After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 131398 - Listening for song change via Bonobo can crash Rhythmbox
Listening for song change via Bonobo can crash Rhythmbox
Status: VERIFIED INCOMPLETE
Product: rhythmbox
Classification: Other
Component: Programmatic interfaces
0.6.4
Other Linux
: Normal normal
: ---
Assigned To: RhythmBox Maintainers
RhythmBox Maintainers
Depends on:
Blocks:
 
 
Reported: 2004-01-14 03:16 UTC by Paul Kuliniewicz
Modified: 2009-08-15 18:40 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Here's a minimal program that reproduces the problem. (935 bytes, text/plain)
2004-01-14 03:18 UTC, Paul Kuliniewicz 		Details

Description Paul Kuliniewicz 2004-01-14 03:16:47 UTC 
If a program is listening for a "Bonobo/Property:change:song" event on the
PropertyBag exported by the Bonobo interface, and Rhythmbox finishes
playing the last song in the playlist, Rhythmbox crashes.  It doesn't crash
when nothing is listening for that event.

Steps to reproduce:

1. Start Rhythmbox.
2. Turn off the "shuffle" and "repeat" options.
3. Start a program that listens for a "Bonobo/Property:change:song" event.
   (The test-corba program included in the Rhythmbox source works for this.)
4. Start playing the last song in the playlist.
5. When Rhythmbox reaches the end of the song, it crashes.

This is using the rhythmbox package in Debian sid/unstable (version 0.6.4-1).
Comment 1 Paul Kuliniewicz 2004-01-14 03:18:24 UTC 
Created attachment 23340 [details]
Here's a minimal program that reproduces the problem.
Comment 2 Colin Walters 2004-01-14 06:45:26 UTC 
Very good bug report.  With a test program even :)

I can definitely reproduce it.  Here's the stack trace:

Program received signal SIGSEGV, Segmentation fault.

+ Trace 43204

Thread 16384 (LWP 31283)

  • #0 bonobo_property_bag_map_params
    from /usr/lib/libbonobo-2.so.0
  • #1 rb_shell_corba_get_player_properties
    at rb-shell.c line 897
  • #2 _ORBIT_skel_small_GNOME_Rhythmbox_getPlayerProperties
    at Rhythmbox-common.c line 168
  • #3 ORBit_POA_setup_root
    from /usr/lib/libORBit-2.so.0
  • #4 ?? 


Now, as for what the bug is exactly, I'm not sure yet...
Comment 3 Colin Walters 2004-01-21 20:12:07 UTC 
Finally had a chance to track this down.  Thanks for the excellent bug
report!

* committed
walters@rhythmbox.org--2003b/rhythmbox--mainline--0.7--patch-167
Comment 4 Paul Kuliniewicz 2004-02-15 03:46:46 UTC 
This bug seems to have resurfaced in 0.6.5.  Here's a backtrace:

+ Trace 44190

  • #0 ORBit_marshal_value
    from /usr/lib/libORBit-2.so.0
  • #1 ORBit_marshal_value
    from /usr/lib/libORBit-2.so.0
  • #2 ORBit_marshal_any
    from /usr/lib/libORBit-2.so.0
  • #3 ORBit_marshal_value
    from /usr/lib/libORBit-2.so.0
  • #4 ORBit_small_freekids
    from /usr/lib/libORBit-2.so.0
  • #5 ORBit_small_invoke_stub
    from /usr/lib/libORBit-2.so.0
  • #6 ORBit_small_invoke_stub_n
    from /usr/lib/libORBit-2.so.0
  • #7 ORBit_c_stub_invoke
    from /usr/lib/libORBit-2.so.0
  • #8 Bonobo_Listener_event
    from /usr/lib/libbonobo-2.so.0
  • #9 bonobo_event_source_notify_listeners
    from /usr/lib/libbonobo-2.so.0
  • #10 bonobo_event_source_notify_listeners_full
    from /usr/lib/libbonobo-2.so.0
  • #11 shell_notify_pb_changes
    at rb-shell.c line 669
  • #12 rb_shell_entry_changed_cb
    at rb-shell.c line 925
  • #13 g_cclosure_marshal_VOID__PARAM
    from /usr/lib/libgobject-2.0.so.0
  • #14 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #15 g_signal_emit_by_name
    from /usr/lib/libgobject-2.0.so.0
  • #16 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #17 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #18 g_object_class_list_properties
    from /usr/lib/libgobject-2.0.so.0
  • #19 g_object_type_init
    from /usr/lib/libgobject-2.0.so.0
  • #20 g_cclosure_new_object_swap
    from /usr/lib/libgobject-2.0.so.0
  • #21 g_object_set_valist
    from /usr/lib/libgobject-2.0.so.0
  • #22 g_object_set
    from /usr/lib/libgobject-2.0.so.0
  • #23 rb_entry_view_set_playing_entry
    at rb-entry-view.c line 1541
  • #24 rb_shell_player_set_playing_source_internal
    at rb-shell-player.c line 1541
  • #25 rb_shell_player_set_playing_source
    at rb-shell-player.c line 1522
  • #26 rb_shell_player_do_next
    at rb-shell-player.c line 1072
  • #27 eos_cb
    at rb-shell-player.c line 1687
  • #28 g_cclosure_marshal_VOID__VOID
    from /usr/lib/libgobject-2.0.so.0
  • #29 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #30 g_signal_emit_by_name
    from /usr/lib/libgobject-2.0.so.0
  • #31 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #32 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #33 eos_signal_idle
    at monkey-media-player-gst-tmp.c line 254
  • #34 g_timeout_add
    from /usr/lib/libglib-2.0.so.0
  • #35 unblock_source
    from /usr/lib/libglib-2.0.so.0
  • #36 g_main_context_dispatch
    from /usr/lib/libglib-2.0.so.0
  • #37 g_main_context_dispatch
    from /usr/lib/libglib-2.0.so.0
  • #38 g_main_loop_run
    from /usr/lib/libglib-2.0.so.0
  • #39 bonobo_main
    from /usr/lib/libbonobo-2.so.0
  • #40 main
    at main.c line 173 

Inside rb_shell_entry_changed_cb (line 12 of the backtrace), the
song_info that gets packed into arg is NULL.  Is something in CORBA
trying to dereference the pointer for some reason, maybe?

Strange how it seems to be crashing in a different place than in
Colin's backtrace earlier....

This is with the rhythmbox 0.6.5-2 package in Debian sid/unstable.
Comment 5 Colin Walters 2004-04-13 03:30:20 UTC 
* committed rhythmbox-devel@gnome.org--2004/rhythmbox--main--0.7--patch-227

That should more gracefully handle the error condition.

Can you still reproduce this with Rhythmbox 0.6.10 or Rhythmbox 0.7.2?  It would
be especially nice if you could test the latest development tree from arch.
Comment 6 Paul Kuliniewicz 2004-04-13 04:53:19 UTC 
It still happens in 0.6.10 and 0.7.2, but it looks like it's fixed in arch as of
patch-228.  Looks like patch-227 did the trick.

Thanks for finally tracking this bug down.
Comment 7 Colin Walters 2004-04-13 05:19:15 UTC 
Great!  Thank you very much for verifying the fix.