After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 550250 - nautilus crashed with SIGSEGV in g_type_check_instance_cast()
nautilus crashed with SIGSEGV in g_type_check_instance_cast()
Status: RESOLVED FIXED
Product: nautilus
Classification: Core
Component: [obsolete] GIO
2.23.x
Other Linux
: Normal critical
: ---
Assigned To: Nautilus Maintainers
Nautilus Maintainers
: 572781 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2008-09-01 16:46 UTC by Sebastien Bacher
Modified: 2009-03-12 14:18 UTC
See Also:
GNOME target: ---
GNOME version: 2.23/2.24

Attachments
Don't re-allocate nautilus_autorun_combobox_data when rebuilding combo box (3.06 KB, patch)
2009-03-12 13:28 UTC, Alexander Larsson 		none Details | Review

Description Sebastien Bacher 2008-09-01 16:46:24 UTC 
the bug has been opened on https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/263246

"This happens when I I tried to add a new program to the run menu that pops up when inserting DVD media.

nautilus 1:2.23.90-0ubuntu1

+ Trace 206008

  • #0 IA__g_type_check_instance_cast
    at /build/buildd/glib2.0-2.17.7/gobject/gtype.c line 3723
  • #1 nautilus_autorun_rebuild_combo_box
    at nautilus-autorun.c line 346
  • #2 combo_box_changed
    at nautilus-autorun.c line 326
  • #3 IA__g_cclosure_marshal_VOID__VOID
    at /build/buildd/glib2.0-2.17.7/gobject/gmarshal.c line 77
  • #4 IA__g_closure_invoke
    at /build/buildd/glib2.0-2.17.7/gobject/gclosure.c line 767
  • #5 signal_emit_unlocked_R
    at /build/buildd/glib2.0-2.17.7/gobject/gsignal.c line 3244
  • #6 IA__g_signal_emit_valist
    at /build/buildd/glib2.0-2.17.7/gobject/gsignal.c line 2977
  • #7 IA__g_signal_emit
    at /build/buildd/glib2.0-2.17.7/gobject/gsignal.c line 3034
  • #8 gtk_combo_box_set_active_internal
    at /build/buildd/gtk+2.0-2.13.7/gtk/gtkcombobox.c line 4884
  • #9 IA__gtk_combo_box_set_active_iter
    at /build/buildd/gtk+2.0-2.13.7/gtk/gtkcombobox.c line 4938
  • #10 gtk_combo_box_menu_item_activate
    at /build/buildd/gtk+2.0-2.13.7/gtk/gtkcombobox.c line 3146
  • #11 IA__g_cclosure_marshal_VOID__VOID
    at /build/buildd/glib2.0-2.17.7/gobject/gmarshal.c line 77
  • #12 IA__g_closure_invoke
    at /build/buildd/glib2.0-2.17.7/gobject/gclosure.c line 767
  • #13 signal_emit_unlocked_R
    at /build/buildd/glib2.0-2.17.7/gobject/gsignal.c line 3244
  • #14 IA__g_signal_emit_valist
    at /build/buildd/glib2.0-2.17.7/gobject/gsignal.c line 2977
  • #15 IA__g_signal_emit
    at /build/buildd/glib2.0-2.17.7/gobject/gsignal.c line 3034
  • #16 IA__gtk_widget_activate
    at /build/buildd/gtk+2.0-2.13.7/gtk/gtkwidget.c line 4776
  • #17 IA__gtk_menu_shell_activate_item
    at /build/buildd/gtk+2.0-2.13.7/gtk/gtkmenushell.c line 1139
  • #18 gtk_menu_shell_button_release
    at /build/buildd/gtk+2.0-2.13.7/gtk/gtkmenushell.c line 678
  • #19 gtk_menu_button_release
    at /build/buildd/gtk+2.0-2.13.7/gtk/gtkmenu.c line 2857
  • #20 _gtk_marshal_BOOLEAN__BOXED
    at /build/buildd/gtk+2.0-2.13.7/gtk/gtkmarshalers.c line 84
  • #21 g_type_class_meta_marshal
    at /build/buildd/glib2.0-2.17.7/gobject/gclosure.c line 878
  • #22 IA__g_closure_invoke
    at /build/buildd/glib2.0-2.17.7/gobject/gclosure.c line 767
  • #23 signal_emit_unlocked_R
    at /build/buildd/glib2.0-2.17.7/gobject/gsignal.c line 3282
  • #24 IA__g_signal_emit_valist
    at /build/buildd/glib2.0-2.17.7/gobject/gsignal.c line 2987
  • #25 IA__g_signal_emit
    at /build/buildd/glib2.0-2.17.7/gobject/gsignal.c line 3034
  • #26 gtk_widget_event_internal
    at /build/buildd/gtk+2.0-2.13.7/gtk/gtkwidget.c line 4745
  • #27 IA__gtk_propagate_event
    at /build/buildd/gtk+2.0-2.13.7/gtk/gtkmain.c line 2363
  • #28 IA__gtk_main_do_event
    at /build/buildd/gtk+2.0-2.13.7/gtk/gtkmain.c line 1568
  • #29 gdk_event_dispatch
    at /build/buildd/gtk+2.0-2.13.7/gdk/x11/gdkevents-x11.c line 2365
  • #30 IA__g_main_context_dispatch
    at /build/buildd/glib2.0-2.17.7/glib/gmain.c line 2073
  • #31 g_main_context_iterate
    at /build/buildd/glib2.0-2.17.7/glib/gmain.c line 2706
  • #32 IA__g_main_loop_run
    at /build/buildd/glib2.0-2.17.7/glib/gmain.c line 2929
  • #33 IA__gtk_main
    at /build/buildd/gtk+2.0-2.13.7/gtk/gtkmain.c line 1172
  • #34 main
    at nautilus-main.c line 581 






Comment 1


palfrey





          2008-09-04 16:48:45 UTC
        



I'm not quite sure precisely what went wrong here, but here's an educated guess: nautilus_autorun_prepare_combo_box is being called from nautilus_autorun_rebuild_combo_box, which then proceeds to overwrite the existing data attached to the combo box (from an earlier nautilus_autorun_prepare_combo_box, say the init one in 
do_autorun_for_content_type) and so then the callback we're seeing fail here is the one attached to the *earlier* copy of a NautilusAutorunComboBoxData.

Possible thing that might fix this is calling g_object_get_data on the combo_box before the g_object_set_data_full call in nautilus_autorun_prepare_combo_box and destroying the old callback if there's an existing structure already kicking around. Looks like it's at least nominally reproducible, so this is possibly worth doing if one of the reporters is willing to test a random patch.






Comment 2


A. Walton





          2009-02-22 21:51:24 UTC
        



*** Bug 572781 has been marked as a duplicate of this bug. ***






Comment 3


Alexander Larsson





          2009-03-11 15:57:50 UTC
        



valgrind says this when adding a new program for DVD handling:

==11051== 
==11051== Invalid read of size 4
==11051==    at 0x49EE10: dialog_destroy_cb (nautilus-autorun.c:246)
==11051==    by 0x7C3571C: g_closure_invoke (gclosure.c:767)
==11051==    by 0x7C4C56A: signal_emit_unlocked_R (gsignal.c:3244)
==11051==    by 0x7C4DBE6: g_signal_emit_valist (gsignal.c:2977)
==11051==    by 0x7C4E0F2: g_signal_emit (gsignal.c:3034)
==11051==    by 0x57F5D3D: gtk_object_dispose (gtkobject.c:421)
==11051==    by 0x7C37C1F: g_object_run_dispose (gobject.c:789)
==11051==    by 0x4F2AF8: response_cb (nautilus-open-with-dialog.c:329)
==11051==    by 0x7C3571C: g_closure_invoke (gclosure.c:767)
==11051==    by 0x7C4C56A: signal_emit_unlocked_R (gsignal.c:3244)
==11051==    by 0x7C4DBE6: g_signal_emit_valist (gsignal.c:2977)
==11051==    by 0x7C4E0F2: g_signal_emit (gsignal.c:3034)
==11051==  Address 0x10bdc4f0 is 56 bytes inside a block of size 64 free'd
==11051==    at 0x4A0609F: free (vg_replace_malloc.c:323)
==11051==    by 0x7E91DF9: g_datalist_id_set_data_full (gdataset.c:282)
==11051==    by 0x49EB64: nautilus_autorun_prepare_combo_box (nautilus-autorun.c:662)
==11051==    by 0x49EDE7: nautilus_autorun_rebuild_combo_box (nautilus-autorun.c:376)
==11051==    by 0x7C3571C: g_closure_invoke (gclosure.c:767)
==11051==    by 0x7C4C56A: signal_emit_unlocked_R (gsignal.c:3244)
==11051==    by 0x7C4DBE6: g_signal_emit_valist (gsignal.c:2977)
==11051==    by 0x7C4E0F2: g_signal_emit (gsignal.c:3034)
==11051==    by 0x4F2AD8: response_cb (nautilus-open-with-dialog.c:274)
==11051==    by 0x7C3571C: g_closure_invoke (gclosure.c:767)
==11051==    by 0x7C4C56A: signal_emit_unlocked_R (gsignal.c:3244)
==11051==    by 0x7C4DBE6: g_signal_emit_valist (gsignal.c:2977)







Comment 4


Alexander Larsson





          2009-03-11 16:12:34 UTC
        



nautilus-autorun.c: 
other_application_selected() does stuff, then sets data->other_application_selected and calls nautilus_autorun_rebuild_combo_box().
However, this recreates "data" freeing the original. Then we later get a dialog_destroy_cb() callback, which accesses the freed data...







Comment 5


Alexander Larsson





          2009-03-12 13:28:03 UTC
        



Created attachment 130514 [details] [review]
Don't re-allocate nautilus_autorun_combobox_data when rebuilding combo box






Comment 6


Alexander Larsson





          2009-03-12 14:18:08 UTC
        



commited.