After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 612919 - crash in System Monitor: I was moving up-down wit...
crash in System Monitor: I was moving up-down wit...
Status: RESOLVED FIXED
Product: gtk+
Classification: Platform
Component: Widget: GtkTreeView
2.18.x
Other All
: Normal critical
: ---
Assigned To: gtktreeview-bugs
gtktreeview-bugs
: 616299 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2010-03-15 07:20 UTC by Priit Laes (IRC: plaes)
Modified: 2010-08-10 04:34 UTC
See Also:
GNOME target: ---
GNOME version: 2.27/2.28

Attachments
Fix unstable segfault error in treeview after pressing page down button (971 bytes, patch)
2010-07-30 18:54 UTC, Orlov Sergey 		none Details | Review

Description Priit Laes (IRC: plaes) 2010-03-15 07:20:03 UTC 
Version: 2.28.0

What were you doing when the application crashed?
I was moving up-down with page up and page down buttons in memory map view


Distribution: Gentoo Base System release 2.0.1
Gnome Release: 2.28.2 2010-03-07 (Gentoo)
BugBuddy Version: 2.28.0

System: Linux 2.6.33-04714-geaa5eec #190 SMP Thu Mar 4 11:57:24 EET 2010 x86_64
X Vendor: The X.Org Foundation
X Vendor Release: 10705000
Selinux: No
Accessibility: Disabled
GTK+ Theme: Clearlooks Compact
Icon Theme: gnome
GTK+ Modules: canberra-gtk-module, gnomebreakpad

Memory status: size: 356732928 vsize: 356732928 resident: 25395200 share: 18915328 rss: 25395200 rss_rlim: 18446744073709551615
CPU usage: start_time: 1268637321 rtime: 3491 utime: 2408 stime: 1083 cutime:0 cstime: 0 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/gnome-system-monitor'

[Thread debugging using libthread_db enabled]
Traceback (most recent call last):
  File "/usr/share/gdb/auto-load/usr/lib64/libgobject-2.0.so.0.2304.0-gdb.py", line 9, in <module>
    from gobject import register
  File "/usr/share/glib-2.0/gdb/gobject.py", line 3, in <module>
    import gdb.backtrace
ImportError: No module named backtrace
0x00007ff616908b8e in __libc_waitpid (pid=<value optimized out>, stat_loc=
    0x7fff1f8b24e0, options=<value optimized out>)
    at ../sysdeps/unix/sysv/linux/waitpid.c:32
	in ../sysdeps/unix/sysv/linux/waitpid.c
Current language:  auto
The current source language is "auto; currently c".

+ Trace 220963

Thread 1 (Thread 0x7ff619af2780 (LWP 4997))

  • #0 __libc_waitpid
    at ../sysdeps/unix/sysv/linux/waitpid.c line 32
  • #1 IA__g_spawn_sync
    at gspawn.c line 386
  • #2 IA__g_spawn_command_line_sync
    at gspawn.c line 700
  • #3 run_bug_buddy
    at gnome-breakpad.cc line 369
  • #4 check_if_gdb
    at gnome-breakpad.cc line 440
  • #5 bugbuddy_segv_handle
    at gnome-breakpad.cc line 223
  • #6 <signal handler called>
  • #7 gtk_tree_view_move_cursor_page_up_down
    at gtktreeview.c line 9778
  • #8 gtk_tree_view_real_move_cursor
    at gtktreeview.c line 8167
  • #9 _gtk_marshal_BOOLEAN__ENUM_INT
    at gtkmarshalers.c line 286
  • #10 IA__g_closure_invoke
    at gclosure.c line 767
  • #11 signal_emit_unlocked_R
    at gsignal.c line 3281
  • #12 gtk_binding_entry_activate
    at gtkbindings.c line 537
  • #13 binding_match_activate
    at gtkbindings.c line 1123
  • #14 gtk_bindings_activate_list
    at gtkbindings.c line 1268
  • #15 IA__gtk_bindings_activate_event
    at gtkbindings.c line 1363
  • #16 gtk_tree_view_key_press
    at gtktreeview.c line 5433
  • #17 _gtk_marshal_BOOLEAN__BOXED
    at gtkmarshalers.c line 84
  • #18 IA__g_closure_invoke
    at gclosure.c line 767
  • #19 signal_emit_unlocked_R
    at gsignal.c line 3281
  • #20 IA__g_signal_emit_valist
    at gsignal.c line 2986
  • #21 IA__g_signal_emit
    at gsignal.c line 3033
  • #22 gtk_widget_event_internal
    at gtkwidget.c line 4941
  • #23 IA__gtk_window_propagate_key_event
    at gtkwindow.c line 5177
  • #24 gtk_window_key_press_event
    at gtkwindow.c line 5207
  • #25 _gtk_marshal_BOOLEAN__BOXED
    at gtkmarshalers.c line 84
  • #26 IA__g_closure_invoke
    at gclosure.c line 767
  • #27 signal_emit_unlocked_R
    at gsignal.c line 3281
  • #28 IA__g_signal_emit_valist
    at gsignal.c line 2986
  • #29 IA__g_signal_emit
    at gsignal.c line 3033
  • #30 gtk_widget_event_internal
    at gtkwidget.c line 4941
  • #31 IA__gtk_propagate_event
    at gtkmain.c line 2416
  • #32 IA__gtk_main_do_event
    at gtkmain.c line 1647
  • #33 gdk_event_dispatch
    at gdkevents-x11.c line 2372
  • #34 g_main_dispatch
    at gmain.c line 1960
  • #35 IA__g_main_context_dispatch
    at gmain.c line 2513
  • #36 g_main_context_iterate
    at gmain.c line 2591
  • #37 IA__g_main_loop_run
    at gmain.c line 2799
  • #38 IA__gtk_main
    at gtkmain.c line 1219 

	Inferior 1 [process 4997] will be detached.

Quit anyway? (y or n) [answered Y; input not from terminal]
Comment 1 Cosimo Cecchi 2010-04-27 10:52:34 UTC 
-> gtk+
Comment 2 Cosimo Cecchi 2010-04-27 10:52:45 UTC 
*** Bug 616299 has been marked as a duplicate of this bug. ***
Comment 3 Orlov Sergey 2010-07-30 18:54:27 UTC 
Created attachment 166849 [details] [review]
Fix unstable segfault error in treeview after pressing page down button

This patch for gtk+-2.18.9
Comment 4 Orlov Sergey 2010-07-30 18:56:56 UTC 
I have the same problem.

In both cases (nautilus and system-monitor) tree view model has many periodical (by g_timeout and g_idle) changes (deleting and inserting row). Treeview queue size-request operation after change. By default this operation will perform only in idle mode. If we press “PageDown” button after row deletion treeview cursor position can go out of treevew height. The following block of code must pervent this situation (gtktreeview.c:9700 in gtk+-2.18.9):

  if (y >=tree_view->priv->heigth) 
    y = tree_view->priv->heigth - 1;

But tree_view->priv->height will be correct only after tree view processed size-request. If we press “PageDown” immediately after deletion, size-request doesn’t yet processed by treeview.
If cursor offset become more then tree_view->priv->heigth - <height of deleted row> then function _gtk_rbtree_find_offset return cursor_tree and cursor_node as NULL. Accordingly macro BACKGROUND_HEIGHT (cursor_node) (gtktreeview.c:9707 in gtk+-2.18.9)  raise segmentation fault error

Attached patch include force call of gtk_container_check_resize if one of treeview’s parent has pending resize.

Sorry for my English.
Comment 5 Matthias Clasen 2010-08-05 00:08:11 UTC 
I don't think this fix is the best one. If you look in the cursor motion functions around there, we already have numerous instances of 

  if (cursor_tree == NULL)
    {
      /* FIXME: we lost the cursor.  Should we try to get one? */
      gtk_tree_path_free (old_cursor_path);
      return;
    }

We should probably just add one more after the find_offset call.
Comment 6 Kristian Rietveld 2010-08-05 08:45:14 UTC 
I agree with Matthias.
Comment 7 Kristian Rietveld 2010-08-05 08:45:44 UTC 
Could somebody test if the proposed fix from comment 5 will solve the problem?  I don't have a stand-alone test case handy here ...
Comment 8 Orlov Sergey 2010-08-05 19:32:46 UTC 
It fix segfault, but:

1. tree_view->priv->cursor_offset = _gtk_rbtree_find_offset (tree_view->priv->tree, y, &cursor_tree, &cursor_node); cursor_offset will become zero
2. "PageDown" click (when tree cursor near bottom and click happened after row deleting and before size-request exceucting) will ignore

If isn't essential, then decision from comment 5 is better.