GNOME Bugzilla – Bug 722975
crash when removing tag from palette while filtering by same tag
Last modified: 2014-02-24 20:15:52 UTC
From http://bugs.debian.org/736625: I copied a pallet and assigned it, the original, and another pallet the same label (in particular, "a"). I then filtered by the label and selected one of the pallets and removed the label. Then I clicked on another of the pallets, and the application segfaulted.
Created attachment 267192 [details] backtrace from gimp 2.8.6
After these changes, I cannot reproduce any crashes and warnings any longer, pushed to master and gimp-2-8: commit 2ec7e24d805d1f524fe455ed08ac641c5244a6e6 Author: Michael Natterer <mitch@gimp.org> Date: Sun Jan 26 21:03:28 2014 +0100 Bug 722975 - crash when removing tag from palette while filtering by same tag Each of the following cleans up tag refcounting, fixes access to released memory, or other small glitches. Not sure which change actually fixed the bug: gimp_data_remove_tag(): remove the found tag, not the passed in tag (which is to be treated only as a value for comparison). gimp_tagged_remove_tag(): don't continue the loop after the tag to remove has been found, there can only be one matching tag, and the list element has become invalid. gimptagentry.c: keep references around for the members of entry->common_tags, and make sure the references are always dropped properly. In assign_tags(), reference the "add" and "remove" lists for paranoia and safety reasons. (cherry picked from commit 7fca15c27dd944890a67bb6db90c0b1fd4238f2f) app/core/gimpdata.c | 2 +- app/core/gimptagged.c | 2 ++ app/widgets/gimptagentry.c | 26 ++++++++++++++------------ 3 files changed, 17 insertions(+), 13 deletions(-)
*** Bug 725080 has been marked as a duplicate of this bug. ***