Bug 596977 – Regression : 2.18.1 crashes nautilus

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 596977 - Regression : 2.18.1 crashes nautilus


Summary:	Regression : 2.18.1 crashes nautilus


Status:	RESOLVED WONTFIX

Product:	gtk+
Classification:	Platform
Component:	Backend: X11
Version:	2.18.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Pascal Terjan
QA Contact:	gtk-bugs

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2009-10-01 11:55 UTC by Frederic Crozat
Modified:	2014-08-30 06:40 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Patch fixing the crash (861 bytes, patch) 2009-10-06 09:50 UTC, Pascal Terjan	none	Details \| Review

Description Frederic Crozat 2009-10-01 11:55:33 UTC

gtk+ 2.18.1 is crashing when starting nautilus. This is a regression compared to 2.18.0 :

Program received signal SIGSEGV, Segmentation fault.
0xb7b8ca90 in _gdk_x11_window_tmp_reset_bg (window=0x98d6800, recurse=1)
    at gdkwindow-x11.c:253
253             xpixmap = GDK_DRAWABLE_XID (obj->bg_pixmap);

+ Trace 217988

#0 _gdk_x11_window_tmp_reset_bg
at gdkwindow-x11.c line 253
#1 gdk_window_x11_shape_combine_region
at gdkwindow-x11.c line 3465
#2 apply_shape
at gdkwindow.c line 858
#3 apply_clip_as_shape
at gdkwindow.c line 880
#4 recompute_visible_regions_internal
at gdkwindow.c line 1033
#5 recompute_visible_regions
at gdkwindow.c line 1090
#6 set_viewable
at gdkwindow.c line 6267
#7 set_viewable
at gdkwindow.c line 6275
#8 set_viewable
at gdkwindow.c line 6275
#9 IA__gdk_synthesize_window_state
#10 gdk_window_show_internal
at gdkwindow.c line 6364
#11 gtk_window_map
at gtkwindow.c line 4592
#12 map
at nautilus-desktop-window.c line 158
#13 IA__g_cclosure_marshal_VOID__VOID
#14 g_type_class_meta_marshal
at gclosure.c line 878
#15 IA__g_closure_invoke
at gclosure.c line 767
#16 signal_emit_unlocked_R
at gsignal.c line 3177
#17 IA__g_signal_emit_valist
at gsignal.c line 2980
#18 IA__g_signal_emit
at gsignal.c line 3037
#19 IA__gtk_widget_map
at gtkwidget.c line 3204
#20 gtk_window_show
at gtkwindow.c line 4511
#21 nautilus_window_show
at nautilus-window.c line 1434
#22 nautilus_spatial_window_show
at nautilus-spatial-window.c line 343
#23 IA__g_cclosure_marshal_VOID__VOID
#24 g_type_class_meta_marshal
at gclosure.c line 878
#25 IA__g_closure_invoke
at gclosure.c line 767
#26 signal_emit_unlocked_R
at gsignal.c line 3177
#27 IA__g_signal_emit_valist
at gsignal.c line 2980
#28 IA__g_signal_emit
at gsignal.c line 3037
#29 IA__gtk_widget_show
at gtkwidget.c line 3012
#30 nautilus_window_show_window
at nautilus-window.c line 674
#31 nautilus_window_info_show_window
at nautilus-window-info.c line 159
#32 finish_loading
at fm-directory-view.c line 9180
#33 desktop_callback_check_done
at nautilus-desktop-directory-file.c line 224
#34 ready_callback_call
at nautilus-directory-async.c line 1252
#35 call_ready_callbacks_at_idle
at nautilus-directory-async.c line 1835
#36 g_idle_dispatch
at gmain.c line 4065
#37 IA__g_main_context_dispatch
at gmain.c line 1960
#38 g_main_context_iterate
at gmain.c line 2591
#39 IA__g_main_loop_run
at gmain.c line 2799
#40 IA__gtk_main
at gtkmain.c line 1205
#41 main
at nautilus-main.c line 544

Comment 1 Frederic Crozat 2009-10-02 08:26:44 UTC

after investigation, it appears to be triggered if gdkwindow-x11.c is compiled with -fomit-frame-pointer

Comment 2 Pascal Terjan 2009-10-02 08:47:11 UTC

And it does not crash when replacing GDK_DRAWABLE_XID with GDK_WINDOW_XID

Comment 3 Vincent Untz 2009-10-02 23:26:50 UTC

FWIW, I'm seeing the same issue on openSUSE and, hrm, it makes GDM crash too, which is quite a big issue ;-)

Confirming that compiling without -fomit-frame-pointer fixes it.

Comment 4 Vincent Untz 2009-10-02 23:27:16 UTC

(note that 2.18.0 was also crashing here)

Comment 5 Marcus Meissner 2009-10-06 09:01:10 UTC

if removing -fomit-frame-pointer helps, it is probably uninitialized memory somewhere.

run in valgrind?

Comment 6 Pascal Terjan 2009-10-06 09:16:02 UTC

Yes I had run valgrind and it indeed reports some uninitialized memory in _gdk_x11_window_tmp_reset_bg, created by a stack allocation, but I had failed to find more

Comment 7 Pascal Terjan 2009-10-06 09:41:49 UTC

I looked at it again and indeed obj->bg_pixmap is not initialized

Comment 8 Pascal Terjan 2009-10-06 09:50:46 UTC

Created attachment 144876 [details] [review]
Patch fixing the crash

Comment 9 Matthias Clasen 2009-10-06 12:35:12 UTC

This doesn't make sense to me. If you look at how tmp_unset_bg and tmp_reset_bg are used, we rely on the fact that we can set the bg_pixmap back on the window later on, so we can't clear that field there.

Comment 10 Pascal Terjan 2009-10-06 12:50:11 UTC

Hmm you are right, it should not be cleared and has many side-effects

I'll investigate why it was not initialized in the first place in the specific cases where we have the crash

Comment 11 Pascal Terjan 2009-10-06 15:42:58 UTC

I investigated a bit more, and bg_pixmap is initialized actually

It's its impl field which is not

Comment 12 Matthias Clasen 2013-02-13 03:53:59 UTC

closing old bugs

Comment 13 Thierry Vignaud 2013-05-31 13:57:33 UTC

Err a patch is available for this bug fix for years:
http://svnweb.mageia.org/packages/cauldron/gtk%2B2.0/current/SOURCES/gtk%2B-2.18.1-fixnautiluscrash.patch?revision=389214&view=markup

Comment 14 Matthias Clasen 2014-08-30 06:40:13 UTC

not going to make such changes in gtk2 at this point