Bug 669186 – nautilus segfaults in nautilus_window_pane_close_slot() (valgrind invalid write error)

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 669186 - nautilus segfaults in nautilus_window_pane_close_slot() (valgrind invalid write error)


Summary:	nautilus segfaults in nautilus_window_pane_close_slot() (valgrind invalid wri...


Status:	RESOLVED FIXED

Product:	nautilus
Classification:	Core
Component:	Tabs
Version:	3.3.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Nautilus Maintainers
QA Contact:	Nautilus Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2012-02-01 16:01 UTC by Sebastien Bacher
Modified:	2012-02-08 14:58 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Sebastien Bacher 2012-02-01 16:01:36 UTC

The bug has been reported on 
https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/918907
using nautilus 3.2.1

"Nautilus crashed when I closed a nautilus tab from a local folder.

+ Trace 229575

#0 g_type_check_instance_is_a
at /build/buildd/glib2.0-2.30.0/./gobject/gtype.c line 3952
#1 g_object_unref
at /build/buildd/glib2.0-2.30.0/./gobject/gobject.c line 2680
#2 g_list_foreach
at /build/buildd/glib2.0-2.30.0/./glib/glist.c line 938
#3 g_list_free_full
at /build/buildd/glib2.0-2.30.0/./glib/glist.c line 217
#4 nautilus_window_slot_clear_back_list
at nautilus-window-slot.c line 737
#5 nautilus_window_slot_dispose
at nautilus-window-slot.c line 212
#6 g_object_run_dispose
at /build/buildd/glib2.0-2.30.0/./gobject/gobject.c line 945
#7 nautilus_window_close_slot
at nautilus-window.c line 952
#8 nautilus_window_pane_slot_close
at nautilus-window-pane.c line 944
#9 g_cclosure_marshal_VOID__OBJECT
at /build/buildd/glib2.0-2.30.0/./gobject/gmarshal.c line 644
#10 g_closure_invoke
at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c line 774
#11 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c line 3272
#12 g_signal_emit_valist
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c line 3003
#13 g_signal_emit
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c line 3060
#14 close_button_clicked_cb
at nautilus-notebook.c line 327
#15 g_cclosure_marshal_VOID__VOID
at /build/buildd/glib2.0-2.30.0/./gobject/gmarshal.c line 85
#16 g_closure_invoke
at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c line 774
#17 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c line 3272
#18 g_signal_emit_valist
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c line 3003
#19 g_signal_emit
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c line 3060
#20 gtk_button_button_release
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkbutton.c line 1722
#21 gtk_button_unrealize
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkbutton.c line 1325
#22 g_cclosure_marshal_VOID__VOID
at /build/buildd/glib2.0-2.30.0/./gobject/gmarshal.c line 85
#23 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c line 885
#24 g_closure_invoke
at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c line 774
#25 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c line 3202
#26 g_signal_emit_valist
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c line 3003
#27 g_signal_emit
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c line 3060
#28 gtk_button_button_press
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkbutton.c line 1703
#29 gtk_button_button_press
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkbutton.c line 1688
#30 gtk_button_released
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkbutton.c line 1181
#31 _gtk_boolean_handled_accumulator
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmain.c line 2660
#32 _XiCheckExtInit
at ../../src/XExtInt.c line 352
#33 XIDefineCursor
at ../../src/XIDefineCursor.c line 47
#34 g_type_value_table_peek
at /build/buildd/glib2.0-2.30.0/./gobject/gtype.c line 4150
#35 __pthread_mutex_unlock_usercnt
at pthread_mutex_unlock.c line 36
#36 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c line 3310
#37 g_signal_emit_valist
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c line 3013
#38 g_signal_emit
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c line 3060
#39 gtk_widget_event_internal
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwidget.c line 6127
#40 gtk_propagate_event
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmain.c line 2571
#41 gtk_main_do_event
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmain.c line 1870
#42 _gdk_event_emit
at /build/buildd/gtk+3.0-3.2.0/./gdk/gdkevents.c line 71
#43 gdk_event_source_dispatch
at /build/buildd/gtk+3.0-3.2.0/./gdk/x11/gdkeventsource.c line 360
#44 g_main_dispatch
at /build/buildd/glib2.0-2.30.0/./glib/gmain.c line 2441
#45 g_main_context_dispatch
at /build/buildd/glib2.0-2.30.0/./glib/gmain.c line 3011
#46 g_main_context_iterate
at /build/buildd/glib2.0-2.30.0/./glib/gmain.c line 3089
#47 g_main_loop_run
at /build/buildd/glib2.0-2.30.0/./glib/gmain.c line 3297
#48 gtk_get_default_language
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmain.c line 1344
#49 g_strfreev
at /build/buildd/glib2.0-2.30.0/./glib/gstrfuncs.c line 2571
#50 g_application_run
at /build/buildd/glib2.0-2.30.0/./gio/gapplication.c line 1323

Comment 1 Sebastien Bacher 2012-02-01 16:02:25 UTC

Using nautilus 3.3.4, running it under valgrind opening and closing some tabs using ctrl-W or clicking on the tab buttons I get this error:

"==20349== Invalid write of size 4
==20349==    at 0x80CB3D9: nautilus_window_pane_close_slot (nautilus-window-pane.c:1070)
==20349==    by 0x80CB492: nautilus_window_pane_slot_close (nautilus-window-pane.c:985)
==20349==    by 0x4BCF53B: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
==20349==    by 0x4BCDF8B: g_closure_invoke (gclosure.c:774)
==20349==    by 0x4BDF844: signal_emit_unlocked_R (gsignal.c:3302)
==20349==    by 0x4BE70C1: g_signal_emit_valist (gsignal.c:3033)
==20349==    by 0x47E2FF3: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.312.0)
==20349==  Address 0x1387bcc0 is 24 bytes inside a block of size 268 free'd
==20349==    at 0x402906C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==20349==    by 0x4C5CB5A: standard_free (gmem.c:98)
==20349==    by 0x4C5CCCF: g_free (gmem.c:252)
==20349==    by 0x4C710FA: g_slice_free1 (gslice.c:1111)
==20349==    by 0x4BEF401: g_type_free_instance (gtype.c:1937)
==20349==    by 0x4BD1A7A: g_object_unref (gobject.c:3021)
==20349==    by 0x4BD1AB1: g_value_object_free_value (gobject.c:3291)
==20349==    by 0x4BF35C5: g_value_unset (gvalue.c:276)
==20349==    by 0x4BE70E5: g_signal_emit_valist (gsignal.c:3062)
==20349==    by 0x4BE7252: g_signal_emit (gsignal.c:3090)
==20349==    by 0x43EE745: gtk_container_remove (gtkcontainer.c:1559)
==20349==    by 0x44C41E2: gtk_notebook_remove_page (gtknotebook.c:6999)
==20349==    by 0x80CB387: nautilus_window_pane_close_slot (nautilus-window-pane.c:1062)
==20349==    by 0x80CB492: nautilus_window_pane_slot_close (nautilus-window-pane.c:985)
==20349==    by 0x4BCF53B: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
==20349==    by 0x4BCDF8B: g_closure_invoke (gclosure.c:774)
==20349==    by 0x4BDF844: signal_emit_unlocked_R (gsignal.c:3302)
==20349==    by 0x4BE70C1: g_signal_emit_valist (gsignal.c:3033)
==20349==    by 0x47E2FF3: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.312.0)"

Comment 2 Cosimo Cecchi 2012-02-06 17:30:24 UTC

(In reply to comment #1)
> Using nautilus 3.3.4, running it under valgrind opening and closing some tabs
> using ctrl-W or clicking on the tab buttons I get this error

I fixed this invalid memory access in git master.
Not 100% sure about the original crash, but I reworked the slot/pane creation and closing code recently specifically to prevent those crashes from happening, so it might be fixed as well.

Comment 3 Sebastien Bacher 2012-02-08 14:58:06 UTC

let's assume it's fixed, I will reopen if we still get report about it