After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 726452 - Crash due to reference count mismatch in accessible cell relation
Crash due to reference count mismatch in accessible cell relation
Status: RESOLVED DUPLICATE of bug 726838
Product: gtk+
Classification: Platform
Component: Accessibility
3.11.x
Other All
: Normal normal
: ---
Assigned To: gtk-bugs
gtk-bugs
Depends on:
Blocks:
 
 
Reported: 2014-03-16 13:01 UTC by LRN
Modified: 2014-03-24 16:02 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description LRN 2014-03-16 13:01:53 UTC 
gtk_cell_accessible_object_finalize() will go through all targets of a relation and will unref all targets that are accessible cells.

I have not been able to find a place where these are reffed.


It is possible to offset that by reffing in create_cell() the node that would later be unreffed by gtk_cell_accessible_object_finalize(). Weird thing is, reffing _either_ parent_node _or_ cell seems to work, no matter which one is being reffed. I'm not sure why.

Example backtrace of a crash (this is from hexchat):

Program received signal SIGSEGV, Segmentation fault.
g_type_check_instance_cast (type_instance=0x4f69280, iface_type=3665688) at gtype.c:4002
4002              node = lookup_type_node_I (type_instance->g_class->g_type);
(gdb) bt

+ Trace 233346

  • #0 g_type_check_instance_cast
    at gtype.c line 4002
  • #1 cell_info_free
    at ../../../gtk+-3.11.8/gtk/a11y/gtktreeviewaccessible.c line 106
  • #2 g_hash_table_remove_node
    at ghash.c line 451
  • #3 iter_remove_or_steal
    at ghash.c line 790
  • #4 g_hash_table_iter_remove
    at ghash.c line 817
  • #5 gtk_tree_view_accessible_do_remove_column
    at ../../../gtk+-3.11.8/gtk/a11y/gtktreeviewaccessible.c line 1758
  • #6 _gtk_tree_view_accessible_remove_column
    at ../../../gtk+-3.11.8/gtk/a11y/gtktreeviewaccessible.c line 1790
  • #7 gtk_tree_view_remove_column
    at ../../gtk+-3.11.8/gtk/gtktreeview.c line 11980
  • #8 gtk_tree_view_destroy
    at ../../gtk+-3.11.8/gtk/gtktreeview.c line 2053
  • #9 g_closure_invoke
    at gclosure.c line 768
  • #10 signal_emit_unlocked_R
    at gsignal.c line 3667
  • #11 g_signal_emit_valist
    at gsignal.c line 3307
  • #12 g_signal_emit
    at gsignal.c line 3363
  • #13 gtk_widget_dispose
    at ../../gtk+-3.11.8/gtk/gtkwidget.c line 11353
  • #14 g_object_run_dispose
    at gobject.c line 1073
  • #15 gtk_frame_forall
    at ../../gtk+-3.11.8/gtk/gtkframe.c line 369
  • #16 gtk_container_foreach
    at ../../gtk+-3.11.8/gtk/gtkcontainer.c line 2174
  • #17 gtk_container_destroy
    at ../../gtk+-3.11.8/gtk/gtkcontainer.c line 1409
  • #18 g_closure_invoke
    at gclosure.c line 768
  • #19 signal_emit_unlocked_R
    at gsignal.c line 3667
  • #20 g_signal_emit_valist
    at gsignal.c line 3307
  • #21 g_signal_emit
    at gsignal.c line 3363
  • #22 gtk_widget_dispose
    at ../../gtk+-3.11.8/gtk/gtkwidget.c line 11353
  • #23 g_object_run_dispose
    at gobject.c line 1073
  • #24 gtk_box_forall
    at ../../gtk+-3.11.8/gtk/gtkbox.c line 2541
  • #25 gtk_container_foreach
    at ../../gtk+-3.11.8/gtk/gtkcontainer.c line 2174
  • #26 gtk_container_destroy
    at ../../gtk+-3.11.8/gtk/gtkcontainer.c line 1409
  • #27 g_closure_invoke
    at gclosure.c line 768
  • #28 signal_emit_unlocked_R
    at gsignal.c line 3667
  • #29 g_signal_emit_valist
    at gsignal.c line 3307
  • #30 g_signal_emit
    at gsignal.c line 3363
  • #31 gtk_widget_dispose
    at ../../gtk+-3.11.8/gtk/gtkwidget.c line 11353
  • #32 g_object_run_dispose
    at gobject.c line 1073
  • #33 gtk_box_forall
    at ../../gtk+-3.11.8/gtk/gtkbox.c line 2541
  • #34 gtk_container_foreach
    at ../../gtk+-3.11.8/gtk/gtkcontainer.c line 2174
  • #35 gtk_container_destroy
    at ../../gtk+-3.11.8/gtk/gtkcontainer.c line 1409
  • #36 g_closure_invoke
    at gclosure.c line 768
  • #37 signal_emit_unlocked_R
    at gsignal.c line 3667
  • #38 g_signal_emit_valist
    at gsignal.c line 3307
  • #39 g_signal_emit
    at gsignal.c line 3363
  • #40 gtk_widget_dispose
    at ../../gtk+-3.11.8/gtk/gtkwidget.c line 11353
  • #41 g_object_run_dispose
    at gobject.c line 1073
  • #42 gtk_window_forall
    at ../../gtk+-3.11.8/gtk/gtkwindow.c line 8093
  • #43 gtk_container_foreach
    at ../../gtk+-3.11.8/gtk/gtkcontainer.c line 2174
  • #44 gtk_container_destroy
    at ../../gtk+-3.11.8/gtk/gtkcontainer.c line 1409
  • #45 g_closure_invoke
    at gclosure.c line 768
  • #46 signal_emit_unlocked_R
    at gsignal.c line 3667
  • #47 g_signal_emit_valist
    at gsignal.c line 3307
  • #48 g_signal_emit
    at gsignal.c line 3363
  • #49 gtk_widget_dispose
    at ../../gtk+-3.11.8/gtk/gtkwidget.c line 11353
  • #50 gtk_window_dispose
    at ../../gtk+-3.11.8/gtk/gtkwindow.c line 2679
  • #51 g_object_run_dispose
    at gobject.c line 1073
  • #52 setup_ok_cb
    at ../../../hexchat-hexchat-59e555c/src/fe-gtk/setup.c line 2237
  • #53 _g_closure_invoke_va
    at gclosure.c line 831
  • #54 g_signal_emit_valist
    at gsignal.c line 3215
  • #55 g_signal_emit
    at gsignal.c line 3363
  • #56 gtk_button_clicked
    at ../../gtk+-3.11.8/gtk/gtkbutton.c line 1434
  • #57 gtk_button_do_release
    at ../../gtk+-3.11.8/gtk/gtkbutton.c line 1987
  • #58 gtk_real_button_released
    at ../../gtk+-3.11.8/gtk/gtkbutton.c line 2105
  • #59 _g_closure_invoke_va
    at gclosure.c line 831
  • #60 g_signal_emit_valist
    at gsignal.c line 3215
  • #61 g_signal_emit
    at gsignal.c line 3363
  • #62 gtk_button_button_release
    at ../../gtk+-3.11.8/gtk/gtkbutton.c line 1942
  • #63 _gtk_marshal_BOOLEAN__BOXEDv
    at ../../gtk+-3.11.8/gtk/gtkmarshalers.c line 130
  • #64 _g_closure_invoke_va
    at gclosure.c line 831
  • #65 g_signal_emit_valist
    at gsignal.c line 3215
  • #66 g_signal_emit
    at gsignal.c line 3363
  • #67 gtk_widget_event_internal
    at ../../gtk+-3.11.8/gtk/gtkwidget.c line 7227
  • #68 propagate_event_up
    at ../../gtk+-3.11.8/gtk/gtkmain.c line 2416
  • #69 propagate_event
    at ../../gtk+-3.11.8/gtk/gtkmain.c line 2524
  • #70 gtk_main_do_event
    at ../../gtk+-3.11.8/gtk/gtkmain.c line 1735
  • #71 _gdk_event_emit
    at ../../gtk+-3.11.8/gdk/gdkevents.c line 69
  • #72 gdk_event_dispatch
    at ../../../gtk+-3.11.8/gdk/win32/gdkevents-win32.c line 3377
  • #73 g_main_dispatch
    at gmain.c line 3066
  • #74 g_main_context_dispatch
    at gmain.c line 3641
  • #75 g_main_context_iterate
    at gmain.c line 3712
  • #76 g_main_loop_run
    at gmain.c line 3906
  • #77 gtk_main
    at ../../gtk+-3.11.8/gtk/gtkmain.c line 1192
  • #78 fe_main
    at ../../../hexchat-hexchat-59e555c/src/fe-gtk/fe-gtk.c line 310
  • #79 main
    at ../../../hexchat-hexchat-59e555c/src/common/hexchat.c line 1144 






Comment 1


Benjamin Otte (Company)





          2014-03-24 16:02:35 UTC
        




*** This bug has been marked as a duplicate of bug 726838 ***