After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 512313 - crash in IA__gtk_tree_model_get_valist
crash in IA__gtk_tree_model_get_valist
Status: RESOLVED OBSOLETE
Product: epiphany
Classification: Core
Component: Bookmarks
2.28.x
Other All
: High critical
: ---
Assigned To: Epiphany Maintainers
Epiphany Maintainers
: 528994 540420 541486 541499 549622 566413 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2008-01-26 23:46 UTC by Björn Heide
Modified: 2013-01-04 21:26 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
[PATCH] Check if the iter is valid in is_separator. (590 bytes, patch)
2008-08-30 11:55 UTC, Diego Escalante Urrelo (not reading bugmail) 		none Details | Review

Description Björn Heide 2008-01-26 23:46:35 UTC 
Version: 2.20.3

What were you doing when the application crashed?
I was adding and categorizing a bookmark.


Distribution: Debian lenny/sid
Gnome Release: 2.20.3 2008-01-12 (Debian)
BugBuddy Version: 2.20.1

System: Linux 2.6.23.12-cfs-v24.1 #1 SMP PREEMPT Wed Dec 26 00:11:13 CET 2007 x86_64
X Vendor: The X.Org Foundation
X Vendor Release: 10400090
Selinux: No
Accessibility: Disabled
GTK+ Theme: MurrinaNeoM
Icon Theme: Tango

Memory status: size: 555937792 vsize: 555937792 resident: 70459392 share: 30941184 rss: 70459392 rss_rlim: 18446744073709551615
CPU usage: start_time: 1201390991 rtime: 123 utime: 108 stime: 15 cutime:0 cstime: 0 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/epiphany-gecko'

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0x2b139713dd50 (LWP 10925)]
[New Thread 0x42804950 (LWP 10930)]
[New Thread 0x42003950 (LWP 10929)]
[New Thread 0x41001950 (LWP 10927)]
[New Thread 0x40800950 (LWP 10926)]
0x00002b139109934f in waitpid () from /lib/libpthread.so.0

+ Trace 186922

Thread 1 (Thread 0x2b139713dd50 (LWP 10925))

  • #0 waitpid
    from /lib/libpthread.so.0
  • #1 IA__g_spawn_sync
    at /tmp/buildd/glib2.0-2.14.5/glib/gspawn.c line 369
  • #2 IA__g_spawn_command_line_sync
    at /tmp/buildd/glib2.0-2.14.5/glib/gspawn.c line 677
  • #3 ??
    from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
  • #4 nsProfileLock::FatalSignalHandler
    at nsProfileLock.cpp line 210
  • #5 <signal handler called>
  • #6 IA__gtk_tree_model_get_valist
    at /build/buildd/gtk+2.0-2.12.5/gtk/gtktreemodel.c line 1441
  • #7 IA__gtk_tree_model_get
    at /build/buildd/gtk+2.0-2.12.5/gtk/gtktreemodel.c line 1403
  • #8 is_separator
    at /scratch/build-area/epiphany-browser-2.20.3/src/bookmarks/ephy-topics-palette.c line 382
  • #9 gtk_tree_view_real_set_cursor
    at /build/buildd/gtk+2.0-2.12.5/gtk/gtktreeview.c line 2493
  • #10 gtk_tree_view_button_press
    at /build/buildd/gtk+2.0-2.12.5/gtk/gtktreeview.c line 2754
  • #11 _gtk_marshal_BOOLEAN__BOXED
    at /build/buildd/gtk+2.0-2.12.5/gtk/gtkmarshalers.c line 84
  • #12 IA__g_closure_invoke
    at /tmp/buildd/glib2.0-2.14.5/gobject/gclosure.c line 490
  • #13 signal_emit_unlocked_R
    at /tmp/buildd/glib2.0-2.14.5/gobject/gsignal.c line 2478
  • #14 IA__g_signal_emit_valist
    at /tmp/buildd/glib2.0-2.14.5/gobject/gsignal.c line 2209
  • #15 IA__g_signal_emit
    at /tmp/buildd/glib2.0-2.14.5/gobject/gsignal.c line 2243
  • #16 gtk_widget_event_internal
    at /build/buildd/gtk+2.0-2.12.5/gtk/gtkwidget.c line 4675
  • #17 IA__gtk_propagate_event
    at /build/buildd/gtk+2.0-2.12.5/gtk/gtkmain.c line 2336
  • #18 IA__gtk_main_do_event
    at /build/buildd/gtk+2.0-2.12.5/gtk/gtkmain.c line 1556
  • #19 gdk_event_dispatch
    at /build/buildd/gtk+2.0-2.12.5/gdk/x11/gdkevents-x11.c line 2351
  • #20 IA__g_main_context_dispatch
    at /tmp/buildd/glib2.0-2.14.5/glib/gmain.c line 2061
  • #21 g_main_context_iterate
    at /tmp/buildd/glib2.0-2.14.5/glib/gmain.c line 2694
  • #22 IA__g_main_loop_run
    at /tmp/buildd/glib2.0-2.14.5/glib/gmain.c line 2898
  • #23 IA__gtk_main
    at /build/buildd/gtk+2.0-2.12.5/gtk/gtkmain.c line 1163
  • #24 main
    at /scratch/build-area/epiphany-browser-2.20.3/src/ephy-main.c line 725
  • #0 waitpid
    from /lib/libpthread.so.0 


----------- .xsession-errors (5296 sec old) ---------------------
Throttle level is 20
Initializing gnome-mount extension
seahorse nautilus module initialized
system-config-printer-applet: failed to start NewPrinterNotification service
** Message: failed to load session from /home/bjoern/.nautilus/saved-session-740QXT
ERROR:dbus.connection:Exception in handler for D-Bus signal:
Traceback (most recent call last):
  File "/var/lib/python-support/python2.4/dbus/connection.py", line 214, in maybe_handle_message
    self._handler(*args, **kwargs)
TypeError: evolution_new_mail_callback() takes at most 2 arguments (3 given)
ERROR:dbus.connection:Exception in handler for D-Bus signal:
Traceback (most recent call last):
  File "/var/lib/python-support/python2.4/dbus/connection.py", line 214, in maybe_handle_message
    self._handler(*args, **kwargs)
TypeError: evolution_new_mail_callback() takes at most 2 arguments (3 given)
--------------------------------------------------
Comment 1 Reinout van Schouwen 2008-01-28 10:51:45 UTC 
Thanks for the bug report. It looks like something goes wrong inside GTK+.
Comment 2 Diego Escalante Urrelo (not reading bugmail) 2008-02-22 07:54:38 UTC 
Can't reproduce, we already got a newer release. Please try to reproduce there and let us know if it still happens.
Comment 3 Reinout van Schouwen 2008-04-22 22:48:59 UTC 
*** Bug 528994 has been marked as a duplicate of this bug. ***
Comment 4 Reinout van Schouwen 2008-04-22 22:51:26 UTC 
Confirming that this is still happening in gtk 2.12.9. => reopening.
Comment 5 Kristian Rietveld 2008-05-30 21:18:22 UTC 
What is at the basis of this bug is a reentrancy issue; while GtkTreeView is handling a button press via gtk_tree_view_button_press(), epiphany is modifying the underlying GtkTreeModel.  When a node is clicked we toggle the toggle cell renderer, this yields update_list() in ephy-topics-palette.c.  update_lists() not only adds nodes, but sometimes removes them.  In case you click the last non-checked check box, the row for the separator is probably removed in the middle of GtkTreeView's handling of the button press event.  We need the node later on to update the cursor position.  This calls is_separator() with an invalid node, which epiphany passes (without checking) to gtk_tree_model_get().

At this moment we do not and will not support such manipulations of the GtkTreeModel from the callbacks that only indicate a toggle or editing operation has been done.

Reassigning to the epiphany component.
Comment 6 Reinout van Schouwen 2008-06-01 23:15:06 UTC 
Peter, you wrote this code so I'm putting you in CC.
Comment 7 Reinout van Schouwen 2008-06-27 11:27:21 UTC 
*** Bug 540420 has been marked as a duplicate of this bug. ***
Comment 8 Reinout van Schouwen 2008-07-04 10:49:14 UTC 
*** Bug 541486 has been marked as a duplicate of this bug. ***
Comment 9 Reinout van Schouwen 2008-07-04 10:50:19 UTC 
*** Bug 541499 has been marked as a duplicate of this bug. ***
Comment 10 Reinout van Schouwen 2008-08-28 12:12:33 UTC 
*** Bug 549622 has been marked as a duplicate of this bug. ***
Comment 11 Diego Escalante Urrelo (not reading bugmail) 2008-08-30 11:55:49 UTC 
Created attachment 117630 [details] [review]
[PATCH] Check if the iter is valid in is_separator.


Otherwise we can make GTK+ crash when is_separator tries to get data from the
model using an invalid iter, closes: #512313.
---
 src/bookmarks/ephy-topics-palette.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)
Comment 12 Christian Persch 2008-08-31 17:38:35 UTC 
Diego: that patch doesn't seem right for fixing this bug, given Kris' comment 5.
Comment 13 Matthias Clasen 2008-09-02 12:34:07 UTC 
Judging from Kris' comment, you probably want to defer any model manipulation to an idle
Comment 14 Reinout van Schouwen 2008-10-26 22:21:40 UTC 
@Diego, do you have a status on this bug?
Comment 15 palfrey 2009-01-03 14:34:44 UTC 
*** Bug 566413 has been marked as a duplicate of this bug. ***
Comment 16 Josselin Mouette 2009-02-02 09:39:21 UTC 
Still here in 2.24.2.1 with gtk+ 2.14.5.
Comment 17 Christian Persch 2009-04-10 18:22:59 UTC 
Reality check.
Comment 18 Reinout van Schouwen 2009-08-07 13:58:14 UTC 
Still valid with 2.27.5.
Comment 19 Akhil Laddha 2011-09-28 05:58:10 UTC 
Is this bug still valid in epiphany 3.0 or 3.2 ?
Comment 20 Vadim Rutkovsky 2012-03-05 18:23:46 UTC 
Can't reproduce in epiphany-browser 3.3.90-0ubuntu2, please, close this report
Comment 21 Diego Escalante Urrelo (not reading bugmail) 2013-01-04 21:26:22 UTC 
As per last comment.