After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 635421 - Fix crash in check_needs_shadow
Fix crash in check_needs_shadow
Status: RESOLVED FIXED
Product: mutter
Classification: Core
Component: general
git master
Other Linux
: Normal normal
: ---
Assigned To: mutter-maint
mutter-maint
Depends on:
Blocks:
 
 
Reported: 2010-11-21 12:20 UTC by drago01
Modified: 2010-11-21 18:59 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
[MetaWindowActor] Fix crash in shadow shape creation (1.15 KB, patch)
2010-11-21 12:21 UTC, drago01 		reviewed Details | Review
[MetaWindowActor] Fix crash in shadow shape creation (2.51 KB, patch)
2010-11-21 18:35 UTC, drago01 		committed Details | Review

Description drago01 2010-11-21 12:20:53 UTC 
Backtrace:
---------
Program received signal SIGSEGV, Segmentation fault.
*INT_cairo_region_get_extents (region=0x0, extents=0x7fff0d74f1e0)
    at cairo-region.c:457
457	    if (region->status) {
(gdb) bt

+ Trace 224767

  • #0 *INT_cairo_region_get_extents
    at cairo-region.c line 457
  • #1 meta_window_shape_new
    at compositor/meta-window-shape.c line 54
  • #2 check_needs_shadow
    at compositor/meta-window-actor.c line 1897
  • #3 meta_window_actor_pre_paint
    at compositor/meta-window-actor.c line 2057
  • #4 pre_paint_windows
    at compositor/compositor.c line 1098
  • #5 meta_repaint_func
    at compositor/compositor.c line 1115
  • #6 _clutter_run_repaint_functions
    at ./clutter-main.c line 3147
  • #7 clutter_clock_dispatch
    at ./clutter-master-clock.c line 367
  • #8 g_main_dispatch
    at gmain.c line 2267
  • #9 g_main_context_dispatch
    at gmain.c line 2824
  • #10 g_main_context_iterate
    at gmain.c line 2902
  • #11 g_main_loop_run
    at gmain.c line 3110
  • #12 main
    at core/main.c line 722 

(See patch for details)
Comment 1 drago01 2010-11-21 12:21:23 UTC 
Created attachment 174946 [details] [review]
[MetaWindowActor] Fix crash in shadow shape creation

check_needs_shadow passes the shape_region to meta_window_shape_new for shaped
windows, which can be NULL for short lived windows, and thus causing a crash.

Fix that by falling back to the bounding_region in that case.
Comment 2 Owen Taylor 2010-11-21 16:59:54 UTC 
Review of attachment 174946 [details] [review]:

This looks basically good to me - it's presumably the same case as fixed by:

 http://bugzilla-attachments.gnome.org/attachment.cgi?id=174298

(which was squashed into a different patch before pushing the branch), where if the window is destroyed before we fetch it's shape, window->shape_region ends up as null. When I did that patch, I wasn't fully convinced that bounding_region would never be NULL under any circumstances, so I made it defensive against that as well. Can you do the same here? I'd do it with something lke:

if (priv->shadow_shape == NULL)
 {
   if (priv->shaped && priv->shape_region)
     priv->shadow_shape = meta_window_shape_new (priv->shape_region);
   else if (priv->bounding_region)
     priv->shadow_shape = meta_window_shape_new (priv->bounding_region);
  }

if (priv->shadow_shape != NULL)
  {
     /* variables moved from above into inner block where they are used */
     /* recomputation of shadow */
  }
Comment 3 drago01 2010-11-21 18:35:27 UTC 
Created attachment 174975 [details] [review]
[MetaWindowActor] Fix crash in shadow shape creation

Protect against shape_region or bounding_region being NULL in check_needs_shadow.

This can happen for short lived windows and result into a crash.
Comment 4 Owen Taylor 2010-11-21 18:43:55 UTC 
Review of attachment 174975 [details] [review]:

Looks good