GNOME Bugzilla – Bug 672775
crash when hitting PrtSc multiple times
Last modified: 2012-03-26 15:55:50 UTC
Created attachment 210538 [details] stacktrace First filed here: https://bugzilla.redhat.com//show_bug.cgi?id=806034 When hitting PrtSc or Ctrl-PrtSc multiple times in a row, the shell tends to crash. See attached stacktrace
Created attachment 210548 [details] [review] shell-screenshot: Remove ShellScreenshot and fall back to functions For reasons unknown, the ShellScreenshot object is being finalized improperly, making GJS crash when it tries to call the callback. Just remove the object for now, and figure out the real issue later. It seems that when trying to send the Screenshot back to JS, it's already destroyed, so gjs crashes when trying to turn the stal pointer back into a GObject. The easy hack fix is to remove the ShellScreenshot object, as it's just a silly wrapper around a ShellGlobal, and doesn't need to exist. Of course, this is just a hack fix -- we should investigate why the object is being improperly destroyed.
Created attachment 210577 [details] [review] screenshot: Remove harmful empty finalizer We really should be chaining up in the finalizer, but instead of leaving an empty finalize, remove it entirely. If you don't like that fix, there's this one instead. Take your pick.
Created attachment 210578 [details] [review] screenshot: Ensure that ShellScreenshot stays alive until the callback We've been dangling on the edge of unsafety, unnoticed, for a little while about the reference count safety of ShellScreenshot. GJS owns the entire reference count, so as soon as it goes out of scope it could die, causing GJS to try and fetch the corresponding wrapper object for a stale pointer. We haven't seen any crashes because of luck -- SpiderMonkey tries to group together deallocations to limit GC pauses, and there isn't really a lot of GC pressure in the duration that a screenshot happens, so we tend to be mostly stable. But in the case that you create a lot of objects while a screenshot is going on, by hammering the "Print Screen" button, for example, you can destroy the GObject before the callback finishes.
Review of attachment 210548 [details] [review]: No.
Review of attachment 210577 [details] [review]: Looks good.
Review of attachment 210578 [details] [review]: Looks good.
Attachment 210577 [details] pushed as 07e10fa - screenshot: Remove harmful empty finalizer Attachment 210578 [details] pushed as 2b87bb0 - screenshot: Ensure that ShellScreenshot stays alive until the callback