After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 698047 - Evince crashes in Gtk code when clicking on a bookmarks
Evince crashes in Gtk code when clicking on a bookmarks
Status: RESOLVED OBSOLETE
Product: gtk+
Classification: Platform
Component: Backend: X11
3.8.x
Other Linux
: Normal normal
: ---
Assigned To: gtk-bugs
gtk-bugs
Depends on:
Blocks:
 
 
Reported: 2013-04-15 09:42 UTC by Dmitry Shachnev
Modified: 2014-12-09 04:37 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Dmitry Shachnev 2013-04-15 09:42:35 UTC 
While trying to click on a bookmark in a PDF file in Evince, I get this crash:

+ Trace 231792

  • #0 magazine_chain_pop_head
    at /tmp/buildd/glib2.0-2.36.0/./glib/gslice.c line 532
  • #1 thread_memory_magazine1_alloc
    at /tmp/buildd/glib2.0-2.36.0/./glib/gslice.c line 835
  • #2 g_slice_alloc
    at /tmp/buildd/glib2.0-2.36.0/./glib/gslice.c line 994
  • #3 g_list_copy_deep
    at /tmp/buildd/glib2.0-2.36.0/./glib/glist.c line 636
  • #4 g_list_copy
    at /tmp/buildd/glib2.0-2.36.0/./glib/glist.c line 585
  • #5 _gdk_window_process_updates_recurse
    at /tmp/buildd/gtk+3.0-3.8.0/./gdk/gdkwindow.c line 4024
  • #6 _gdk_window_process_updates_recurse
    at /tmp/buildd/gtk+3.0-3.8.0/./gdk/gdkwindow.c line 4044
  • #7 gdk_x11_window_process_updates_recurse
    at /tmp/buildd/gtk+3.0-3.8.0/./gdk/x11/gdkwindow-x11.c line 5203
  • #8 gdk_window_process_updates_internal
    at /tmp/buildd/gtk+3.0-3.8.0/./gdk/gdkwindow.c line 4187
  • #9 gdk_window_process_updates_with_mode
    at /tmp/buildd/gtk+3.0-3.8.0/./gdk/gdkwindow.c line 4367
  • #10 gdk_window_process_updates_with_mode
    at /tmp/buildd/gtk+3.0-3.8.0/./gdk/gdkwindow.c line 4344
  • #11 g_cclosure_marshal_VOID__VOIDv
    at /tmp/buildd/glib2.0-2.36.0/./gobject/gmarshal.c line 115
  • #12 _g_closure_invoke_va
    at /tmp/buildd/glib2.0-2.36.0/./gobject/gclosure.c line 840
  • #13 g_signal_emit_valist
    at /tmp/buildd/glib2.0-2.36.0/./gobject/gsignal.c line 3234
  • #14 g_signal_emit_by_name
    at /tmp/buildd/glib2.0-2.36.0/./gobject/gsignal.c line 3424
  • #15 gdk_frame_clock_paint_idle
    at /tmp/buildd/gtk+3.0-3.8.0/./gdk/gdkframeclockidle.c line 419
  • #16 gdk_threads_dispatch
    at /tmp/buildd/gtk+3.0-3.8.0/./gdk/gdk.c line 788
  • #17 g_timeout_dispatch
    at /tmp/buildd/glib2.0-2.36.0/./glib/gmain.c line 4413
  • #18 g_main_dispatch
    at /tmp/buildd/glib2.0-2.36.0/./glib/gmain.c line 3054
  • #19 g_main_context_dispatch
    at /tmp/buildd/glib2.0-2.36.0/./glib/gmain.c line 3630
  • #20 g_main_context_iterate
    at /tmp/buildd/glib2.0-2.36.0/./glib/gmain.c line 3701
  • #21 g_main_context_iteration
    at /tmp/buildd/glib2.0-2.36.0/./glib/gmain.c line 3762
  • #22 g_application_run
    at /tmp/buildd/glib2.0-2.36.0/./gio/gapplication.c line 1623
  • #23 main
    at /tmp/buildd/evince-3.8.0/./shell/main.c line 332 

Software versions:
- Gtk+ 3.8.0
- GLib 2.36.0
- Evince 3.8.0
- Debian GNU/Linux
Comment 1 Dmitry Shachnev 2013-04-15 09:45:34 UTC 
While trying to reproduce this, I got a different crash when I was performing the same action (this time in Evince code) — reported as bug 698048.
Comment 2 Christian Persch 2013-04-15 15:55:32 UTC 
Crashes under g_slice_* are usually caused by earlier memory corruption; can you run evince under valgrind to see if there's anything? See https://live.gnome.org/Valgrind for details.
Comment 3 Dmitry Shachnev 2013-04-16 13:53:37 UTC 
Here it is:

==10955== Invalid read of size 4
==10955==    at 0x50C6FF9: recompute_visible_regions_internal (gdkwindow.c:973)
==10955==    by 0x50C70F6: recompute_visible_regions_internal (gdkwindow.c:1122)
==10955==    by 0x50C7467: recompute_visible_regions (gdkwindow.c:1162)
==10955==    by 0x50CD7B1: gdk_window_hide (gdkwindow.c:5807)
==10955==    by 0x4E9A9A4: update_grip_visibility (gtkwindow.c:5799)
==10955==    by 0x4E9B66A: _gtk_window_set_allocation (gtkwindow.c:5538)
==10955==  Address 0x7802d10 is not stack'd, malloc'd or (recently) free'd
==10955== 
==10955== Invalid read of size 4
==10955==    at 0x50C7007: recompute_visible_regions_internal (gdkwindow.c:976)
==10955==    by 0x50C70F6: recompute_visible_regions_internal (gdkwindow.c:1122)
==10955==    by 0x50C7467: recompute_visible_regions (gdkwindow.c:1162)
==10955==    by 0x50CD7B1: gdk_window_hide (gdkwindow.c:5807)
==10955==    by 0x4E9A9A4: update_grip_visibility (gtkwindow.c:5799)
==10955==    by 0x4E9B66A: _gtk_window_set_allocation (gtkwindow.c:5538)
==10955==  Address 0x7802d04 is 12 bytes after a block of size 248 alloc'd
==10955==    at 0x4826464: memalign (vg_replace_malloc.c:727)
==10955==    by 0x482657E: posix_memalign (vg_replace_malloc.c:876)
==10955==    by 0x552A5F0: slab_allocator_alloc_chunk (gslice.c:1381)
==10955==    by 0x5579BEE: g_slice_alloc (gslice.c:724)
==10955==    by 0x5559129: g_list_copy_deep (glist.c:636)
==10955==    by 0x55591AA: g_list_copy (glist.c:585)
==10955==    by 0x50CFBBA: _gdk_window_process_updates_recurse (gdkwindow.c:4024)
==10955==    by 0x50F0BF2: gdk_x11_window_process_updates_recurse (gdkwindow-x11.c:5203)
==10955==    by 0x50CB048: gdk_window_process_updates_internal (gdkwindow.c:4187)
==10955==    by 0x50CB2AF: gdk_window_process_updates_with_mode (gdkwindow.c:4367)
==10955==    by 0x50CB259: gdk_window_process_updates_with_mode (gdkwindow.c:4388)
==10955==    by 0x54D22A6: g_cclosure_marshal_VOID__VOIDv (gmarshal.c:115)

Full log: http://paste.debian.net/249919/
Comment 4 Dmitry Shachnev 2013-04-16 13:56:32 UTC 
In the full log, there are some invalid *writes* as well, I just pasted the top two errors.
Comment 5 Matthias Clasen 2014-12-09 04:37:44 UTC 
==10955==    by 0x4E9A9A4: update_grip_visibility (gtkwindow.c:5799)

this code no longer exists