GNOME Bugzilla – Bug 337239
immediate segfaults on x86_64
Last modified: 2007-01-04 10:49:49 UTC
I still see this problem. if (e.any_data._release) CORBA_free (&e.any_data._value); at the end of spi_atk_emit_eventv segfaults very early in every single application.
Ok, I finally tracked this down to an extraneous & in if (e.any_data._release) CORBA_free (&e.any_data._value); The attached patch fixes a few other compiler warnings at the same time.
Created attachment 62762 [details] [review] patch
Comment on attachment 62762 [details] [review] patch please commit the fix to the coRBA_free param. Not sure about the rest, since the casts seem necessary for some compilers (I put them in to silence a compiler in the first place)
regarding the casts, gcc on x86_64 complains that you cast a pointer to an integer of differnt size. and it is correct...
2006-04-05 Matthias Clasen <mclasen@redhat.com> * atk-bridge/bridge.c (spi_atk_emit_eventv): Fix a memory-management error that caused crashes on x86_64. (#337239)
billh: My patch in bug 333883 contains the same casts fixes and you approved it already...
hmm, the &-removal did make the segfaults go away on x86_64, but now it segfaults on i386. I am pretty much out of ideas and time to dig into this now. My current assumption is that maybe some of the struct copying and stack-allocation of anys forgets to set up/copy the mem-prefix which CORBA_free needs.
*** Bug 335719 has been marked as a duplicate of this bug. ***
Matthias analysis is right. The & should go away, but you also need to allocate the object in the any in a way so that the memory info prefix is there. Attaching patch.
Created attachment 69848 [details] [review] Fix the corba memory management
aha! Alex, thanks a lot for the fix. It makes a lot of sense to me now, but I stared a long time without seeing it, before. I wanted to apply the fix to the gnome-2-14 branch of cvs for tonight's release, but I see that I've messed up and didn't increment the AT-SPI minor revision when I broke back-compat on HEAD (i.e. 2.15 tarballs have already been released in the at-spi-1.7.X series). Your patch should be applied by any distros that are still working from stable. I'll apply to HEAD ASAP.
Hey - while I can't (or rather, don't know how to...) make a 2.14 release tarball for AT-SPI, I can at least commit your patch to the 2-14 branch. That way distros can pull from gnome-2.14 branch CVS and get something better than the at-spi-1.7.6 release, which was the last one in the stable 2.14 series. fortunately 2.16 is nearly out... One little nit: I am not crazy about using ORBit API here, isn't there some bog-standard CORBA way of doing the same thing? Just wondering...
I'm sad to say I don't think the patch is safe yet. As I said in bug 331924 comment 8, Ubuntu patched out parts of the patch there. Today I tried to drop our reversion patch and use the fix from comment 10, but this is the crash I get from 'gnome-at-properties': Backtrace was generated from '/usr/bin/gnome-at-properties' (no debugging symbols found) Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread -1223510336 (LWP 18181)] 0xffffe410 in __kernel_vsyscall ()
+ Trace 69859
Thread 1 (Thread -1223510336 (LWP 18181))
I guess the patch is not fix Matthias' crash? Because spi_atk_emit_eventv will call spi_atk_bridge_init_nil instead of spi_init_any_object. Is there something wrong in spi_atk_bridge_init_nil too? I think the bug is relative to http://bugzilla.gnome.org/show_bug.cgi?id=352444
Hi Alex, After this patch, there is still crash, you can take a look at http://bugzilla.gnome.org/show_bug.cgi?id=352444 I think what spi_atk_emit_eventv calls is spi_init_any_nil. So can you find any problem of creating and freeing corba object in spi_atk_emit_eventv? Seems it not crashes every time when spi_init_any_nil is called in spi_atk_emit_eventv. I am very confused. Thank you in advance.
*** Bug 386700 has been marked as a duplicate of this bug. ***
Created attachment 78964 [details] stacktrace of crash related to this, I believe crasher with Gnome 2.17cvs perhaps this is of use
reopening since we still have the problem
steps to reproduce (on an i686 system): open gnome-power-manager preferences from the settings menu and close them
matthia's patch has already been commited, but we see a crash on i386 now, or at least I do
Christian, I think your crash has been fixed on CVS, see bug #364839.
thank you for pointing that out, Frederic
Can we close this bug now? (I think the answer is 'yes')
Yes, closing the report.