GNOME Bugzilla – Bug 131398
Listening for song change via Bonobo can crash Rhythmbox
Last modified: 2009-08-15 18:40:50 UTC
If a program is listening for a "Bonobo/Property:change:song" event on the PropertyBag exported by the Bonobo interface, and Rhythmbox finishes playing the last song in the playlist, Rhythmbox crashes. It doesn't crash when nothing is listening for that event. Steps to reproduce: 1. Start Rhythmbox. 2. Turn off the "shuffle" and "repeat" options. 3. Start a program that listens for a "Bonobo/Property:change:song" event. (The test-corba program included in the Rhythmbox source works for this.) 4. Start playing the last song in the playlist. 5. When Rhythmbox reaches the end of the song, it crashes. This is using the rhythmbox package in Debian sid/unstable (version 0.6.4-1).
Created attachment 23340 [details] Here's a minimal program that reproduces the problem.
Very good bug report. With a test program even :) I can definitely reproduce it. Here's the stack trace: Program received signal SIGSEGV, Segmentation fault.
+ Trace 43204
Thread 16384 (LWP 31283)
Now, as for what the bug is exactly, I'm not sure yet...
Finally had a chance to track this down. Thanks for the excellent bug report! * committed walters@rhythmbox.org--2003b/rhythmbox--mainline--0.7--patch-167
This bug seems to have resurfaced in 0.6.5. Here's a backtrace:
+ Trace 44190
Inside rb_shell_entry_changed_cb (line 12 of the backtrace), the song_info that gets packed into arg is NULL. Is something in CORBA trying to dereference the pointer for some reason, maybe? Strange how it seems to be crashing in a different place than in Colin's backtrace earlier.... This is with the rhythmbox 0.6.5-2 package in Debian sid/unstable.
* committed rhythmbox-devel@gnome.org--2004/rhythmbox--main--0.7--patch-227 That should more gracefully handle the error condition. Can you still reproduce this with Rhythmbox 0.6.10 or Rhythmbox 0.7.2? It would be especially nice if you could test the latest development tree from arch.
It still happens in 0.6.10 and 0.7.2, but it looks like it's fixed in arch as of patch-228. Looks like patch-227 did the trick. Thanks for finally tracking this bug down.
Great! Thank you very much for verifying the fix.