Bug 350678 – Refcounting bug for window widget

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 350678 - Refcounting bug for window widget


Summary:	Refcounting bug for window widget


Status:	RESOLVED DUPLICATE of bug 343331

Product:	evolution
Classification:	Applications
Component:	Shell
Version:	2.8.x (obsolete)
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Evolution Shell Maintainers Team
QA Contact:	Evolution QA team

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2006-08-10 01:39 UTC by Daniel Gryniewicz
Modified:	2013-09-13 00:48 UTC

See Also:
GNOME target:	---
GNOME version:	2.15/2.16

Description Daniel Gryniewicz 2006-08-10 01:39:30 UTC

Related to bug #349967, there appears to be a refcounting bug for the window widget that causes it to be dereferenced and freed before it's size is stored.  This is how the invalid default sizes got stored to cause the problem in that bug.  Here's the backtrace for this problem:

+ Trace 70162

#0 raise
from /lib/libc.so.6
#0 raise
from /lib/libc.so.6
#1 abort
from /lib/libc.so.6
#2 mono_handle_native_sigsegv
from /usr/lib/libmono.so.0
#3 mini_init
from /usr/lib/libmono.so.0
#4 <signal handler called>
#5 store_window_size
at e-shell-window.c line 915
#6 g_timeout_dispatch
at gmain.c line 3420
#7 g_main_dispatch
at gmain.c line 2043
#8 IA__g_main_context_dispatch
at gmain.c line 2594
#9 g_main_context_iterate
at gmain.c line 2675
#10 IA__g_main_loop_run
at gmain.c line 2879
#11 impl_get_object
at bonobo-item-handler.c line 139
#12 __libc_start_main
from /lib/libc.so.6
#13 _start



Here's the window object in store_window_size():

(gdb) p *widget
$2 = {object = {parent_instance = {g_type_instance = {g_class = 0x63b3e0}, 
      ref_count = 0, qdata = 0xaaaaaaaaaaaaaaaa}, flags = 2863311530}, 
  private_flags = 43690, state = 170 '�', saved_state = 170 '�', 
  name = 0xaaaaaaaaaaaaaaaa <Address 0xaaaaaaaaaaaaaaaa out of bounds>, 
  style = 0xaaaaaaaaaaaaaaaa, requisition = {width = -1431655766, height = -1431655766}, 
  allocation = {x = -1431655766, y = -1431655766, width = -1431655766, 
    height = -1431655766}, window = 0xaaaaaaaaaaaaaaaa, parent = 0xaaaaaaaaaaaaaaaa}


Note the refcount of 0, and the garbage everywhere.

Unfortunately, I have no idea what would have caused this.  This particular core happened on shutdown, and I only noticed it when my evo started up the next time with default sizes.

Comment 1 Karsten Bräckelmann 2006-09-18 14:39:15 UTC

Thanks for the bug report. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find.


*** This bug has been marked as a duplicate of 343331 ***

Comment 2 Karsten Bräckelmann 2006-09-18 14:41:10 UTC

Good investigation, Daniel. Thanks. :)