GNOME Bugzilla – Bug 607687
f-spot crashes when using themes using the pixmap engine
Last modified: 2010-01-22 10:37:19 UTC
The bug has been described on https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/411941 steps to trigger the crash: * set a theme use the pixmap engine (new wave is one example) * f-spot -b empty_dir (or start f-spot without any image on a new install) * click on the f-spot toolbar on "edit" and back on "browse" error: "Gdk-ERROR **: The program 'f-spot' received an X Window System error. This probably reflects a bug in the program. The error was 'BadAlloc (insufficient resources for operation)'. (Details: serial 3446 error_code 11 request_code 53 minor_code 0) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the --sync command line option to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() " The issue happens on i386 (not on amd64 apparently) when using GTK 2.18 or 2.19 (tried on 2.19.3), it doesn't happen with GDK_NATIVE_WINDOWS set the crash stacktrace using --sync: "#0 gdk_x_error (display=0x8419720, error=0xbfffa8ac) at /build/buildd/gtk+2.0-2.18.3/gdk/x11/gdkmain-x11.c:439
+ Trace 220191
*** Bug 607683 has been marked as a duplicate of this bug. ***
While there are some weird x and width args in the stack at the end in the XShmPutImage that causes BadAlloc the arguments seem sane:
+ Trace 220192
These should not cause excessive allocations in the xserver. Maybe there is some form of leak instead that slowly builds up to this allocation failure? Look at xrestop?
there is nothing slowly building up since this crash happens as soon as you switch between views mode in the software with an empty collection, xrestop doesn't list anything looking weird there
I have looked a bit. It looks like it is an integer overflow in gdk_rectangle_intersect. The first rectangle is: a=gtk.gdk.Rectangle(-2147482765,65, 1, 2) the second is something like: b=gtk.gdk.Rectangle(1167,65, 1, 1) you get the following b.intersect(a) gtk.gdk.Rectangle(1167, 65, 2147483365, 1) This results in a huge pixmap to be allocated.
So is it related to my theme or it is something wrong with the gtk side? I can help resolving the conflict if it is on my side.
This fixes the overflow: http://git.gnome.org/browse/gtk+/commit/?id=3c618f2f1f2181cb86226515e894f235f35b5fef Can anyone verify if this fixes this bug? The backtraces don't really show where the x = -2147483484 come from, probably because its from the mono side. So, i don't really know if that is a bug or not. However, it may well be that it used to work but now accidentally hits the rectangle intersect overflow.
The patch is working correctly and fixes the crash issue