GNOME Bugzilla – Bug 614256
crashes when installing icon themes by dnd
Last modified: 2011-03-17 15:08:41 UTC
the issue has been described on https://bugs.launchpad.net/bugs/274915 To trigger on crash on 2.29.91: * download http://art.gnome.org/download/themes/icon/1100/ICON-DroplineNeu.tar.bz2 * dnd it to the themes tab * watch the valgrind log "==27164== 1 errors in context 1 of 3: ==27164== Invalid read of size 1 ==27164== at 0x4BA541B: g_utf8_get_char (gutf8.c:285) ==27164== by 0x4A17F0B: process_item (pango-layout.c:3240) ==27164== by 0x4A1A005: pango_layout_check_lines (pango-layout.c:3526) ==27164== by 0x4A1B2B3: pango_layout_get_extents_internal (pango-layout.c:2431) ==27164== by 0x4539807: gtk_label_size_request (gtklabel.c:3184) ==27164== by 0x4AFC437: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==27164== by 0x4AED8B8: g_type_class_meta_marshal (gclosure.c:878) ==27164== by 0x4AEF177: g_closure_invoke (gclosure.c:767) ==27164== by 0x4B03239: signal_emit_unlocked_R (gsignal.c:3178) ==27164== by 0x4B04DB3: g_signal_emit_valist (gsignal.c:2981) ==27164== by 0x4B05084: g_signal_emit_by_name (gsignal.c:3075) ==27164== by 0x45BBDD5: do_size_request (gtksizegroup.c:628) ==27164== by 0x45BC0A6: _gtk_size_group_compute_requisition (gtksizegroup.c:828) ==27164== by 0x467B56E: gtk_widget_size_request (gtkwidget.c:3886) ==27164== by 0x4484557: gtk_box_size_request (gtkbox.c:280) ==27164== by 0x4AFC437: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==27164== by 0x4AED8B8: g_type_class_meta_marshal (gclosure.c:878) ==27164== by 0x4AEF177: g_closure_invoke (gclosure.c:767) ==27164== by 0x4B03239: signal_emit_unlocked_R (gsignal.c:3178) ==27164== by 0x4B04DB3: g_signal_emit_valist (gsignal.c:2981) ==27164== by 0x4B05084: g_signal_emit_by_name (gsignal.c:3075) ==27164== by 0x45BBDD5: do_size_request (gtksizegroup.c:628) ==27164== by 0x45BC0A6: _gtk_size_group_compute_requisition (gtksizegroup.c:828) ==27164== by 0x467B56E: gtk_widget_size_request (gtkwidget.c:3886) ==27164== by 0x4484557: gtk_box_size_request (gtkbox.c:280) ==27164== by 0x4AFC437: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==27164== by 0x4AED8B8: g_type_class_meta_marshal (gclosure.c:878) ==27164== by 0x4AEF177: g_closure_invoke (gclosure.c:767) ==27164== by 0x4B03239: signal_emit_unlocked_R (gsignal.c:3178) ==27164== by 0x4B04DB3: g_signal_emit_valist (gsignal.c:2981) ==27164== by 0x4B05084: g_signal_emit_by_name (gsignal.c:3075) ==27164== by 0x45BBDD5: do_size_request (gtksizegroup.c:628) ==27164== by 0x45BC0A6: _gtk_size_group_compute_requisition (gtksizegroup.c:828) ==27164== by 0x467B56E: gtk_widget_size_request (gtkwidget.c:3886) ==27164== by 0x4684B91: gtk_window_size_request (gtkwindow.c:4953) ==27164== by 0x4AFC437: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==27164== by 0x4AED8B8: g_type_class_meta_marshal (gclosure.c:878) ==27164== by 0x4AEF251: g_closure_invoke (gclosure.c:767) ==27164== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==27164== ==27164== ==27164== 1 errors in context 2 of 3: ==27164== Invalid read of size 4 ==27164== at 0x4A17EFF: process_item (pango-layout.c:3240) ==27164== by 0x4A1A005: pango_layout_check_lines (pango-layout.c:3526) ==27164== by 0x4A1B2B3: pango_layout_get_extents_internal (pango-layout.c:2431) ==27164== by 0x4539807: gtk_label_size_request (gtklabel.c:3184) ==27164== by 0x4AFC437: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==27164== by 0x4AED8B8: g_type_class_meta_marshal (gclosure.c:878) ==27164== by 0x4AEF177: g_closure_invoke (gclosure.c:767) ==27164== by 0x4B03239: signal_emit_unlocked_R (gsignal.c:3178) ==27164== by 0x4B04DB3: g_signal_emit_valist (gsignal.c:2981) ==27164== by 0x4B05084: g_signal_emit_by_name (gsignal.c:3075) ==27164== by 0x45BBDD5: do_size_request (gtksizegroup.c:628) ==27164== by 0x45BC0A6: _gtk_size_group_compute_requisition (gtksizegroup.c:828) ==27164== by 0x467B56E: gtk_widget_size_request (gtkwidget.c:3886) ==27164== by 0x4484557: gtk_box_size_request (gtkbox.c:280) ==27164== by 0x4AFC437: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==27164== by 0x4AED8B8: g_type_class_meta_marshal (gclosure.c:878) ==27164== by 0x4AEF177: g_closure_invoke (gclosure.c:767) ==27164== by 0x4B03239: signal_emit_unlocked_R (gsignal.c:3178) ==27164== by 0x4B04DB3: g_signal_emit_valist (gsignal.c:2981) ==27164== by 0x4B05084: g_signal_emit_by_name (gsignal.c:3075) ==27164== by 0x45BBDD5: do_size_request (gtksizegroup.c:628) ==27164== by 0x45BC0A6: _gtk_size_group_compute_requisition (gtksizegroup.c:828) ==27164== by 0x467B56E: gtk_widget_size_request (gtkwidget.c:3886) ==27164== by 0x4484557: gtk_box_size_request (gtkbox.c:280) ==27164== by 0x4AFC437: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==27164== by 0x4AED8B8: g_type_class_meta_marshal (gclosure.c:878) ==27164== by 0x4AEF177: g_closure_invoke (gclosure.c:767) ==27164== by 0x4B03239: signal_emit_unlocked_R (gsignal.c:3178) ==27164== by 0x4B04DB3: g_signal_emit_valist (gsignal.c:2981) ==27164== by 0x4B05084: g_signal_emit_by_name (gsignal.c:3075) ==27164== by 0x45BBDD5: do_size_request (gtksizegroup.c:628) ==27164== by 0x45BC0A6: _gtk_size_group_compute_requisition (gtksizegroup.c:828) ==27164== by 0x467B56E: gtk_widget_size_request (gtkwidget.c:3886) ==27164== by 0x4684B91: gtk_window_size_request (gtkwindow.c:4953) ==27164== by 0x4AFC437: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==27164== by 0x4AED8B8: g_type_class_meta_marshal (gclosure.c:878) ==27164== by 0x4AEF251: g_closure_invoke (gclosure.c:767) ==27164== by 0x4B03239: signal_emit_unlocked_R (gsignal.c:3178) ==27164== Address 0x6a70c7c is 28 bytes inside a block of size 124 free'd ==27164== at 0x4024B3A: free (vg_replace_malloc.c:366) ==27164== by 0x4B7CFB5: g_free (gmem.c:191) ==27164== by 0x4B10E72: g_type_free_instance (gtype.c:1928) ==27164== by 0x4531127: gtk_label_clear_layout (gtklabel.c:2908) ==27164== by 0x4531C7A: gtk_label_recalculate (gtklabel.c:1893) ==27164== by 0x4534630: gtk_label_set_markup (gtklabel.c:2422) ==27164== by 0x8065761: file_transfer_dialog_set_prop (file-transfer-dialog.c:147) ==27164== by 0x4AF40BB: g_object_set_valist (gobject.c:973) ==27164== by 0x4AF46E5: g_object_set (gobject.c:1594) ==27164== by 0x8064716: file_transfer_job_update (file-transfer-dialog.c:374) ==27164== by 0x8064DAE: file_transfer_job_progress (file-transfer-dialog.c:394) ==27164== by 0x49894E5: g_file_copy (gfile.c:2838) ==27164== by 0x8064963: file_transfer_job_schedule (file-transfer-dialog.c:505) ==27164== by 0x499EDAB: io_job_thread (gioscheduler.c:182) ==27164== by 0x4BA0CEB: g_thread_pool_thread_proxy (gthreadpool.c:315) ==27164== by 0x4B9EDCE: g_thread_create_proxy (gthread.c:1893) ==27164== by 0x423196D: start_thread (pthread_create.c:300) ==27164== by 0x4CF69DD: clone (clone.S:130) ==27164== ==27164== ==27164== 1 errors in context 3 of 3: ==27164== Invalid read of size 1 ==27164== at 0x4A17EF6: process_item (pango-layout.c:3239) ==27164== by 0x4A1A005: pango_layout_check_lines (pango-layout.c:3526) ==27164== by 0x4A1B2B3: pango_layout_get_extents_internal (pango-layout.c:2431) ==27164== by 0x4539807: gtk_label_size_request (gtklabel.c:3184) ==27164== by 0x4AFC437: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==27164== by 0x4AED8B8: g_type_class_meta_marshal (gclosure.c:878) ==27164== by 0x4AEF177: g_closure_invoke (gclosure.c:767) ==27164== by 0x4B03239: signal_emit_unlocked_R (gsignal.c:3178) ==27164== by 0x4B04DB3: g_signal_emit_valist (gsignal.c:2981) ==27164== by 0x4B05084: g_signal_emit_by_name (gsignal.c:3075) ==27164== by 0x45BBDD5: do_size_request (gtksizegroup.c:628) ==27164== by 0x45BC0A6: _gtk_size_group_compute_requisition (gtksizegroup.c:828) ==27164== by 0x467B56E: gtk_widget_size_request (gtkwidget.c:3886) ==27164== by 0x4484557: gtk_box_size_request (gtkbox.c:280) ==27164== by 0x4AFC437: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==27164== by 0x4AED8B8: g_type_class_meta_marshal (gclosure.c:878) ==27164== by 0x4AEF177: g_closure_invoke (gclosure.c:767) ==27164== by 0x4B03239: signal_emit_unlocked_R (gsignal.c:3178) ==27164== by 0x4B04DB3: g_signal_emit_valist (gsignal.c:2981) ==27164== by 0x4B05084: g_signal_emit_by_name (gsignal.c:3075) ==27164== by 0x45BBDD5: do_size_request (gtksizegroup.c:628) ==27164== by 0x45BC0A6: _gtk_size_group_compute_requisition (gtksizegroup.c:828) ==27164== by 0x467B56E: gtk_widget_size_request (gtkwidget.c:3886) ==27164== by 0x4484557: gtk_box_size_request (gtkbox.c:280) ==27164== by 0x4AFC437: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==27164== by 0x4AED8B8: g_type_class_meta_marshal (gclosure.c:878) ==27164== by 0x4AEF177: g_closure_invoke (gclosure.c:767) ==27164== by 0x4B03239: signal_emit_unlocked_R (gsignal.c:3178) ==27164== by 0x4B04DB3: g_signal_emit_valist (gsignal.c:2981) ==27164== by 0x4B05084: g_signal_emit_by_name (gsignal.c:3075) ==27164== by 0x45BBDD5: do_size_request (gtksizegroup.c:628) ==27164== by 0x45BC0A6: _gtk_size_group_compute_requisition (gtksizegroup.c:828) ==27164== by 0x467B56E: gtk_widget_size_request (gtkwidget.c:3886) ==27164== by 0x4684B91: gtk_window_size_request (gtkwindow.c:4953) ==27164== by 0x4AFC437: g_cclosure_marshal_VOID__BOXED (gmarshal.c:566) ==27164== by 0x4AED8B8: g_type_class_meta_marshal (gclosure.c:878) ==27164== by 0x4AEF251: g_closure_invoke (gclosure.c:767) ==27164== by 0x4B03239: signal_emit_unlocked_R (gsignal.c:3178) ==27164== Address 0x6a70c9c is 60 bytes inside a block of size 124 free'd ==27164== at 0x4024B3A: free (vg_replace_malloc.c:366) ==27164== by 0x4B7CFB5: g_free (gmem.c:191) ==27164== by 0x4B10E72: g_type_free_instance (gtype.c:1928) ==27164== by 0x4531127: gtk_label_clear_layout (gtklabel.c:2908) ==27164== by 0x4531C7A: gtk_label_recalculate (gtklabel.c:1893) ==27164== by 0x4534630: gtk_label_set_markup (gtklabel.c:2422) ==27164== by 0x8065761: file_transfer_dialog_set_prop (file-transfer-dialog.c:147) ==27164== by 0x4AF40BB: g_object_set_valist (gobject.c:973) ==27164== by 0x4AF46E5: g_object_set (gobject.c:1594) ==27164== by 0x8064716: file_transfer_job_update (file-transfer-dialog.c:374) ==27164== by 0x8064DAE: file_transfer_job_progress (file-transfer-dialog.c:394) ==27164== by 0x49894E5: g_file_copy (gfile.c:2838) ==27164== by 0x8064963: file_transfer_job_schedule (file-transfer-dialog.c:505) ==27164== by 0x499EDAB: io_job_thread (gioscheduler.c:182) ==27164== by 0x4BA0CEB: g_thread_pool_thread_proxy (gthreadpool.c:315) ==27164== by 0x4B9EDCE: g_thread_create_proxy (gthread.c:1893) ==27164== by 0x423196D: start_thread (pthread_create.c:300) ==27164== by 0x4CF69DD: clone (clone.S:130)" The issue has collected quite some duplicates over cycles
the line 147 in this version is "gtk_label_set_markup (GTK_LABEL (dlg->priv->status), str2);"
Looks like even with gdk threads now being turned on, there is a lack of locking around GTK+ calls in many places.
There does seem to be. I've been looking at this today and found quite a few places where there is a lack of locking, and I feel like I could probably spend a lot of time doing it too. Matthias - do you think it would make more sense just to move the progress dialog updates from the IO thread to the main thread and disable gdk threads again? I can do that if you think it's the better way to go (I think it would probably be less hassle, unless you see another problem with this)
Created attachment 159346 [details] [review] appearance-locking Here is what I ended up with after just looking at the theme tab. I started looking at the background tab and saw there are some GConf notify callbacks doing GTK calls outside of the lock, but I haven't finished going through all the code yet though.
gnome-appearance-properties does not exist in GNOME 3 any more, and those bugs are thus obsolete. Theme tweaking feature requests should go to gnome-tweak-tool (in GNOME Bugzilla).