1) Launchpad doesn't let me look at that bug.

2) Please copy *full* info when upstreaming bugs.

3) Crashed when doing what?

I'm asking for detailed steps on how to reproduce the crash, will come back shortly. You can look the bug now, I've already make it public.

To reproduce:
1. Open GNOME about me
2. Click to move cursor inside a text entry
3. Close window using X button on title bar

Crashes.  Doesn't crash if the "close" button is pressed.

It appears that objects are destroyed before the UI causing a focus-out event to access invalid memory.

Created attachment 144871 [details] [review]
a patch

Committed a slightly different fix.

commit b5c741ee95c346d298d21d4cab8d9717d2335c4d
Author: Jens Granseuer <...>
Date:   Fri Oct 23 18:35:47 2009 +0200

    [about-me] Fix crash when closing the window using the window button
    
    Make sure the focus-out handler doesn't try to take action after the
    application resources have already been destroyed (bug #592348).

Created attachment 146549 [details] [review]
A better patch that doesn't use a boolean variable

*** Bug 599990 has been marked as a duplicate of this bug. ***

Review of attachment 146549 [details] [review]:

As I said, I didn't commit Matthias' patch as is, and the current code doesn't use the boolean.

I'll readily admit that your solution is much cleaner. The patch, however, looks broken. There is at least one instance (l.893 in current trunk, there may be others) in the code where about_me_destroy is called after you have connected to the "destroy" signal, so AFAICS in effect about_me_destroy would be called twice and cause a double-free.

Review of attachment 146549 [details] [review]:

As I said, I didn't commit Matthias' patch as is, and the current code doesn't use the boolean.

I'll readily admit that your solution is much cleaner. The patch, however, looks broken. There is at least one instance (l.893 in current trunk, there may be others) in the code where about_me_destroy is called after you have connected to the "destroy" signal, so AFAICS in effect about_me_destroy would be called twice and cause a double-free.

*** Bug 603833 has been marked as a duplicate of this bug. ***

The fix doesn't work, the issue is still there in 2.29.90, see https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/508087 for example

"#0  0x0039ff0f in e_contact_set (contact=0x9e07fa8, 
    field_id=E_CONTACT_ADDRESS_WORK, value=0x9eb8e48) at e-contact.c:1637
	__t = <value optimized out>
	__r = <value optimized out>
	__PRETTY_FUNCTION__ = "e_contact_set"

+ Trace 220787

valgrind log on current 2.29 tarball

"==18177== Invalid write of size 4
==18177==    at 0x805472C: about_me_focus_out (gnome-about-me.c:332)
==18177==    by 0x4220257: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84)
==18177==    by 0x4CAE151: g_closure_invoke (gclosure.c:767)
==18177==    by 0x4CC584C: signal_emit_unlocked_R (gsignal.c:3243)
==18177==    by 0x4CC6E22: g_signal_emit_valist (gsignal.c:2986)
==18177==    by 0x4CC7705: g_signal_emit (gsignal.c:3033)
==18177==    by 0x436449D: gtk_widget_event_internal (gtkwidget.c:4949)
==18177==    by 0x4377A83: do_focus_change (gtkwindow.c:6726)
==18177==    by 0x4384AC8: gtk_window_real_set_focus (gtkwindow.c:7094)
==18177==    by 0x4CBC56B: g_cclosure_marshal_VOID__OBJECT (gmarshal.c:636)
==18177==    by 0x4CAC7D8: g_type_class_meta_marshal (gclosure.c:878)
==18177==    by 0x4CAE151: g_closure_invoke (gclosure.c:767)
==18177==  Address 0x585cca4 is 100 bytes inside a block of size 104 free'd
==18177==    at 0x4024B3A: free (vg_replace_malloc.c:366)
==18177==    by 0x4D36725: g_free (gmem.c:190)
==18177==    by 0x805363F: about_me_destroy (gnome-about-me.c:186)
==18177==    by 0x805541D: about_me_button_clicked_cb (gnome-about-me.c:816)
==18177==    by 0x4CBD07B: g_cclosure_marshal_VOID(intXX_t) (gmarshal.c:216)
==18177==    by 0x4CAE151: g_closure_invoke (gclosure.c:767)
==18177==    by 0x4CC584C: signal_emit_unlocked_R (gsignal.c:3243)
==18177==    by 0x4CC6FA3: g_signal_emit_valist (gsignal.c:2976)
==18177==    by 0x4CC7705: g_signal_emit (gsignal.c:3033)
==18177==    by 0x4183D10: gtk_dialog_response (gtkdialog.c:928)
==18177==    by 0x41846D5: gtk_dialog_delete_event_handler (gtkdialog.c:382)
==18177==    by 0x4220257: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84)"

the bug happens when switching tab and closing use the x button

Created attachment 156352 [details] [review]
fix use after free when closing window

Review of attachment 156352 [details] [review]:

::: capplets/about-me/gnome-about-me.c
@@ +164,3 @@
 /********************/
 static void
+about_me_destroy ()

That should be "about_me_destroy (void)"

Created attachment 156386 [details] [review]
fix use after free when closing window [v2]

Right, I keep forgetting about this C vs C++ difference. Corrected patch attached.

Created attachment 156387 [details] [review]
do not pass the "me" pointer around all the time

Please also consider this patch in addition to "fix use after free when closing window [v2]".

Review of attachment 156386 [details] [review]:

Patch looks fine to commit. Could you please request for a freeze break with the release team?

Review of attachment 156387 [details] [review]:

Looks fine to commit after freeze

Comment on attachment 156386 [details] [review]
fix use after free when closing window [v2]

(In reply to comment #18)
> Patch looks fine to commit. Could you please request for a freeze break with
> the release team?

Already requested and approved...

Comment on attachment 156386 [details] [review]
fix use after free when closing window [v2]

Pushed as 41586c16b9672d26f54d465d6571df39a8aee8c8

Comment on attachment 156387 [details] [review]
do not pass the "me" pointer around all the time

correcting patch status

about-me is gone from GNOME 3.x, and the bug does not apply to the user accounts panel.