GNOME Bugzilla – Bug 165363
Crash segfault SIGSEGV when moving the last element from the lower toolbar to the upper toolbar
Last modified: 2011-02-14 13:04:55 UTC
Hi, Francesco Potorti` reported Debian bug <http://bugs.debian.org/286647> where he explains that dragging the latest item from the Galeon toolbar hosting the URL bar into the upper toolbar crashes Galeon. Once Debian's glib-dbg package fixed, he got a long stack trace which I thought would end up in glib, but ends in egg_editable_toolbar_get_type (). I think egg_editable_toolbar_get_type is in a Galeon specific widget, and I'll ask the submitter to rebuild Galeon with debugging symbols, do you have any idea of where this bug could come from? I can't reproduce it. :(
Created attachment 36577 [details] Backtrace The submitter gets the following warning: (galeon:3765): Gtk-CRITICAL **: file gtkcontainer.c: line 1285 (gtk_container_foreach): assertion `GTK_IS_CONTAINER (container)' failed and the attched backtrace.
Here's a new backtrace, full of debugging symbols. Sadly, I noticed that the debugging symbols build of Galeon is broken, I'm working on fixing this, but don't rely on the stacktrace 100%. $ LD_LIBRARY_PATH=/usr/lib/debug/: gdb galeon GNU gdb 6.3-debian Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-linux"...Using host libthread_db library "/lib/libthread_db.so.1". (gdb) r Starting program: /usr/bin/galeon [Thread debugging using libthread_db enabled] [New Thread 16384 (LWP 30747)] [New Thread 32769 (LWP 30748)] [New Thread 16386 (LWP 30749)] [New Thread 32771 (LWP 30754)] [New Thread 49156 (LWP 30755)] [Thread 49156 (LWP 30755) exited] [New Thread 65541 (LWP 30756)] [New Thread 81926 (LWP 30758)] [Thread 81926 (LWP 30758) exited] [Thread 65541 (LWP 30756) exited] [New Thread 98311 (LWP 30782)] [New Thread 114696 (LWP 30784)] [New Thread 131081 (LWP 30785)] [New Thread 147466 (LWP 30786)] [New Thread 163851 (LWP 30787)] LoadPlugin: failed to initialize shared library /var/opt/j2sdk1.4.0/jre/plugin/i386/ns610/libjavaplugin_oji140.so [/var/opt/j2sdk1.4.0/jre/plugin/i386/ns610/libjavaplugin_oji140.so: undefined symbol: GetGlobalServiceManager__16nsServiceManagerPP17nsIServiceManager] LoadPlugin: failed to initialize shared library /var/opt/j2sdk1.4.0/jre/plugin/i386/ns610/libjavaplugin_oji140.so [/var/opt/j2sdk1.4.0/jre/plugin/i386/ns610/libjavaplugin_oji140.so: undefined symbol: GetGlobalServiceManager__16nsServiceManagerPP17nsIServiceManager] LoadPlugin: failed to initialize shared library /var/opt/j2sdk1.4.0/jre/plugin/i386/ns610/libjavaplugin_oji140.so [/var/opt/j2sdk1.4.0/jre/plugin/i386/ns610/libjavaplugin_oji140.so: undefined symbol: GetGlobalServiceManager__16nsServiceManagerPP17nsIServiceManager] [New Thread 180236 (LWP 30793)] [Thread 98311 (LWP 30782) exited] [Thread 163851 (LWP 30787) exited] [Thread 131081 (LWP 30785) exited] [Thread 114696 (LWP 30784) exited] [Thread 180236 (LWP 30793) exited] [Thread 147466 (LWP 30786) exited] [New Thread 196621 (LWP 30866)] (galeon:30747): Gtk-CRITICAL **: file gtkcontainer.c: line 1285 (gtk_container_foreach): assertion `GTK_IS_CONTAINER (container)' failed Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 30747)] 0x0813b132 in get_toolbar_nth (etoolbar=0x82af5e0, position=137033184) at egg-editable-toolbar.c:167 167 egg-editable-toolbar.c: No such file or directory. in egg-editable-toolbar.c (gdb) thread apply all bt full
+ Trace 55153
Thread 1 (Thread 16384 (LWP 30747))
The program is running. Exit anyway? (y or n) y $
(The full stack trace is in the Debian bug, I copied only the relevant part.) Here's a preliminary patch which adds some safety checks, I don't understand how "position" gets corrupted though. --- galeon-1.3.19.orig/libegg/egg-editable-toolbar.c 2004-12-15 18:08:20.000000000 +0100 +++ galeon-1.3.19/libegg/egg-editable-toolbar.c 2005-02-01 10:28:41.000000000 +0100 @@ -161,8 +161,15 @@ GtkWidget *dock; GtkWidget *result; + /* check the correctness of the parameters passed to this function */ + g_return_val_if_fail(etoolbar != NULL, NULL); + + /* position should be checked in get_dock_nth() */ dock = get_dock_nth (etoolbar, position); + /* a wrong position was probably passed to this function */ + g_return_val_if_fail(dock != NULL, NULL); + l = gtk_container_get_children (GTK_CONTAINER (dock)); result = GTK_WIDGET (l->data); g_list_free (l); @@ -880,9 +887,19 @@ GtkWidget *toolbar; GtkWidget *item; + /* check the correctness of the parameters passed to this function */ + g_return_if_fail(model != NULL); + g_return_if_fail(t != NULL); + + /* toolbar_position should be checked in get_toolbar_nth() */ toolbar = get_toolbar_nth (t, toolbar_position); + /* a wrong toolbar_position was probably passed to this function */ + g_return_val_if_fail(toolbar != NULL); + + /* position should be checked in gtk_toolbar_get_nth_item() */ item = GTK_WIDGET (gtk_toolbar_get_nth_item (GTK_TOOLBAR (toolbar), position)); + /* a wrong position was probably passed to this function */ g_return_if_fail (item != NULL); gtk_container_remove (GTK_CONTAINER (toolbar), item);
Looks like the same trace as epiphany bug 153541, which I could never track down either...
I don't think that the 'position' field is really corrupted, it's probably just some sort of compiler thing confusing gdb or something. Unfortunately I can't reproduce this, so apart from bullet-proofing the functions, I'm not too sure what we can do :-(
Yeah, I've fixed the old package build process and it now can build debug binaries correctly, I'll provide a test package to the submitter ASAP, it's really my next TODO item.
The submitter provided an updated backtrace, but only the crash is visible, not the full backtrace. I hope he'll get the rest of it, but at least we know where it crashes: 0x08176b2c in get_toolbar_nth (etoolbar=0x86d7a88, position=1) at egg-editable-toolbar.c:167 157 get_toolbar_nth (EggEditableToolbar *etoolbar, 158 int position) 159 { 160 GList *l; 161 GtkWidget *dock; 162 GtkWidget *result; 163 164 dock = get_dock_nth (etoolbar, position); 165 166 l = gtk_container_get_children (GTK_CONTAINER (dock)); 167 result = GTK_WIDGET (l->data); 168 g_list_free (l); 169 170 return result; 171 } And there's still the warning: (galeon:6907): Gtk-CRITICAL **: gtk_container_foreach: assertion `GTK_IS_CONTAINER (container)' failed prior to the segfault. Could it be that the count gets wrong at some point in time, or get_dock_nth returns something wrong?
(This seems similar to bug 153541.) Submitter got a cool stack trace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 9882)] 0x08176b2c in get_toolbar_nth (etoolbar=0x86d77a0, position=1) at egg-editable-toolbar.c:167 167 egg-editable-toolbar.c: No such file or directory. in egg-editable-toolbar.c (gdb) bt full
+ Trace 55809
Thanks for taking the time to report this bug. However, you are using a version that is too old and not supported anymore. Galeon developers won't be fixing or back porting any fixes for this version. Please upgrade to latest stable Galeon version to receive bug fixes. We are sorry it could not be fixed for your version.