After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 477454 - libgtk crashed in gtk_notebook_button_release
libgtk crashed in gtk_notebook_button_release
Status: RESOLVED FIXED
Product: gtk+
Classification: Platform
Component: Widget: GtkNotebook
2.11.x
Other All
: Normal critical
: ---
Assigned To: gtk-bugs
gtk-bugs
Depends on:
Blocks:
 
 
Reported: 2007-09-16 11:56 UTC by Luca Falavigna
Modified: 2014-12-22 16:26 UTC
See Also:
GNOME target: ---
GNOME version: 2.19/2.20

Attachments
Check pointers before deferencing them (558 bytes, patch)
2007-10-29 13:50 UTC, Luca Falavigna 		needs-work Details | Review
Don't crash in button release event handler when the notebook is empty (361 bytes, patch)
2008-12-23 00:36 UTC, Emilio Gallego 		none Details | Review

Description Luca Falavigna 2007-09-16 11:56:48 UTC 
Steps to reproduce:
This bug can be reproduced using aMule on an up-to-date Gutsy box.

1. Open aMule
2. Connect to any server you like
3. Press Search button, insert a string and press Start
4. Close the search tab that will open as fast as possible


Stack trace:

+ Trace 163301

  • #0 gtk_notebook_button_release
    at /build/buildd/gtk+2.0-2.11.6/gtk/gtknotebook.c line 2808
  • #1 _gtk_marshal_BOOLEAN__BOXED
    at /build/buildd/gtk+2.0-2.11.6/gtk/gtkmarshalers.c line 84
  • #2 ??
    from /usr/lib/libgobject-2.0.so.0
  • #3 ??
  • #4 ??
  • #5 ??
  • #6 ??
  • #7 ??
  • #8 ??
    at /build/buildd/gtk+2.0-2.11.6/gtk/gtknotebook.c line 3061
  • #9 g_closure_unref
    from /usr/lib/libgobject-2.0.so.0
  • #10 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #11 ??
    from /usr/lib/libgobject-2.0.so.0
  • #12 ??
  • #13 ??
  • #14 ??
  • #15 ??
  • #16 ??
  • #17 ??
  • #18 pthread_mutex_lock
    from /lib/tls/i686/cmov/libpthread.so.0
  • #19 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #20 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #21 gtk_widget_event_internal
    at /build/buildd/gtk+2.0-2.11.6/gtk/gtkwidget.c line 4674
  • #22 IA__gtk_propagate_event
    at /build/buildd/gtk+2.0-2.11.6/gtk/gtkmain.c line 2317
  • #23 IA__gtk_main_do_event
    at /build/buildd/gtk+2.0-2.11.6/gtk/gtkmain.c line 1537
  • #24 gdk_event_dispatch
    at /build/buildd/gtk+2.0-2.11.6/gdk/x11/gdkevents-x11.c line 2351
  • #25 g_main_context_dispatch
    from /usr/lib/libglib-2.0.so.0
  • #26 ??
    from /usr/lib/libglib-2.0.so.0
  • #27 ??
  • #28 ?? 

Other information:
GDB output:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1233463616 (LWP 6035)]
0xb6d92050 in gtk_notebook_button_release (widget=0x8837228, event=0x88c2810)
    at /build/buildd/gtk+2.0-2.11.6/gtk/gtknotebook.c:2808
2808      if (!priv->during_detach &&
(gdb) list
2803
2804      notebook = GTK_NOTEBOOK (widget);
2805      priv = GTK_NOTEBOOK_GET_PRIVATE (notebook);
2806      page = notebook->cur_page;
2807
2808      if (!priv->during_detach &&
2809          page->reorderable &&
2810          event->button == priv->pressed_button)
2811        gtk_notebook_stop_reorder (notebook);
2812
(gdb)

Additional informations can be found here: https://launchpad.net/bugs/84306
Comment 1 Luca Falavigna 2007-10-29 13:50:06 UTC 
Created attachment 98098 [details] [review]
Check pointers before deferencing them

Attached patch fixes this issue for me.
Comment 2 Matthias Clasen 2007-12-09 07:17:14 UTC 
priv cannot be NULL, but it makes sense to check page.
Comment 3 Luca Falavigna 2007-12-15 18:16:19 UTC 
This seems indeed related to priv being NULL, it seems so looking at gdb output.
Comment 4 Emilio Gallego 2008-12-23 00:36:49 UTC 
Created attachment 125166 [details] [review]
Don't crash in button release event handler when the notebook is empty

I think this is a bug in GTK, given that we check cur_page != NULL in motion_event.

For more details see http://www.amule.org/amule/index.php?topic=16254.0

Dear Mr. Classen, could you apply this patch. This will fix a big number of crashes in aMule. 

If you think this is a wxWidget issue tell so and close this report, we however think this is a GTK+ issue based on the motion_event code.

Thanks
Comment 5 Madeline Book 2009-03-13 03:23:14 UTC 
This crash has also occured for the gtk client of Freeciv:
http://bugs.freeciv.org/Ticket/Display.html?id=40743

I made a workaround that appears to avoid the crash (it
eats the button release event when the notebook has no
pages), but I would agree with the previous posters that
just adding a simple NULL pointer check for notebook->
cur_page in gtk_notebook_button_release() would be a
much simpler solution.