GNOME Bugzilla – Bug 655127
Attempting to get the accessible relationset for a GtkTreeView crashes ATs and/or hangs one's session
Last modified: 2012-04-21 16:48:06 UTC
Created attachment 192457 [details] test script Steps to reproduce: 1. enable accessibility (gsettings set org.gnome.desktop.interface toolkit-accessibility true) 2. launch gtk3-demo (build gtk+ from master) 3. launch the attached test script 4. give focus to the gtk3-demo window Expected results: There would be no segfault. Actual results: ================== treetable [tree table | ] state set <StateSet object at 0x1723230 (AtspiStateSet at 0x16096f0)> /usr/lib64/python2.7/site-packages/gi/types.py:45: Warning: g_object_get_qdata: assertion `G_IS_OBJECT (object)' failed return info.invoke(*args) Segmentation fault (core dumped) ================== Notes: 1. If you attempt to access a GtkTreeView with Orca running, the desktop session will hang. If you attempt to examine one via Accerciser, Accerciser will exit. 2. My environment: * Fedora 15 * glib from master * gtk+ from master * atk from master * at-spi2 (at-spi2-core, at-spi2-atk, pyatspi2) from master * pygobject from master * gobject-introspection from master
Created attachment 192458 [details] stacktrace
Created attachment 192837 [details] Patch. I believe this is the correct fix, but we should have a test returning a GArray of GObjects, and regress.c has no such test currently, so I think this needs more work before committing.
Thinking about this more, I'm not sure if the patch I just filed is correct. I have a GArray with (element-type AtspiRelation*), which creates the following in the gir: <array name="GLib.Array" c:type="GArray*"> <type name="Relation"/> </array> So it isn't clear to me if the .gir is correct, or if, given the typelib, pygi should be treating the values as pointers to GObjects or as GObject instances in themselves. Anyway, perhaps I'm using GArray incorrectly and I should be using GPtrArray instead; I think I'll change my code to use the latter, and I suspect that it won't hit this crash.
Still, I don't see it documented anywhere that it wouldn't work to use a GArray to pass pointers to GObjects. But, if there is a bug to fix, then I'm not sure it is with pygobject or with g-ir-scanner. If the recommended behavior is to use a GPtrArray, then we should document this on the Best Practices page.
I'm withdrawing the patch (thanks, Joanie, for testing; apparently that code path also gets executed for, ie, gdk_keymap_get_entries_for_keyval, where the current behavior is correct (assuming that the array elements are not pointers). g-ir-scanner is giving me the same output for writing "(element-type AtspiRelation*") as if I'd written "(element-type AtspiRelation)". Do we have a notation defined that should be correct for the former?
Comment on attachment 192837 [details] Patch. Obsoleting patch as it is incorrect, as per comment 5.
I ran the attached test case with the latest GNOME 3.4 stack and did observe a crash anymore. Could you please confirm that the issue is indeed fixed?
Not sure if it is FIXED, but it is WORKSFORME (why don't we have that as an option?). Thanks for the ping Sebastian!