After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 634534 - Crash in gdk_event_apply_filters()
Crash in gdk_event_apply_filters()
Status: RESOLVED FIXED
Product: gnome-desktop
Classification: Core
Component: libgnome-desktop
2.91.x
Other Linux
: Normal critical
: ---
Assigned To: Desktop Maintainers
Desktop Maintainers
Depends on:
Blocks:
 
 
Reported: 2010-11-10 19:03 UTC by Bastien Nocera
Modified: 2010-11-11 13:23 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Fix possible double-free when destroying private windows (1.16 KB, patch)
2010-11-11 13:23 UTC, Bastien Nocera
committed Details | Review

Description Bastien Nocera 2010-11-10 19:03:34 UTC
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff758ec96 in gdk_event_apply_filters (display=0x6361e0) at gdkeventsource.c:72
72	      result = filter->function (xevent, event, filter->data);
Missing separate debuginfos, use: debuginfo-install flac-1.2.1-6.fc12.x86_64 libXtst-1.0.99.2-3.fc12.x86_64 libasyncns-0.8-1.fc13.x86_64 libcanberra-0.26-2.fc15.x86_64 libcanberra-gtk3-0.26-2.fc15.x86_64 libogg-1.2.0-1.fc14.x86_64 libsndfile-1.0.23-1.fc14.x86_64 libtdb-1.2.1-3.fc14.x86_64 libtool-ltdl-2.2.10-3.fc14.x86_64 libvorbis-1.3.1-2.fc14.x86_64 nss-softokn-freebl-3.12.8-1.fc14.x86_64 polkit-0.98-4.fc14.x86_64 pulseaudio-libs-0.9.21-6.fc13.x86_64 pulseaudio-libs-glib2-0.9.21-6.fc13.x86_64 tcp_wrappers-libs-7.6-59.fc14.x86_64
(gdb) bt
  • #0 gdk_event_apply_filters
    at gdkeventsource.c line 72
  • #1 gdk_event_source_translate_event
    at gdkeventsource.c line 169
  • #2 _gdk_events_queue
    at gdkeventsource.c line 276
  • #3 gdk_display_get_event
    at gdkdisplay.c line 384
  • #4 gdk_event_source_dispatch
    at gdkeventsource.c line 298
  • #5 g_main_dispatch
    at gmain.c line 2267
  • #6 g_main_context_dispatch
    at gmain.c line 2824
  • #7 g_main_context_iterate
    at gmain.c line 2902
  • #8 g_main_loop_run
    at gmain.c line 3110
  • #9 gtk_main
    at gtkmain.c line 1321
  • #10 g_application_run
    at gapplication.c line 1217
  • #11 main
    at control-center.c line 97
  • #0 gdk_event_apply_filters
    at gdkeventsource.c line 72
67	  while (tmp_list)
68	    {
69	      GdkEventFilter *filter = (GdkEventFilter*) tmp_list->data;
70	
71	      tmp_list = tmp_list->next;
72	      result = filter->function (xevent, event, filter->data);
73	
74	      if (result != GDK_FILTER_CONTINUE)
75		return result;
76	    }
(gdb) p filter
$1 = (GdkEventFilter *) 0x0

I get this when changing the resolution of my screen using the display panel in gnome-control-center. I would either add an assert() if the members of the list are never supposed to be NULL, or there's a bug removing that filter from the list.
Comment 1 Bastien Nocera 2010-11-10 19:09:06 UTC
My gtk+ tip was of d1829ecd7436e84267d224b3c73ae406cc61e855. Testing with the latest master now.
Comment 2 Bastien Nocera 2010-11-10 19:22:47 UTC
Same thing happens with the latest master.
Comment 3 Bastien Nocera 2010-11-10 19:31:45 UTC
Sorry, setting importance for a bit of red.
Comment 4 Bastien Nocera 2010-11-11 01:35:49 UTC
valgrind output is absolutely uninsteresting, then I switch resolutions and get:
==13597== Jump to the invalid address stated on the next line
==13597==    at 0x2C20307830207B20: ???
==13597==    by 0x8F0: ???
==13597==  Address 0x2c20307830207b20 is not stack'd, malloc'd or (recently) free'd
==13597== 
==13597== 
==13597== Process terminating with default action of signal 11 (SIGSEGV)
==13597==  Bad permissions for mapped region at address 0x2C20307830207B20
==13597==    at 0x2C20307830207B20: ???
==13597==    by 0x8F0: ???

Not really useful.
Comment 5 Matthias Clasen 2010-11-11 02:26:02 UTC
My guess would be that some loaded module installs a filter, then gets unloaded without removing it.
Comment 6 Bastien Nocera 2010-11-11 13:22:35 UTC
Actually was a double-free in libgnome-desktop that was causing the filters to be freed. Not sure why valgrind wasn't able to catch it.
Comment 7 Bastien Nocera 2010-11-11 13:23:21 UTC
Created attachment 174244 [details] [review]
Fix possible double-free when destroying private windows

This could cause free'ing random data when the members of ->windows
were destroyed, but ->windows itself wasn't. As it was != NULL, we'd
be free memory that wouldn't belong to us anymore.
Comment 8 Bastien Nocera 2010-11-11 13:23:40 UTC
Attachment 174244 [details] pushed as 7e967de - Fix possible double-free when destroying private windows