Bug 357050 – Crash replacing \n\n with \n or undoing after paste

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 357050 - Crash replacing \n\n with \n or undoing after paste


Summary:	Crash replacing \n\n with \n or undoing after paste


Status:	RESOLVED FIXED

Product:	gtk+
Classification:	Platform
Component:	Widget: GtkTextView
Version:	2.10.x
Hardware:	Other All

Importance:	High critical
Target Milestone:	---
Assigned To:	gtk-bugs
QA Contact:	gtk-bugs

URL:
Whiteboard:

Duplicates:	357891 359235 359530 360167 363172 366900 376146 379654 384122 384713 396984 396990 401663 404524 404762 406393 412097 412358 414284 415205 420229 427373 432896 436629 439377 449390 451533 451534 460926 476105 482280 482663 483902 (view as bug list)
Depends on:
Blocks:

Reported:	2006-09-21 12:54 UTC by Karl
Modified:	2007-10-06 16:35 UTC

See Also:
GNOME target:	---
GNOME version:	2.15/2.16

Attachments
The file is generated by OpenModelica. (12.70 KB, text/x-c++src) 2006-10-08 08:50 UTC, Markus Johnsson		Details
Stack trace of gedit crashing (74.92 KB, text/plain) 2006-11-01 19:07 UTC, Markus Johnsson		Details
proposed gtk patch (673 bytes, patch) 2006-11-05 18:00 UTC, Paolo Borelli	none	Details \| Review

Description Karl 2006-09-21 12:54:24 UTC

Version: 2.16.0

What were you doing when the application crashed?
i ran search and replace

\n\n
to 
\n


Distribution: Ubuntu 6.10 (edgy)
Gnome Release: 2.16.0 2006-09-04 (Ubuntu)
BugBuddy Version: 2.16.0

Memory status: size: 47222784 vsize: 0 resident: 47222784 share: 0 rss: 23011328 rss_rlim: 0
CPU usage: start_time: 1158843299 rtime: 0 utime: 145 stime: 0 cutime:137 cstime: 0 timeout: 8 it_real_value: 0 frequency: 0

Backtrace was generated from '/usr/bin/gedit'

(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1226475120 (LWP 14196)]
(no debugging symbols found)
0xffffe410 in __kernel_vsyscall ()

+ Trace 72909

Thread 1 (Thread -1226475120 (LWP 14196))

#0 __kernel_vsyscall
#1 __waitpid_nocancel
from /lib/tls/i686/cmov/libpthread.so.0
#2 gnome_gtk_module_info_get
from /usr/lib/libgnomeui-2.so.0
#3 <signal handler called>
#4 ??
#5 _gtk_text_btree_delete
from /usr/lib/libgtk-x11-2.0.so.0
#6 gtk_text_buffer_cut_clipboard
from /usr/lib/libgtk-x11-2.0.so.0
#7 gtk_source_buffer_new_with_language
from /usr/lib/libgtksourceview-1.0.so.0
#8 _gtk_marshal_VOID__BOXED_BOXED
from /usr/lib/libgtk-x11-2.0.so.0
#9 g_value_set_boxed
from /usr/lib/libgobject-2.0.so.0
#10 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#11 g_signal_chain_from_overridden
from /usr/lib/libgobject-2.0.so.0
#12 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#13 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#14 gtk_text_buffer_get_text
from /usr/lib/libgtk-x11-2.0.so.0
#15 gedit_document_replace_all
#16 _gedit_cmd_search_find
#17 g_cclosure_marshal_VOID
from /usr/lib/libgobject-2.0.so.0
#18 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#19 g_signal_chain_from_overridden
from /usr/lib/libgobject-2.0.so.0
#20 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#21 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#22 gtk_dialog_response
from /usr/lib/libgtk-x11-2.0.so.0
#23 gtk_dialog_response
from /usr/lib/libgtk-x11-2.0.so.0
#24 g_cclosure_marshal_VOID__VOID
from /usr/lib/libgobject-2.0.so.0
#25 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#26 g_signal_chain_from_overridden
from /usr/lib/libgobject-2.0.so.0
#27 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#28 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#29 gtk_button_clicked
from /usr/lib/libgtk-x11-2.0.so.0
#30 gtk_button_set_alignment
from /usr/lib/libgtk-x11-2.0.so.0
#31 g_cclosure_marshal_VOID__VOID
from /usr/lib/libgobject-2.0.so.0
#32 g_value_set_boxed
from /usr/lib/libgobject-2.0.so.0
#33 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#34 g_signal_chain_from_overridden
from /usr/lib/libgobject-2.0.so.0
#35 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#36 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#37 gtk_button_released
from /usr/lib/libgtk-x11-2.0.so.0
#38 gtk_button_released
from /usr/lib/libgtk-x11-2.0.so.0
#39 _gtk_marshal_BOOLEAN__BOXED
from /usr/lib/libgtk-x11-2.0.so.0
#40 g_value_set_boxed
from /usr/lib/libgobject-2.0.so.0
#41 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#42 g_signal_chain_from_overridden
from /usr/lib/libgobject-2.0.so.0
#43 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#44 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#45 gtk_widget_get_default_style
from /usr/lib/libgtk-x11-2.0.so.0
#46 gtk_propagate_event
from /usr/lib/libgtk-x11-2.0.so.0
#47 gtk_main_do_event
from /usr/lib/libgtk-x11-2.0.so.0
#48 _gdk_events_init
from /usr/lib/libgdk-x11-2.0.so.0
#49 g_main_context_dispatch
from /usr/lib/libglib-2.0.so.0
#50 g_main_context_check
from /usr/lib/libglib-2.0.so.0
#51 g_main_loop_run
from /usr/lib/libglib-2.0.so.0
#52 gtk_main
from /usr/lib/libgtk-x11-2.0.so.0
#53 main
#0 __kernel_vsyscall

Comment 1 Karsten Bräckelmann 2006-09-26 23:20:07 UTC

*** Bug 357891 has been marked as a duplicate of this bug. ***

Comment 2 Elijah Newren 2006-10-03 10:23:27 UTC

*** Bug 359235 has been marked as a duplicate of this bug. ***

Comment 3 Karsten Bräckelmann 2006-10-04 10:37:14 UTC

*** Bug 359530 has been marked as a duplicate of this bug. ***

Comment 4 Paolo Maggi 2006-10-06 14:08:02 UTC

*** Bug 360167 has been marked as a duplicate of this bug. ***

Comment 5 Markus Johnsson 2006-10-08 08:50:46 UTC

Created attachment 74266 [details]
The file is generated by OpenModelica. 

This file causes gedit to crash when the Find/replace operation are executed with "\n\n" as "find" and "\n" as "replace with".

Comment 6 Paolo Maggi 2006-10-29 15:33:15 UTC

*** Bug 366900 has been marked as a duplicate of this bug. ***

Comment 7 Paolo Maggi 2006-11-01 09:20:22 UTC

We still lack a good stack trace for this crash.

Unfortunately, the attached stack traces are missing some elements that will help a lot to solve the problem, so it will be hard for the developers to fix that crash. 

If you are still able to reproduce this crash, can you get us a stack trace with debugging symbols? Please see http://live.gnome.org/GettingTraces for more information on how to do so.

Thanks in advance!

Comment 8 Markus Johnsson 2006-11-01 19:07:41 UTC

Created attachment 75788 [details]
Stack trace of gedit crashing

Hopefully this provides better information about the crash. Since the stack trace was more than 65k chars, I had to attach it as a text file. 
Cheers

Comment 9 Paolo Maggi 2006-11-01 19:29:11 UTC

Thank you very much Markus.

Now I'm able to reproduce the crash using the file Markus attached in comment #5.

It can be reproduced only if syntax highlighting is active, this is the reason why I failed to reproduce it before.

Comment 10 Paolo Borelli 2006-11-05 17:59:14 UTC

So I finally tracked this down: valgrind shows that memory corruption is involved.

I am not sure why the crash gets triggered only under some conditions (some files and syntax highlighting), but the bug is in gtk.
The problem was introduced with the patch of bug #317125.

The following patch seems to fix the problem for me, though I am not sure it is the proper solution.

Comment 11 Paolo Borelli 2006-11-05 18:00:28 UTC

Created attachment 76040 [details] [review]
proposed gtk patch

Comment 12 Matthias Clasen 2006-11-07 15:20:26 UTC

Looks good to me. Please commit to both branches.

Comment 13 Paolo Borelli 2006-11-07 15:43:13 UTC

done.

Comment 14 Steve Frécinaux 2006-11-29 23:28:25 UTC

*** Bug 379654 has been marked as a duplicate of this bug. ***

Comment 15 Susana 2006-12-09 19:54:50 UTC

*** Bug 384122 has been marked as a duplicate of this bug. ***

Comment 16 Bruno Boaventura 2006-12-11 14:57:06 UTC

*** Bug 384713 has been marked as a duplicate of this bug. ***

Comment 17 Susana 2007-01-15 23:12:23 UTC

*** Bug 396984 has been marked as a duplicate of this bug. ***

Comment 18 Susana 2007-01-15 23:14:01 UTC

*** Bug 396990 has been marked as a duplicate of this bug. ***

Comment 19 Mariano Suárez-Alvarez 2007-01-29 07:31:10 UTC

*** Bug 401663 has been marked as a duplicate of this bug. ***

Comment 20 palfrey 2007-02-05 16:46:40 UTC

*** Bug 404524 has been marked as a duplicate of this bug. ***

Comment 21 Marc-Andre Lureau 2007-02-05 23:45:32 UTC

*** Bug 404762 has been marked as a duplicate of this bug. ***

Comment 22 Christian Kirbach 2007-02-10 14:11:19 UTC

*** Bug 406393 has been marked as a duplicate of this bug. ***

Comment 23 Paolo Borelli 2007-02-26 08:50:34 UTC

*** Bug 412097 has been marked as a duplicate of this bug. ***

Comment 24 Paolo Borelli 2007-02-26 08:52:29 UTC

*** Bug 376146 has been marked as a duplicate of this bug. ***

Comment 25 Pedro Villavicencio 2007-02-26 19:27:06 UTC

*** Bug 412358 has been marked as a duplicate of this bug. ***

Comment 26 Christian Kirbach 2007-03-04 16:00:12 UTC

*** Bug 414284 has been marked as a duplicate of this bug. ***

Comment 27 James Olds 2007-03-06 09:47:22 UTC

*** Bug 415205 has been marked as a duplicate of this bug. ***

Comment 28 Bruno Boaventura 2007-03-19 21:32:08 UTC

*** Bug 420229 has been marked as a duplicate of this bug. ***

Comment 29 palfrey 2007-04-07 21:22:36 UTC

*** Bug 427373 has been marked as a duplicate of this bug. ***

Comment 30 Diego Escalante Urrelo (not reading bugmail) 2007-04-24 23:36:15 UTC

*** Bug 432896 has been marked as a duplicate of this bug. ***

Comment 31 Pedro Villavicencio 2007-05-18 15:16:44 UTC

*** Bug 439377 has been marked as a duplicate of this bug. ***

Comment 32 Pedro Villavicencio 2007-05-19 02:25:28 UTC

*** Bug 436629 has been marked as a duplicate of this bug. ***

Comment 33 Yevgen Muntyan 2007-06-07 06:22:55 UTC

*** Bug 363172 has been marked as a duplicate of this bug. ***

Comment 34 Paolo Borelli 2007-06-26 10:58:40 UTC

*** Bug 449390 has been marked as a duplicate of this bug. ***

Comment 35 palfrey 2007-06-27 13:38:34 UTC

*** Bug 451533 has been marked as a duplicate of this bug. ***

Comment 36 palfrey 2007-06-27 13:38:37 UTC

*** Bug 451534 has been marked as a duplicate of this bug. ***

Comment 37 Iestyn Pryce 2007-07-27 14:26:42 UTC

*** Bug 460926 has been marked as a duplicate of this bug. ***

Comment 38 André Klapper 2007-09-13 09:43:51 UTC

*** Bug 476105 has been marked as a duplicate of this bug. ***

Comment 39 Susana 2007-10-06 13:57:27 UTC

*** Bug 482280 has been marked as a duplicate of this bug. ***

Comment 40 Susana 2007-10-06 14:00:05 UTC

*** Bug 482663 has been marked as a duplicate of this bug. ***

Comment 41 Susana 2007-10-06 14:09:11 UTC

*** Bug 483902 has been marked as a duplicate of this bug. ***