GNOME Bugzilla – Bug 104181
Example segfaults after some time
Last modified: 2011-01-16 23:35:16 UTC
The example in gconfmm/example/client segfaults for me after some time if I press and hold down a key in one of the entries - e.g. it just segfaulted after having written "dddddddd". The backtrace doesn't give any useful information: gdb --core=core .libs/test_client [...] (gdb) bt
+ Trace 33023
I'm experiencing the same problem in my own application with spinbuttons - random crashes after changing the values a few times.
I've run the example with Electric Fence enabled. It seems to crash the program consistently when working with a hash table:
+ Trace 33206
I have no idea whether this really is related to the bug though. I also don't quite understand the stack trace since g_hash_table_lookup doesn't seem to be calling g_hash_table_destroy at all in glib/ghash.c. Perhaps it is just a really nasty memory bug.
I've found the bug. In gconf/gconfmm/callback.cc there is the function: void CallbackHolder::call(GConfClient* client, guint i, GConfEntry* pEntry, void* data) { if(data) ((CallbackHolder*)data)->m_Slot (i, Entry (pEntry)); } If the contents is #if'ed out, I can't reproduce the bug: void CallbackHolder::call(GConfClient* client, guint i, GConfEntry* pEntry, void* data) { #if 0 if(data) ((CallbackHolder*)data)->m_Slot (i, Entry (pEntry)); #endif } If, however, the entry is still created, I can reproduce it: void CallbackHolder::call(GConfClient* client, guint i, GConfEntry* pEntry, void* data) { Entry e(pEntry); #if 0 if(data) ((CallbackHolder*)data)->m_Slot (i, Entry (pEntry)); #endif } I've looked at the definition of Entry. It seems Entry(pEntry) assumes that the constructor is given a copy of the C object. But the reference on GConf says: GConfClientNotifyFunc () ... The value argument should not be modified, and should be copied if you want to keep it around (the GConfClient will destroy it sometime after your notify function is called). So Entry(pEntry) should be Entry(pEntry, true). Is it customary that values in gtkmm don't need to be copied? It seems unsafe to use a default argument here, when the risk is memory corruption. I'm attaching a patch. Since the bug renders gconfmm almost completely unusable with spinbuttons, I think it might be a good idea to release a new version.
Created attachment 13862 [details] [review] Patch of gconfmm/ChangeLog and gconfmm/gconf/gconfmm/callback.cc
Fantastic. Well done. I was beginning to worry about this. By the way, valgrind might also have been helpful but it crashes on this example. Unless it's urgent for you, I will release a new version after a few days, just in case.