After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 389755 - Often segfaults when exiting, in collection view
Often segfaults when exiting, in collection view
Status: RESOLVED FIXED
Product: eog
Classification: Core
Component: collection
2.16.x
Other Linux
: Normal critical
: ---
Assigned To: EOG Maintainers
EOG Maintainers
: 378119 400881 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2006-12-26 15:50 UTC by Sven Arvidsson
Modified: 2007-01-30 14:14 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
[INCOMPLETE] quick fix for NULL deref (433 bytes, patch)
2007-01-27 22:50 UTC, Kees Cook 		none Details | Review
Corrected patch for full thread shutdown. (1.29 KB, patch)
2007-01-27 23:55 UTC, Kees Cook 		committed Details | Review

Description Sven Arvidsson 2006-12-26 15:50:19 UTC 
This bug was filed in the Debian BTS.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404325

"When I start eog with a png on the command line, and in the directory of
the PNG are also a lot of files, it often crashes when exiting while it
is still generating previews in the lower part of the window.

So, start up eog with the image and press Q shortly after startup
crashes it often."

Program received signal SIGSEGV, Segmentation fault.

+ Trace 97088

Thread NaN (LWP 13917)

  • #0 job_thumb_create
    at eog-collection-item.c line 313
  • #1 eog_job_call_action
    at eog-job.c line 387
  • #2 thread_start_func
    at eog-job-manager.c line 85
  • #3 g_thread_create_full
    from /usr/lib/libglib-2.0.so.0
  • #4 start_thread
    from /lib/tls/i686/cmov/libpthread.so.0
  • #5 clone
    from /lib/tls/i686/cmov/libc.so.6 
image = <value optimized out>
pixbuf = <value optimized out>
uri = <value optimized out>
__PRETTY_FUNCTION__ = "job_thumb_create"

This is thread 2 (in gdb), apparently the thumbnail creation thread.

The simple dup finder suggests bug 320206 and bug 378119 as likely matches.
Comment 1 Claudio Saavedra 2007-01-26 11:22:09 UTC 
*** Bug 400881 has been marked as a duplicate of this bug. ***
Comment 2 Kees Cook 2007-01-27 22:43:19 UTC 
I can confirm seeing this on Ubuntu Feisty as well (2.17.90-0ubuntu1):

Program terminated with signal 11, Segmentation fault.

+ Trace 105798

  • #0 job_thumb_create
    at eog-collection-item.c line 318 
0x436a7a <job_thumb_create+58>: mov    (%rax),%rbp
(gdb) print $rax
$1 = 0
Comment 3 Kees Cook 2007-01-27 22:50:07 UTC 
Created attachment 81334 [details] [review]
[INCOMPLETE] quick fix for NULL deref

This seems to fix it for me.  (Or I haven't hit the same race condition again...)
Comment 4 Kees Cook 2007-01-27 22:54:25 UTC 
I'd agree with the simple dup-finder, bug 378119 looks like a dup of this one.
Comment 5 Kees Cook 2007-01-27 23:55:36 UTC 
Created attachment 81336 [details] [review]
Corrected patch for full thread shutdown.

Sorry, this is a more complete patch that fixes the main problem of having job-manager threads continuing to run after the main_loop exits.
Comment 6 Claudio Saavedra 2007-01-30 02:03:58 UTC 
Patch looks fine to me, and I can't make eog crash with it. Felix, what do you think?
Comment 7 Felix Riemann 2007-01-30 13:28:07 UTC 
Well, I am generally not able to reproduce this crash.
But the patch looks like a valid fix/workaround to me.
I think we should give it a try.
Comment 8 Claudio Saavedra 2007-01-30 13:46:16 UTC 
Cool. Could somebody commit it? I'm at work now :-/
Comment 9 Felix Riemann 2007-01-30 14:10:52 UTC 
Done. I just commited it to trunk as rev. 3509. 

2007-01-30  Felix Riemann

	* libeog/eog-collection-item.c: (job_thumb_create): Workaround problem
	that the passed object is not valid anymore.
	* libeog/eog-job-manager.c: (eog_job_manager_quit),
	(eog_job_manager_init): Cancel all jobs when quitting the main loop.
	This fixes bug #389755. Patch by Kees Cook.
Comment 10 Felix Riemann 2007-01-30 14:14:29 UTC 
*** Bug 378119 has been marked as a duplicate of this bug. ***