fixed long time ago, closing

Note You need to log in before you can comment on or make changes to this bug.