Bug 124662 – tree model keeps a node around with a zero refcount until its parent frees it

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 124662 - tree model keeps a node around with a zero refcount until its parent frees it


Summary:	tree model keeps a node around with a zero refcount until its parent frees it


Status:	RESOLVED WONTFIX

Product:	gconf-editor
Classification:	Applications
Component:	general
Version:	2.4.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Gconf Editor Maintainers
QA Contact:	Gconf Editor Maintainers

URL:
Whiteboard:	gnome[unmaintained]

Duplicates:	123950 (view as bug list)
Depends on:
Blocks:

Reported:	2003-10-15 13:55 UTC by Muktha
Modified:	2018-07-01 08:40 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Proposed fix (2.79 KB, patch) 2004-03-31 07:43 UTC, Fernando Herrera	committed	Details \| Review

Description Muktha 2003-10-15 13:55:51 UTC

Running gconf-editor, do the following:
- Right-click on the right-side pane and select 'New Key' to add a new key.
- The new key dialog appears, Key path is '/'.
- Type "part1/part2" for the Key name.
- Type "123" for the Key value.
- Click OK button to create the new key.

- Refresh the keypath tree on the left-side pane by collapsing and
expanding it.
- Select the key node "part2", right-click to delete it.
- Refresh the keypath tree on the left-side pane by collapsing and
expanding it.

gconf-editor segmentation faults at this point. 

Below is the stack trace:

0x08059d55 in gconf_tree_model_ref_node (tree_model=0x80b5808,
iter=0xbffff170)
    at gconf-tree-model.c:419
419		node->ref_count += 1;
(gdb) where

+ Trace 40875

#0 gconf_tree_model_ref_node
at gconf-tree-model.c line 419
#1 gtk_tree_model_ref_node
at gtktreemodel.c line 1200
#2 gtk_tree_model_sort_ref_node
at gtktreemodelsort.c line 1189
#3 gtk_tree_model_ref_node
at gtktreemodel.c line 1200
#4 gtk_tree_view_build_tree
at gtktreeview.c line 6784
#5 gtk_tree_view_real_expand_row
at gtktreeview.c line 9554
#6 gtk_tree_view_button_release
at gtktreeview.c line 2429
#7 _gtk_marshal_BOOLEAN__BOXED
at gtkmarshalers.c line 82
#8 g_type_class_meta_marshal
at gclosure.c line 514
#9 g_closure_invoke
#10 signal_emit_unlocked_R
at gsignal.c line 2474
#11 g_signal_emit_valist
at gsignal.c line 2205
#12 g_signal_emit
at gsignal.c line 2239
#13 gtk_widget_event_internal
at gtkwidget.c line 3464
#14 gtk_widget_event
at gtkwidget.c line 3270
#15 gtk_propagate_event
at gtkmain.c line 2254
#16 gtk_main_do_event
at gtkmain.c line 1503
#17 gdk_event_dispatch
at gdkevents-x11.c line 2094
#18 g_main_dispatch
at gmain.c line 1752
#19 g_main_context_dispatch
at gmain.c line 2300
#20 g_main_context_iterate
at gmain.c line 2381
#21 g_main_loop_run
at gmain.c line 2601
#22 gtk_main
at gtkmain.c line 1093
#23 main
at main.c line 94
#24 __libc_start_main
at ../sysdeps/generic/libc-start.c line 129

Comment 1 Fernando Herrera 2004-01-21 07:47:04 UTC

*** Bug 123950 has been marked as a duplicate of this bug. ***

Comment 2 Fernando Herrera 2004-02-05 03:27:51 UTC

Fixed on HEAD by Sanjiv.
We should backport this to gnome-2-4.
Is it okey to commit to 2-4 and close?

Comment 3 Anders Carlsson 2004-02-05 06:44:35 UTC

Sure, go ahead. 

Fernando, if you want you can release a new version for 2.4 as well. I
think Kjartan is working on 2.4.2, ccing him.

Comment 4 Luis Villa 2004-02-14 01:37:37 UTC

Fernando: given that this only has one dup, TARGET2.6.0 was probably
not appropriate. Anyway, since it is fixed in HEAD, removing the
keyword and setting GNOMEVER2.4. Fernando, Muktha, if either of you
has a patch you'd like for the backport, please attach and reopen, but
I believe Kjartan has said that 2.4.2 was the last 2.4 release.

Comment 5 Federico Mena Quintero 2004-03-31 06:01:49 UTC

Sanjiv's patch is incorrect, I'm afraid.  It goes:

+++ gconf-tree-model.c  3 Feb 2004 06:32:22 -0000       1.16
@@ -458,7 +458,7 @@
        if (node->ref_count == 0) {
  
                if ((node->parent != NULL) && (node->parent->children == node))
-                       node->parent->children = node->next;
+                       node->parent->children = node->children;

You can't just "move up" the children of node!  This will also leak the old
siblings of node.

You may want to look at gtk+/gtk/gtkfilesystemmodel.c as a reference for how to
implement ref_node and unref_node.

Comment 6 Fernando Herrera 2004-03-31 07:43:38 UTC

Created attachment 26136 [details] [review]
Proposed fix

Federico, can you take a look at this? Thanks

Comment 7 Federico Mena Quintero 2004-03-31 18:33:48 UTC

The call to clear_node in unref() should be free_node instead.  Otherwise you'll
be keeping a node around with a zero refcount until its parent frees it.

Comment 8 Fernando Herrera 2004-03-31 20:31:14 UTC

Humm doing that makes gtk_tree_view entering in an infite loop with
gtk_cell_renderer_render

Comment 9 Fernando Herrera 2004-04-12 10:32:07 UTC

Patch applied, bescause it's better to fix the two crashing bugs and remain a
little semi-leak. Should investigate more this.

Comment 10 Kjartan Maraas 2007-08-27 13:42:38 UTC

Changing to _clear_node there gives me backtraces with memory corruption before gconf-editor even starts up.

Comment 11 André Klapper 2018-07-01 08:40:28 UTC

gconf-editor is not under active development anymore and has not seen code changes for six years. 
Its codebase has been archived: https://gitlab.gnome.org/Archive/gconf-editor/commits/master

Closing this report as WONTFIX as part of Bugzilla Housekeeping to reflect reality. Please feel free to reopen this ticket (or rather transfer the project to GNOME Gitlab, as GNOME Bugzilla is deprecated) if anyone takes the responsibility for active development again.