After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 755942 - Gtk::Assistant segfault during destruction of derived class object
Gtk::Assistant segfault during destruction of derived class object
Status: RESOLVED FIXED
Product: gtkmm
Classification: Bindings
Component: general
3.18.x
Other Mac OS
: Normal major
: ---
Assigned To: gtkmm-forge
gtkmm-forge
Depends on: 756042
Blocks:
 
 
Reported: 2015-10-01 13:48 UTC by Tom Schoonjans
Modified: 2015-10-05 16:50 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Tom Schoonjans 2015-10-01 13:48:37 UTC 
I noticed in my Gtkmm based project that my assistant crashes the program when the object is being destroyed.

This assistant is an instance of a class that derives from Gtk::Assistant and my class description contains the assistant pages as member variables.

What appears to happen is that the destructor of my assistant tries to destroy the pages twice: once when the destructor of my class is run and once during destruction of Gtk::Assistant.

I have managed to get around this problem through using Gtk::manage'd pointers to pages that are allocated during construction of my assistant but this should really be fixed as it will break a lot of existing code.

In fact even the assistant example in gtkmm-documentation (https://git.gnome.org/browse/gtkmm-documentation/tree/examples/book/assistant) appears to suffer from the same bug :-(

This is new in 3.18.0 as I did not encounter this bug in earlier releases.
Comment 1 Tom Schoonjans 2015-10-01 14:04:17 UTC 
This is the output from lldb:

* thread #1: tid = 0x289826e, 0x00000001007671a2 libgtk-3.0.dylib`assistant_remove_page_cb + 79, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x00000001007671a2 libgtk-3.0.dylib`assistant_remove_page_cb + 79
libgtk-3.0.dylib`assistant_remove_page_cb:
->  0x1007671a2 <+79>: movq   (%rax), %r13
    0x1007671a5 <+82>: movq   %rax, %rdi
    0x1007671a8 <+85>: callq  0x10094eaa6               ; symbol stub for: g_list_free
    0x1007671ad <+90>: movq   0x38(%r14), %rcx
(lldb) bt
* thread #1: tid = 0x289826e, 0x00000001007671a2 libgtk-3.0.dylib`assistant_remove_page_cb + 79, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x00000001007671a2 libgtk-3.0.dylib`assistant_remove_page_cb + 79
    frame #1: 0x000000010105a4dd libgobject-2.0.0.dylib`g_closure_invoke + 267
    frame #2: 0x000000010106f3b4 libgobject-2.0.0.dylib`signal_emit_unlocked_R + 1773
    frame #3: 0x000000010106fff2 libgobject-2.0.0.dylib`g_signal_emit_valist + 1855
    frame #4: 0x0000000101070686 libgobject-2.0.0.dylib`g_signal_emit + 142
    frame #5: 0x00000001007a0058 libgtk-3.0.dylib`gtk_container_remove + 47
    frame #6: 0x0000000100766b51 libgtk-3.0.dylib`gtk_assistant_destroy + 47
    frame #7: 0x000000010105a4dd libgobject-2.0.0.dylib`g_closure_invoke + 267
    frame #8: 0x000000010106f7e8 libgobject-2.0.0.dylib`signal_emit_unlocked_R + 2849
    frame #9: 0x000000010106fff2 libgobject-2.0.0.dylib`g_signal_emit_valist + 1855
    frame #10: 0x0000000101070686 libgobject-2.0.0.dylib`g_signal_emit + 142
    frame #11: 0x00000001009257a8 libgtk-3.0.dylib`gtk_widget_dispose + 200
    frame #12: 0x0000000100930634 libgtk-3.0.dylib`gtk_window_dispose + 84
    frame #13: 0x000000010105f0f7 libgobject-2.0.0.dylib`g_object_run_dispose + 46
    frame #14: 0x00000001000f9461 libgtkmm-3.0.1.dylib`Gtk::Window::_release_c_instance() + 69
    frame #15: 0x000000010003b532 libgtkmm-3.0.1.dylib`Gtk::Assistant::~Assistant() + 64
    frame #16: 0x0000000100002dd1 a.out`ExampleAssistant::~ExampleAssistant(this=0x00007fff5fbff2b0, vtt=0x0000000100009b60) + 193 at exampleassistant.cc:64
    frame #17: 0x0000000100002e00 a.out`ExampleAssistant::~ExampleAssistant(this=0x00007fff5fbff2b0) + 32 at exampleassistant.cc:63
    frame #18: 0x00000001000069af a.out`ExampleWindow::~ExampleWindow(this=0x00007fff5fbff0b0, vtt=0x000000010000b4e0) + 95 at examplewindow.cc:59
    frame #19: 0x0000000100006a60 a.out`ExampleWindow::~ExampleWindow(this=0x00007fff5fbff0b0) + 32 at examplewindow.cc:58
    frame #20: 0x00000001000076af a.out`main(argc=1, argv=0x00007fff5fbff510) + 175 at main.cc:28
    frame #21: 0x00007fff8e6685c9 libdyld.dylib`start + 1
Comment 2 Kjell Ahlstedt 2015-10-02 18:05:30 UTC 
I suspect that this is related to the gtk+ commit
https://git.gnome.org/browse/gtk+/commit/?id=6cc65260f4ba54ea0ca9f93068050435bd6b9f1a

Results from running the assistant example in gtkmm-documentation on my
Ubuntu Linux system:
  With the suspected commit:
    ./example    # no segfault
    gdb example  # segfault
    valgrind ./example  # invalid read and segfault
  After the commit was reverted locally on my PC:
    No segfault, no invalid read

Reverting the commit is not an acceptable fix. Later gtk+ commits depend on it.
Comment 3 Kjell Ahlstedt 2015-10-04 13:03:00 UTC 
>  With the suspected commit:
>    ./example    # no segfault

Should be: ./example    # segfault
The assistant example crashes also without gdb or valgrind.

I have filed gtk+ bug 756042.
Comment 4 Kjell Ahlstedt 2015-10-05 16:49:43 UTC 
The gtk+ bug has been fixed.
No segfault in the assistant example in gtkmm-documentation.
Comment 5 Tom Schoonjans 2015-10-05 16:50:48 UTC 
Excellent! Thanks for all the work