GNOME Bugzilla – Bug 626092
Crash on exit unhibiting the screensaver
Last modified: 2010-08-05 09:58:26 UTC
With the tip of gnome-2-32 glib2-2.25.11-1.fc14.x86_64 1. Open Totem 2. Play a file (it should inhibit the screensaver) 3. Exit whilst playing ==28612== Thread 1: ==28612== Invalid read of size 8 ==28612== at 0x3838431821: g_type_check_instance_cast (in /lib64/libgobject-2.0.so.0.2511.0) ==28612== by 0x176E354E: on_uninhibit_cb (totem-scrsaver.c:136) ==28612== by 0x3839CA4F6B: ??? (in /lib64/libgio-2.0.so.0.2511.0) ==28612== by 0x3839C9B991: ??? (in /lib64/libgio-2.0.so.0.2511.0) ==28612== by 0x3839C6386B: ??? (in /lib64/libgio-2.0.so.0.2511.0) ==28612== by 0x383783E812: g_main_context_dispatch (in /lib64/libglib-2.0.so.0.2511.0) ==28612== by 0x383783EFEF: ??? (in /lib64/libglib-2.0.so.0.2511.0) ==28612== by 0x383783F661: g_main_loop_run (in /lib64/libglib-2.0.so.0.2511.0) ==28612== by 0x384BC37B4A: gst_bus_poll (in /usr/lib64/libgstreamer-0.10.so.0.26.0) ==28612== by 0x44373B: bvw_stop_play_pipeline (bacon-video-widget-gst-0.10.c:4092) ==28612== by 0x449C17: bacon_video_widget_close (bacon-video-widget-gst-0.10.c:4166) ==28612== by 0x42794D: totem_action_exit (totem-object.c:942) ==28612== Address 0xb3345f0 is 0 bytes inside a block of size 112 free'd ==28612== at 0x4A04D72: free (vg_replace_malloc.c:325) ==28612== by 0x383842FED2: g_type_free_instance (in /lib64/libgobject-2.0.so.0.2511.0) ==28612== by 0x176E310C: totem_screensaver_plugin_finalize (totem-screensaver.c:103) ==28612== by 0x383840E853: g_object_unref (in /lib64/libgobject-2.0.so.0.2511.0) ==28612== by 0x4552EC: totem_plugin_info_free (totem-plugins-engine.c:415) ==28612== by 0x383782DDDD: ??? (in /lib64/libglib-2.0.so.0.2511.0) ==28612== by 0x383782E6CC: g_hash_table_remove_all (in /lib64/libglib-2.0.so.0.2511.0) ==28612== by 0x383782E764: g_hash_table_destroy (in /lib64/libglib-2.0.so.0.2511.0) ==28612== by 0x4553D1: totem_plugins_engine_shutdown (totem-plugins-engine.c:445) ==28612== by 0x427920: totem_action_exit (totem-object.c:934) ==28612== by 0x4288F5: totem_action_handle_key_press.clone.2 (totem-object.c:3589) ==28612== by 0x428CF7: window_key_press_event_cb (totem-object.c:3843) ==28612== ==28612== Invalid read of size 8 ==28612== at 0x383843182D: g_type_check_instance_cast (in /lib64/libgobject-2.0.so.0.2511.0) ==28612== by 0x176E354E: on_uninhibit_cb (totem-scrsaver.c:136) ==28612== by 0x3839CA4F6B: ??? (in /lib64/libgio-2.0.so.0.2511.0) ==28612== by 0x3839C9B991: ??? (in /lib64/libgio-2.0.so.0.2511.0) ==28612== by 0x3839C6386B: ??? (in /lib64/libgio-2.0.so.0.2511.0) ==28612== by 0x383783E812: g_main_context_dispatch (in /lib64/libglib-2.0.so.0.2511.0) ==28612== by 0x383783EFEF: ??? (in /lib64/libglib-2.0.so.0.2511.0) ==28612== by 0x383783F661: g_main_loop_run (in /lib64/libglib-2.0.so.0.2511.0) ==28612== by 0x384BC37B4A: gst_bus_poll (in /usr/lib64/libgstreamer-0.10.so.0.26.0) ==28612== by 0x44373B: bvw_stop_play_pipeline (bacon-video-widget-gst-0.10.c:4092) ==28612== by 0x449C17: bacon_video_widget_close (bacon-video-widget-gst-0.10.c:4166) ==28612== by 0x42794D: totem_action_exit (totem-object.c:942) ==28612== Address 0xaaaaaaaaaaaaaaaa is not stack'd, malloc'd or (recently) free'd
Created attachment 167172 [details] [review] Ref TotemScreensaver so it's still valid in the cb Especially on exit, we need to keep our own reference of the screensaver object, or it might disappear by the time we receive the callback from GDBus.
Pushed to gnome-2-32 and master. Christian, let me know if you can think of anything wrong with this approach.