Bug 645198 – Segfault while scrolling the path bar

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 645198 - Segfault while scrolling the path bar


Summary:	Segfault while scrolling the path bar


Status:	RESOLVED FIXED

Product:	nautilus
Classification:	Core
Component:	Path Bar
Version:	2.32.x
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Nautilus Maintainers
QA Contact:	Nautilus Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2011-03-19 02:24 UTC by 95jx49498
Modified:	2011-03-21 15:36 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description 95jx49498 2011-03-19 02:24:47 UTC

When i scroll the path bar, i get a segfault.
Here is the stack trace:

Program received signal SIGSEGV, Segmentation fault.
-----------------------------------------------------------------------------------------------------------------------[regs]
  RAX: 0x0000000000000000  RBX: 0x00007FFFE2A85060  RCX: 0x0000000000000004  RDX: 0x0000000000000018  o d I t s z A P c 
  RSI: 0x00000000023C3000  RDI: 0x00000000029FD460  RBP: 0x00007FFFE2A84E80  RSP: 0x00007FFFE2A84E10  RIP: 0x00000000004542B8
  R8 : 0x00007F901E9FE528  R9 : 0x0000000000007397  R10: 0x0000000000000000  R11: 0x0000000000000001  R12: 0x0000000000453D8B
  R13: 0x00000000026FD8F0  R14: 0x0000000002870260  R15: 0x00007FFFE2A85060
  CS: 0033  DS: 0000  ES: 0000  FS: 0000  GS: 0000  SS: 002B				
-----------------------------------------------------------------------------------------------------------------------[code]
=> 0x4542b8 <nautilus_path_bar_scroll_down+553>:	mov    rax,QWORD PTR [rax+0x10]
   0x4542bc <nautilus_path_bar_scroll_down+557>:	mov    QWORD PTR [rbp-0x18],rax
   0x4542c0 <nautilus_path_bar_scroll_down+561>:	mov    rax,QWORD PTR [rbp-0x68]
   0x4542c4 <nautilus_path_bar_scroll_down+565>:	mov    rdx,QWORD PTR [rbp-0x18]
   0x4542c8 <nautilus_path_bar_scroll_down+569>:	mov    QWORD PTR [rax+0xa0],rdx
   0x4542cf <nautilus_path_bar_scroll_down+576>:	mov    eax,DWORD PTR [rbp-0x1c]
   0x4542d2 <nautilus_path_bar_scroll_down+579>:	cmp    eax,DWORD PTR [rbp-0x28]
   0x4542d5 <nautilus_path_bar_scroll_down+582>:	jl     0x45429f <nautilus_path_bar_scroll_down+528>
-----------------------------------------------------------------------------------------------------------------------------
0x00000000004542b8 in nautilus_path_bar_scroll_down (path_bar=0x26fd8f0) at nautilus-pathbar.c:931
931	                up_button = up_button->prev;
gdb$ bt

+ Trace 226380

#0 nautilus_path_bar_scroll_down
at nautilus-pathbar.c line 931
#1 nautilus_path_bar_scroll
at nautilus-pathbar.c line 773
#2 ??
from /usr/lib/libgtk-x11-2.0.so.0
#3 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#4 ??
from /usr/lib/libgobject-2.0.so.0
#5 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#6 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#7 ??
from /usr/lib/libgtk-x11-2.0.so.0
#8 gtk_propagate_event
from /usr/lib/libgtk-x11-2.0.so.0
#9 gtk_main_do_event
from /usr/lib/libgtk-x11-2.0.so.0
#10 ??
from /usr/lib/libgdk-x11-2.0.so.0
#11 g_main_context_dispatch
from /usr/lib/libglib-2.0.so.0
#12 ??
from /usr/lib/libglib-2.0.so.0
#13 g_main_loop_run
from /usr/lib/libglib-2.0.so.0
#14 gtk_main
from /usr/lib/libgtk-x11-2.0.so.0
#15 main
at nautilus-main.c line 544

Comment 1 Akhil Laddha 2011-03-19 17:49:48 UTC

If you can reproduce it, can you please install debuginfo packages of gtk+, glib2, X11 and provide updated traces, tia.

Comment 2 95jx49498 2011-03-19 19:50:43 UTC

gdb$ bt

+ Trace 226388

#0 nautilus_path_bar_scroll_down
at nautilus-pathbar.c line 931
#1 nautilus_path_bar_scroll
at nautilus-pathbar.c line 773
#2 _gtk_marshal_BOOLEAN__BOXED
at gtkmarshalers.c line 86
#3 g_type_class_meta_marshal
at gclosure.c line 877
#4 g_closure_invoke
at gclosure.c line 766
#5 signal_emit_unlocked_R
at gsignal.c line 3290
#6 g_signal_emit_valist
at gsignal.c line 2993
#7 g_signal_emit
at gsignal.c line 3040
#8 gtk_widget_event_internal
at gtkwidget.c line 4977
#9 IA__gtk_widget_event
at gtkwidget.c line 4774
#10 IA__gtk_propagate_event
at gtkmain.c line 2460
#11 IA__gtk_main_do_event
at gtkmain.c line 1626
#12 gdk_event_dispatch
at gdkevents-x11.c line 2377
#13 g_main_dispatch
at gmain.c line 2149
#14 g_main_context_dispatch
at gmain.c line 2702
#15 g_main_context_iterate
at gmain.c line 2780
#16 g_main_loop_run
at gmain.c line 2988
#17 IA__gtk_main
at gtkmain.c line 1237
#18 main
at nautilus-main.c line 544

Comment 3 Cosimo Cecchi 2011-03-21 13:44:54 UTC

I can't really reproduce this here, but we were actually unconditionally iterating over pointers in a while(), so I see how it could crash. I pushed a fix to master.

Comment 4 95jx49498 2011-03-21 15:19:19 UTC

The fix seems to work. I can't reproduce the problem anymore.

Comment 5 Cosimo Cecchi 2011-03-21 15:36:53 UTC

Thanks for testing, glad it worked.