GNOME Bugzilla – Bug 671173
Don't segfault when queueing a redraw from a ::queue-redraw handler
Last modified: 2021-06-10 11:33:49 UTC
See the patch - I hope it's clear enough how it happens (and indeed it happened to me a few times with gnome-shell, despite seeming the edge of an edge case)
Created attachment 208825 [details] [review] ClutterActor: clear redraw entry before emitting signals If the redraw entry is not cleared, queueing a redraw from a signal handler could reinsert the same object in the stage redraw list, causing the segfault later (as the object is immediately freed)
Review of attachment 208825 [details] [review]: looks okay to me.
Attachment 208825 [details] pushed as 018ede2 - ClutterActor: clear redraw entry before emitting signals
I got the same crash despite the patch, reopening...
Created attachment 208851 [details] gnome-shell stack trace Attaching stack trace, in case someone has a better clue of the cause...
In fact, the patch only addressed queueing a redraw for the same actor that emitted ::queue-redraw. If you queue_redraw() on another actor that is already on the list, and not yet processed (and thus has still has a redraw entry), you still end up placing the same object on the list. But before I start coding a fix (which would involve refcounting the entry structure)... does what I'm saying make any sense to you, clutter devs?
I'm not entirely sure we want to unconditionally allow queueing redraws on actors already marked as dirty - including their children. if a child of an actor queues a redraw, and the request bubbles up to an actor already marked for redraw, we should just bail out - given the assumption that an actor that is marked to be redrawn will have to redraw its children as well.
this may or may not be further complicated by the presence of effects on the actor.
(In reply to comment #7) > I'm not entirely sure we want to unconditionally allow queueing redraws on > actors already marked as dirty - including their children. > > if a child of an actor queues a redraw, and the request bubbles up to an actor > already marked for redraw, we should just bail out - given the assumption that > an actor that is marked to be redrawn will have to redraw its children as well. Well, from a deeper reading of the code turns out that it already does so: _clutter_stage_queue_actor_redraw does not add the actor to the pending_queue_redraws list if it already has a redraw entry. Bah...
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version of clutter, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a ticket at https://gitlab.gnome.org/GNOME/clutter/-/issues/ Thank you for your understanding and your help.