GNOME Bugzilla – Bug 304915
[PATCH] Evolution crashes in libgnomecanvas
Last modified: 2005-09-13 05:58:49 UTC
Steps to reproduce: 1. Launch evolution. 2. Start to compose a new email. 3. Close the email window Stack trace: Program received signal SIGSEGV, Segmentation fault.
+ Trace 59965
Thread 1 (LWP 100092)
Other information: The attached patch removes a g_assert() in gcbp_destroy_gdk() as the new code in gnome_canvas_item_dispose() NULLs out the canvas member of the item structure. This way, that assert could never be valid. Alternatively, I suppose you could check whether shape->canvas is not NULL, then do the assert.
Created attachment 46689 [details] [review] Remove g_assert() to fix Evo crash
Created attachment 46710 [details] [review] Checks for NULL instead of completely disabling assertion check This patch does what the author of the original patch suggested.
Should be fair enough for a workaroun, I think. I'll leave it for the maintainers to decide on the patches. Accepting report.
Got another crasher: open a mail in a new window with evolution, then close it. Evolution will crash with my version of the patch, don't know if it crashes with Joes patch.
*** Bug 305089 has been marked as a duplicate of this bug. ***
*** Bug 305078 has been marked as a duplicate of this bug. ***
It seems this crasher was introduced with the addition of item->canvas = NULL; to gnome_canvas_item_dispose() in libgnomecanvas/gnome-canvas.c to 2.10.1. Removing this line completely fixes the crash in both the new email window/email in a new window cases. Maybe item->canvas is being free()'d somewhere else and causing a segv? Is item->canvas supposed to be g_free()'d before NULL'ed?
*** Bug 305177 has been marked as a duplicate of this bug. ***
*** Bug 305131 has been marked as a duplicate of this bug. ***
Tim, could you take a look at this? New crasher caused by one of the patches you looked at earlier.
i'm afraid i can't practically look at this, because i currently lack the environment to build evolution and the canvas (even gtk atm). i'm highly suspecting #90259 to be the culprit here though. looking at the bug duplicates hardenes that suspicion. i think #305131 correctly analyzes the actual problem, item->canvas is reset way too early. gnome_canvas_destroy() will now properly destroy the root item (as does the group handler for its children), so the canvas will stay valid for items even after dispose. as a result, gnome_canvas_item_dispose() should *not* reset item->canvas before chaining dispose, since this causes ::destroy to be emitted on items with a NULL canvas (which the existing code simply does not expect). moving the canvas pointer reset until after chaining dipose should be good enough (this leaves item->canvas intact for the first emission of ::destroy), here's a pseudo patch: gnome-canvas.c @@ gnome_canvas_item_dispose if (item->parent) group_remove (GNOME_CANVAS_GROUP (item->parent), item); - item->canvas = NULL; g_free (item->xform); item->xform = NULL; G_OBJECT_CLASS (item_parent_class)->dispose (object); + /* items should remove any references to item->canvas after the first ::destroy */ + item->canvas = NULL; }
Even with this latest patch, Evo will still crash. However, this time, it's in gal. I believe the problem is related to this libgnomecanvas change, however. See the attached patch. With both Tim's patch, and this gal patch, Evo no longer crashes.
Created attachment 46825 [details] [review] Fix canvas-related crash in gal
Chris, do you think this is really a bug in e-canvas.c and is this the correct fix?
I commited the libgnomecanvas part from Tim, Chris Lahey said the e-canvas.c patch looked ok, but I'll mail it to evolution-patches@ximian.com for review just to follow procedure.
Created attachment 46895 [details] [review] alternate fix - fix the dispose method This fixes the eti dispose method instead, so the function isn't called with a null canvas in the first place. fixes the crash for me.
I prefer the alternate fix. It's more correct. Wouldn't hurt to add a g_return_if_fail to the e_canvas call also.
*** Bug 305232 has been marked as a duplicate of this bug. ***
I installed the latest versions of libgnomecanvas, evolution and evolution-data-server and I don't see this crash anymore (I reported bug 305232 which was marked as a duplicate of this one). Note that I didn't update gal.
Thanks Vincent. I still have committed the patch from Not Zed in gal head, gnome-2-10, since it just adds an additional check, in case such a problem re-appears later. Closing.
*** Bug 305444 has been marked as a duplicate of this bug. ***
*** Bug 309822 has been marked as a duplicate of this bug. ***
*** Bug 309793 has been marked as a duplicate of this bug. ***
*** Bug 309783 has been marked as a duplicate of this bug. ***
*** Bug 308952 has been marked as a duplicate of this bug. ***
*** Bug 308714 has been marked as a duplicate of this bug. ***
*** Bug 308604 has been marked as a duplicate of this bug. ***
*** Bug 307602 has been marked as a duplicate of this bug. ***
*** Bug 305258 has been marked as a duplicate of this bug. ***
*** Bug 309973 has been marked as a duplicate of this bug. ***
*** Bug 310075 has been marked as a duplicate of this bug. ***
*** Bug 310091 has been marked as a duplicate of this bug. ***
*** Bug 310093 has been marked as a duplicate of this bug. ***
*** Bug 310139 has been marked as a duplicate of this bug. ***
*** Bug 310158 has been marked as a duplicate of this bug. ***
*** Bug 310019 has been marked as a duplicate of this bug. ***
*** Bug 310169 has been marked as a duplicate of this bug. ***
*** Bug 310200 has been marked as a duplicate of this bug. ***
*** Bug 310436 has been marked as a duplicate of this bug. ***
*** Bug 310497 has been marked as a duplicate of this bug. ***
*** Bug 310713 has been marked as a duplicate of this bug. ***
*** Bug 310708 has been marked as a duplicate of this bug. ***
*** Bug 310756 has been marked as a duplicate of this bug. ***
*** Bug 310760 has been marked as a duplicate of this bug. ***
*** Bug 310770 has been marked as a duplicate of this bug. ***
*** Bug 310927 has been marked as a duplicate of this bug. ***
*** Bug 310969 has been marked as a duplicate of this bug. ***
*** Bug 311032 has been marked as a duplicate of this bug. ***
*** Bug 311173 has been marked as a duplicate of this bug. ***
*** Bug 311246 has been marked as a duplicate of this bug. ***
*** Bug 311263 has been marked as a duplicate of this bug. ***
*** Bug 311581 has been marked as a duplicate of this bug. ***
*** Bug 311610 has been marked as a duplicate of this bug. ***
*** Bug 311647 has been marked as a duplicate of this bug. ***
*** Bug 311668 has been marked as a duplicate of this bug. ***
*** Bug 311670 has been marked as a duplicate of this bug. ***
*** Bug 311675 has been marked as a duplicate of this bug. ***
*** Bug 310259 has been marked as a duplicate of this bug. ***
*** Bug 311793 has been marked as a duplicate of this bug. ***
*** Bug 311834 has been marked as a duplicate of this bug. ***
*** Bug 311849 has been marked as a duplicate of this bug. ***
*** Bug 311952 has been marked as a duplicate of this bug. ***
*** Bug 311968 has been marked as a duplicate of this bug. ***
*** Bug 312119 has been marked as a duplicate of this bug. ***
*** Bug 312754 has been marked as a duplicate of this bug. ***
*** Bug 312792 has been marked as a duplicate of this bug. ***
Marking this bug as VERIFIED FIXED
*** Bug 313155 has been marked as a duplicate of this bug. ***
*** Bug 313441 has been marked as a duplicate of this bug. ***
*** Bug 313804 has been marked as a duplicate of this bug. ***
*** Bug 315684 has been marked as a duplicate of this bug. ***
*** Bug 315770 has been marked as a duplicate of this bug. ***
*** Bug 315783 has been marked as a duplicate of this bug. ***
*** Bug 315837 has been marked as a duplicate of this bug. ***