Bug 122855 – Close Ghex crash

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 122855 - Close Ghex crash


Summary:	Close Ghex crash


Status:	RESOLVED INVALID

Product:	ghex
Classification:	Applications
Component:	general
Version:	2.4.x
Hardware:	Other other

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Jaka Mocnik
QA Contact:	Jaka Mocnik

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2003-09-21 04:43 UTC by tzicatl
Modified:	2005-09-05 12:11 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
ghex-2.8.1-segfault_on_exit.patch (5.78 KB, patch) 2005-09-05 12:11 UTC, Ed Catmur	none	Details \| Review

Description tzicatl 2003-09-21 04:36:19 UTC

Distribution: Slackware Slackware 9.0.0
Package: GHex
Severity: critical
Version: GNOME2.4.0 2.4.x
Gnome-Distributor: GNOME.Org
Synopsis: Close Ghex crash
Bugzilla-Product: GHex
Bugzilla-Component: general
Bugzilla-Version: 2.4.x
BugBuddy-GnomeVersion: 2.0 (2.4.0.1)
Description:
Description of the crash:

Ghex crashes after closing the application (After opening a HEX file).

In a terminal it shows:

[tzicatl@tequelech:~$ ] ghex2
Bonobo accessibility support initialized
GTK Accessibility Module initialized
Atk Accessibilty bridge initialized
 
(ghex2:11076): Gdk-CRITICAL **: file gdkwindow-x11.c: line 2163
(gdk_window_set_title): assertion `title != NULL' failed
 
(ghex2:11076): Gdk-CRITICAL **: file gdkwindow-x11.c: line 2163
(gdk_window_set_title): assertion `title != NULL' failed
 
(ghex2:11076): GnomePrint-CRITICAL **: file gnome-print-job.c: line 264
(gnome_print_job_get_pages): assertion `GNOME_PRINT_JOB_CLOSED (job)'
failed
Bonobo accessibility support initialized
GTK Accessibility Module initialized
Atk Accessibilty bridge initialized
[tzicatl@tequelech:~$ ] ghex2
Bonobo accessibility support initialized
GTK Accessibility Module initialized
Atk Accessibilty bridge initialized
 
(ghex2:11080): Gdk-CRITICAL **: file gdkwindow-x11.c: line 2163
(gdk_window_set_title): assertion `title != NULL' failed
Bonobo accessibility support initialized
GTK Accessibility Module initialized
Atk Accessibilty bridge initialized
[tzicatl@tequelech:~$ ]



Steps to reproduce the crash:
1. Open ghex2
2. Open a HEX binary file
3. Close ghex2
4. ghex2 dies

Expected Results:


How often does this happen?
Every time

Additional Information:

System is Slackware 9.0beta with latest dorpline packages.


Debugging Information:

Backtrace was generated from '/usr/bin/ghex2'

[New Thread 16384 (LWP 10993)]
0x4117df29 in wait4 () from /lib/libc.so.6

+ Trace 40328

Thread 1 (Thread 16384 (LWP 10993))

#0 wait4
from /lib/libc.so.6
#1 __DTOR_END__
from /lib/libc.so.6
#2 waitpid
from /lib/libpthread.so.0
#3 libgnomeui_module_info_get
from /usr/lib/libgnomeui-2.so.0
#4 __pthread_sighandler
from /lib/libpthread.so.0
#5 <signal handler called>
#6 g_list_index
from /usr/lib/libglib-2.0.so.0
#7 gail_container_real_remove_gtk
from /usr/lib/gtk-2.0/modules/libgail.so
#8 gail_container_remove_gtk
from /usr/lib/gtk-2.0/modules/libgail.so
#9 g_cclosure_marshal_VOID__OBJECT
from /usr/lib/libgobject-2.0.so.0
#10 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#11 signal_emit_unlocked_R
from /usr/lib/libgobject-2.0.so.0
#12 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#13 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#14 gtk_container_remove
from /usr/lib/libgtk-x11-2.0.so.0
#15 gtk_widget_dispose
from /usr/lib/libgtk-x11-2.0.so.0
#16 g_object_run_dispose
from /usr/lib/libgobject-2.0.so.0
#17 gtk_object_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#18 gtk_widget_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#19 gtk_fixed_forall
from /usr/lib/libgtk-x11-2.0.so.0
#20 gtk_container_foreach
from /usr/lib/libgtk-x11-2.0.so.0
#21 gtk_container_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#22 g_cclosure_marshal_VOID__VOID
from /usr/lib/libgobject-2.0.so.0
#23 g_type_class_meta_marshal
from /usr/lib/libgobject-2.0.so.0
#24 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#25 signal_emit_unlocked_R
from /usr/lib/libgobject-2.0.so.0
#26 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#27 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#28 gtk_object_dispose
from /usr/lib/libgtk-x11-2.0.so.0
#29 gtk_widget_dispose
from /usr/lib/libgtk-x11-2.0.so.0
#30 g_object_run_dispose
from /usr/lib/libgobject-2.0.so.0
#31 gtk_object_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#32 gtk_widget_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#33 bonobo_dock_forall
from /usr/lib/libbonoboui-2.so.0
#34 gtk_container_foreach
from /usr/lib/libgtk-x11-2.0.so.0
#35 gtk_container_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#36 bonobo_dock_destroy
from /usr/lib/libbonoboui-2.so.0
#37 g_cclosure_marshal_VOID__VOID
from /usr/lib/libgobject-2.0.so.0
#38 g_type_class_meta_marshal
from /usr/lib/libgobject-2.0.so.0
#39 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#40 signal_emit_unlocked_R
from /usr/lib/libgobject-2.0.so.0
#41 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#42 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#43 gtk_object_dispose
from /usr/lib/libgtk-x11-2.0.so.0
#44 gtk_widget_dispose
from /usr/lib/libgtk-x11-2.0.so.0
#45 g_object_run_dispose
from /usr/lib/libgobject-2.0.so.0
#46 gtk_object_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#47 gtk_widget_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#48 gtk_box_forall
from /usr/lib/libgtk-x11-2.0.so.0
#49 gtk_container_foreach
from /usr/lib/libgtk-x11-2.0.so.0
#50 gtk_container_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#51 g_cclosure_marshal_VOID__VOID
from /usr/lib/libgobject-2.0.so.0
#52 g_type_class_meta_marshal
from /usr/lib/libgobject-2.0.so.0
#53 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#54 signal_emit_unlocked_R
from /usr/lib/libgobject-2.0.so.0
#55 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#56 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#57 gtk_object_dispose
from /usr/lib/libgtk-x11-2.0.so.0
#58 gtk_widget_dispose
from /usr/lib/libgtk-x11-2.0.so.0
#59 g_object_run_dispose
from /usr/lib/libgobject-2.0.so.0
#60 gtk_object_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#61 gtk_widget_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#62 gtk_bin_forall
from /usr/lib/libgtk-x11-2.0.so.0
#63 gtk_container_foreach
from /usr/lib/libgtk-x11-2.0.so.0
#64 gtk_container_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#65 gtk_window_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#66 ghex_window_destroy
#67 g_cclosure_marshal_VOID__VOID
from /usr/lib/libgobject-2.0.so.0
#68 g_type_class_meta_marshal
from /usr/lib/libgobject-2.0.so.0
#69 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#70 signal_emit_unlocked_R
from /usr/lib/libgobject-2.0.so.0
#71 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#72 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#73 gtk_object_dispose
from /usr/lib/libgtk-x11-2.0.so.0
#74 gtk_widget_dispose
from /usr/lib/libgtk-x11-2.0.so.0
#75 gtk_window_dispose
from /usr/lib/libgtk-x11-2.0.so.0
#76 bonobo_window_dispose
from /usr/lib/libbonoboui-2.so.0
#77 g_object_run_dispose
from /usr/lib/libgobject-2.0.so.0
#78 gtk_object_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#79 gtk_widget_destroy
from /usr/lib/libgtk-x11-2.0.so.0
#80 ghex_window_close
#81 ghex_window_delete_event
#82 _gtk_marshal_BOOLEAN__BOXED
from /usr/lib/libgtk-x11-2.0.so.0
#83 g_type_class_meta_marshal
from /usr/lib/libgobject-2.0.so.0
#84 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#85 signal_emit_unlocked_R
from /usr/lib/libgobject-2.0.so.0
#86 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#87 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#88 gtk_widget_event_internal
from /usr/lib/libgtk-x11-2.0.so.0
#89 gtk_main_do_event
from /usr/lib/libgtk-x11-2.0.so.0
#90 gdk_event_dispatch
from /usr/lib/libgdk-x11-2.0.so.0
#91 g_main_dispatch
from /usr/lib/libglib-2.0.so.0
#92 g_main_context_dispatch
from /usr/lib/libglib-2.0.so.0
#93 g_main_context_iterate
from /usr/lib/libglib-2.0.so.0
#94 g_main_loop_run
from /usr/lib/libglib-2.0.so.0
#95 bonobo_main
from /usr/lib/libbonobo-2.so.0
#96 main
#97 __libc_start_main
from /lib/libc.so.6
#0 wait4
from /lib/libc.so.6





------- Bug moved to this database by unknown@bugzilla.gnome.org 2003-09-21 00:36 -------

The original reporter (tzicatl@cuetzalan.com) of this bug does not have an account here.
Reassigning to the exporter, unknown@bugzilla.gnome.org.
Reassigning to the default owner of the component, jaka@gnu.org.

Comment 1 Jaka Mocnik 2003-09-25 15:58:11 UTC

this must be a problem with your local build/distro. ghex2 works
perfectly at what you are describing!

Comment 2 Ed Catmur 2005-09-05 02:19:55 UTC

It only happens if accessibility is enabled
(/desktop/gnome/interface/accessibility).

I think I've worked out what the problem is, though.

Comment 3 Ed Catmur 2005-09-05 11:30:15 UTC

Please reopen.

OK: problem is that the hack in accessiblegtkhex.c (to decide what
AccessibleGtkHex inherits from at run-time) is broken.

The AccessibleGtkHex struct is defined:

struct _AccessibleGtkHex
{
	GtkAccessible   parent;
	GailTextUtil *textutil;
};

However the initial member in an AccessibleGtkHex is not necessarily a
GtkAccessible but possibly a larger object (generally, a GailContainer).

This means that (ACCESSIBLE_GTK_HEX (obj))->textutil accesses memory meant for
the parent class members, in this case (GAIL_CONTAINER (obj))->children. 

So: (ACCESSIBLE_GTK_HEX (obj))->textutil is set to a (GailTextUtil *), but the
same memory is then read as a (GList *), which of cause causes a segfault. (The
refcount of the GailTextUtil is read as the next of the GList).

I think the way to fix this is to make AccessibleGtkHex an opaque struct and
move the GailTextUtil to a private struct using g_type_class_add_private().

Comment 4 Ed Catmur 2005-09-05 11:38:34 UTC

Oh: and if AccessibleGtkHex does inherit directly from GtkAccessible then memory
for the GailTextUtil * is not allocated, so accessing the textutil member is
accessing unallocated memory. Nice.

Comment 5 Ed Catmur 2005-09-05 12:11:21 UTC

Created attachment 51826 [details] [review]
ghex-2.8.1-segfault_on_exit.patch

As suggested above.