GNOME Bugzilla – Bug 678561
evince hits abort() in gtkfilechooser code on save
Last modified: 2016-01-16 19:52:24 UTC
The bug has been reported on https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/955505 "gtk 3.3.18
+ Trace 230401
That specific bug summary is "The crash occurred after canceling the save a copy of the document I was viewing" That seems a frequent issue impacting on different applications and still happening in GNOME 3.4.2
(the evince instance itself got 250 reports on errors.ubuntu.com this month)
That looks like random memory corruption; got a valgrind log?
Note sure if that's this specific issue but I got those in valgrind playing with the selector (gtk 3.4.1): ==13619== 1 errors in context 5 of 1278: ==13619== Invalid read of size 4 ==13619== at 0x4E9DCB9: gtk_icon_view_accessible_model_row_deleted (gtkiconviewaccessible.c:1120) ==13619== by 0x53355C1: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==13619== by 0x5332735: g_closure_invoke (gclosure.c:777) ==13619== by 0x5345469: signal_emit_unlocked_R (gsignal.c:3621) ==13619== by 0x534D75A: g_signal_emit_valist (gsignal.c:3300) ==13619== by 0x534D952: g_signal_emit (gsignal.c:3356) ==13619== by 0x4E06E29: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==13619== by 0x4CFA650: gtk_list_store_remove (gtkliststore.c:1231) ==13619== by 0x4CFAED9: gtk_list_store_clear (gtkliststore.c:1450) ==13619== by 0xFAF9737: ??? ==13619== Address 0xfa031c8 is 32 bytes inside a block of size 48 free'd ==13619== at 0x482B06C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==13619== by 0x53E6BEA: standard_free (gmem.c:98) ==13619== by 0x53E6D5F: g_free (gmem.c:252) ==13619== by 0x53FC4FA: g_slice_free1 (gslice.c:1111) ==13619== by 0x4CD4C06: gtk_icon_view_item_free (gtkiconview.c:3030) ==13619== by 0x4CD4EA4: gtk_icon_view_row_deleted (gtkiconview.c:3262) ==13619== by 0x53355C1: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==13619== by 0x5332735: g_closure_invoke (gclosure.c:777) ==13619== by 0x53452DE: signal_emit_unlocked_R (gsignal.c:3551) ==13619== by 0x534D75A: g_signal_emit_valist (gsignal.c:3300) ==13619== by 0x534D952: g_signal_emit (gsignal.c:3356) ==13619== by 0x4E06E29: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==13619== by 0x4CFA650: gtk_list_store_remove (gtkliststore.c:1231) ==13619== by 0x4CFAED9: gtk_list_store_clear (gtkliststore.c:1450) ==13619== by 0xFAF9737: ???
those as well "==13619== Invalid read of size 4 ==13619== at 0x4E9DA67: gtk_icon_view_item_accessible_is_showing (gtkiconviewaccessible.c:708) ==13619== by 0x4E9DB52: gtk_icon_view_item_accessible_set_visibility (gtkiconviewaccessible.c:723) ==13619== by 0x4E9DC35: gtk_icon_view_accessible_traverse_items (gtkiconviewaccessible.c:990) ==13619== by 0x4E9DCD7: gtk_icon_view_accessible_model_row_deleted (gtkiconviewaccessible.c:1130) ==13619== by 0x53355C1: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==13619== by 0x5332735: g_closure_invoke (gclosure.c:777) ==13619== by 0x5345469: signal_emit_unlocked_R (gsignal.c:3621) ==13619== by 0x534D75A: g_signal_emit_valist (gsignal.c:3300) ==13619== by 0x534D952: g_signal_emit (gsignal.c:3356) ==13619== by 0x4E06E29: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==13619== by 0x4CFA650: gtk_list_store_remove (gtkliststore.c:1231) ==13619== by 0x4CFAED9: gtk_list_store_clear (gtkliststore.c:1450) ==13619== by 0xFAF9737: ??? ==13619== Address 0xfa031b0 is 8 bytes inside a block of size 48 free'd ==13619== at 0x482B06C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==13619== by 0x53E6BEA: standard_free (gmem.c:98) ==13619== by 0x53E6D5F: g_free (gmem.c:252) ==13619== by 0x53FC4FA: g_slice_free1 (gslice.c:1111) ==13619== by 0x4CD4C06: gtk_icon_view_item_free (gtkiconview.c:3030) ==13619== by 0x4CD4EA4: gtk_icon_view_row_deleted (gtkiconview.c:3262) ==13619== by 0x53355C1: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==13619== by 0x5332735: g_closure_invoke (gclosure.c:777) ==13619== by 0x53452DE: signal_emit_unlocked_R (gsignal.c:3551) ==13619== by 0x534D75A: g_signal_emit_valist (gsignal.c:3300) ==13619== by 0x534D952: g_signal_emit (gsignal.c:3356) ==13619== by 0x4E06E29: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==13619== by 0x4CFA650: gtk_list_store_remove (gtkliststore.c:1231) ==13619== by 0x4CFAED9: gtk_list_store_clear (gtkliststore.c:1450) ==13619== by 0xFAF9737: ???"
-> a11y
Similar downstream bug report from evolution 3.4.4: https://bugzilla.redhat.com/show_bug.cgi?id=859993
(In reply to comment #7) > Similar downstream bug report from evolution 3.4.4: > https://bugzilla.redhat.com/show_bug.cgi?id=859993 I am seeing that too with Debian Sid/unstable and Evolution 3.4.4 and libgail-3-0:i386 3.4.2-5. $ G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=50 --suppressions=valgrind-python.supp --log-file=/tmp/20130115--evolution-valgrind.log evolution […] ==17582== Invalid read of size 4 ==17582== at 0x4E6238B: gtk_icon_view_accessible_model_row_deleted (gtkiconviewaccessible.c:1120) ==17582== by 0x5213C39: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==17582== by 0x5210E75: g_closure_invoke (gclosure.c:777) ==17582== by 0x5222C95: signal_emit_unlocked_R (gsignal.c:3621) ==17582== by 0x522AB55: g_signal_emit_valist (gsignal.c:3300) ==17582== by 0x522ACD2: g_signal_emit (gsignal.c:3356) ==17582== by 0x4DCBDE9: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==17582== by 0x4CC0DF0: gtk_list_store_remove (gtkliststore.c:1231) ==17582== by 0x4CC1689: gtk_list_store_clear (gtkliststore.c:1450) ==17582== by 0x2F7D8797: ??? ==17582== Address 0x284f63e0 is 32 bytes inside a block of size 48 free'd ==17582== at 0x482768C: free (vg_replace_malloc.c:446) ==17582== by 0x52A377A: standard_free (gmem.c:98) ==17582== by 0x52A38EF: g_free (gmem.c:252) ==17582== by 0x52B91BA: g_slice_free1 (gslice.c:1111) ==17582== by 0x4C9B386: gtk_icon_view_item_free (gtkiconview.c:3030) ==17582== by 0x4C9B626: gtk_icon_view_row_deleted (gtkiconview.c:3262) ==17582== by 0x5213C39: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==17582== by 0x5210E75: g_closure_invoke (gclosure.c:777) ==17582== by 0x5222944: signal_emit_unlocked_R (gsignal.c:3551) ==17582== by 0x522AB55: g_signal_emit_valist (gsignal.c:3300) ==17582== by 0x522ACD2: g_signal_emit (gsignal.c:3356) ==17582== by 0x4DCBDE9: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==17582== by 0x4CC0DF0: gtk_list_store_remove (gtkliststore.c:1231) ==17582== by 0x4CC1689: gtk_list_store_clear (gtkliststore.c:1450) ==17582== by 0x2F7D8797: ??? ==17582== ==17582== Invalid read of size 4 ==17582== at 0x4E60E6A: gtk_icon_view_item_accessible_is_showing (gtkiconviewaccessible.c:708) ==17582== by 0x4E62222: gtk_icon_view_item_accessible_set_visibility (gtkiconviewaccessible.c:723) ==17582== by 0x4E62315: gtk_icon_view_accessible_traverse_items (gtkiconviewaccessible.c:990) ==17582== by 0x4E623C8: gtk_icon_view_accessible_model_row_deleted (gtkiconviewaccessible.c:1130) ==17582== by 0x5213C39: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==17582== by 0x5210E75: g_closure_invoke (gclosure.c:777) ==17582== by 0x5222C95: signal_emit_unlocked_R (gsignal.c:3621) ==17582== by 0x522AB55: g_signal_emit_valist (gsignal.c:3300) ==17582== by 0x522ACD2: g_signal_emit (gsignal.c:3356) ==17582== by 0x4DCBDE9: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==17582== by 0x4CC0DF0: gtk_list_store_remove (gtkliststore.c:1231) ==17582== by 0x4CC1689: gtk_list_store_clear (gtkliststore.c:1450) ==17582== by 0x2F7D8797: ??? ==17582== Address 0x284f63c0 is 0 bytes inside a block of size 48 free'd ==17582== at 0x482768C: free (vg_replace_malloc.c:446) ==17582== by 0x52A377A: standard_free (gmem.c:98) ==17582== by 0x52A38EF: g_free (gmem.c:252) ==17582== by 0x52B91BA: g_slice_free1 (gslice.c:1111) ==17582== by 0x4C9B386: gtk_icon_view_item_free (gtkiconview.c:3030) ==17582== by 0x4C9B626: gtk_icon_view_row_deleted (gtkiconview.c:3262) ==17582== by 0x5213C39: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==17582== by 0x5210E75: g_closure_invoke (gclosure.c:777) ==17582== by 0x5222944: signal_emit_unlocked_R (gsignal.c:3551) ==17582== by 0x522AB55: g_signal_emit_valist (gsignal.c:3300) ==17582== by 0x522ACD2: g_signal_emit (gsignal.c:3356) ==17582== by 0x4DCBDE9: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==17582== by 0x4CC0DF0: gtk_list_store_remove (gtkliststore.c:1231) ==17582== by 0x4CC1689: gtk_list_store_clear (gtkliststore.c:1450) ==17582== by 0x2F7D8797: ??? ==17582== ==17582== Invalid read of size 4 ==17582== at 0x4E60E6C: gtk_icon_view_item_accessible_is_showing (gtkiconviewaccessible.c:708) ==17582== by 0x4E62222: gtk_icon_view_item_accessible_set_visibility (gtkiconviewaccessible.c:723) ==17582== by 0x4E62315: gtk_icon_view_accessible_traverse_items (gtkiconviewaccessible.c:990) ==17582== by 0x4E623C8: gtk_icon_view_accessible_model_row_deleted (gtkiconviewaccessible.c:1130) ==17582== by 0x5213C39: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==17582== by 0x5210E75: g_closure_invoke (gclosure.c:777) ==17582== by 0x5222C95: signal_emit_unlocked_R (gsignal.c:3621) ==17582== by 0x522AB55: g_signal_emit_valist (gsignal.c:3300) ==17582== by 0x522ACD2: g_signal_emit (gsignal.c:3356) ==17582== by 0x4DCBDE9: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==17582== by 0x4CC0DF0: gtk_list_store_remove (gtkliststore.c:1231) ==17582== by 0x4CC1689: gtk_list_store_clear (gtkliststore.c:1450) ==17582== by 0x2F7D8797: ??? ==17582== Address 0x284f63c8 is 8 bytes inside a block of size 48 free'd ==17582== at 0x482768C: free (vg_replace_malloc.c:446) ==17582== by 0x52A377A: standard_free (gmem.c:98) ==17582== by 0x52A38EF: g_free (gmem.c:252) ==17582== by 0x52B91BA: g_slice_free1 (gslice.c:1111) ==17582== by 0x4C9B386: gtk_icon_view_item_free (gtkiconview.c:3030) ==17582== by 0x4C9B626: gtk_icon_view_row_deleted (gtkiconview.c:3262) ==17582== by 0x5213C39: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==17582== by 0x5210E75: g_closure_invoke (gclosure.c:777) ==17582== by 0x5222944: signal_emit_unlocked_R (gsignal.c:3551) ==17582== by 0x522AB55: g_signal_emit_valist (gsignal.c:3300) ==17582== by 0x522ACD2: g_signal_emit (gsignal.c:3356) ==17582== by 0x4DCBDE9: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==17582== by 0x4CC0DF0: gtk_list_store_remove (gtkliststore.c:1231) ==17582== by 0x4CC1689: gtk_list_store_clear (gtkliststore.c:1450) ==17582== by 0x2F7D8797: ??? ==17582== ==17582== Invalid read of size 4 ==17582== at 0x4E60E75: gtk_icon_view_item_accessible_is_showing (gtkiconviewaccessible.c:709) ==17582== by 0x4E62222: gtk_icon_view_item_accessible_set_visibility (gtkiconviewaccessible.c:723) ==17582== by 0x4E62315: gtk_icon_view_accessible_traverse_items (gtkiconviewaccessible.c:990) ==17582== by 0x4E623C8: gtk_icon_view_accessible_model_row_deleted (gtkiconviewaccessible.c:1130) ==17582== by 0x5213C39: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==17582== by 0x5210E75: g_closure_invoke (gclosure.c:777) ==17582== by 0x5222C95: signal_emit_unlocked_R (gsignal.c:3621) ==17582== by 0x522AB55: g_signal_emit_valist (gsignal.c:3300) ==17582== by 0x522ACD2: g_signal_emit (gsignal.c:3356) ==17582== by 0x4DCBDE9: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==17582== by 0x4CC0DF0: gtk_list_store_remove (gtkliststore.c:1231) ==17582== by 0x4CC1689: gtk_list_store_clear (gtkliststore.c:1450) ==17582== by 0x2F7D8797: ??? ==17582== Address 0x284f63c4 is 4 bytes inside a block of size 48 free'd ==17582== at 0x482768C: free (vg_replace_malloc.c:446) ==17582== by 0x52A377A: standard_free (gmem.c:98) ==17582== by 0x52A38EF: g_free (gmem.c:252) ==17582== by 0x52B91BA: g_slice_free1 (gslice.c:1111) ==17582== by 0x4C9B386: gtk_icon_view_item_free (gtkiconview.c:3030) ==17582== by 0x4C9B626: gtk_icon_view_row_deleted (gtkiconview.c:3262) ==17582== by 0x5213C39: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==17582== by 0x5210E75: g_closure_invoke (gclosure.c:777) ==17582== by 0x5222944: signal_emit_unlocked_R (gsignal.c:3551) ==17582== by 0x522AB55: g_signal_emit_valist (gsignal.c:3300) ==17582== by 0x522ACD2: g_signal_emit (gsignal.c:3356) ==17582== by 0x4DCBDE9: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==17582== by 0x4CC0DF0: gtk_list_store_remove (gtkliststore.c:1231) ==17582== by 0x4CC1689: gtk_list_store_clear (gtkliststore.c:1450) ==17582== by 0x2F7D8797: ??? ==17582== ==17582== Invalid read of size 4 ==17582== at 0x4E60E78: gtk_icon_view_item_accessible_is_showing (gtkiconviewaccessible.c:709) ==17582== by 0x4E62222: gtk_icon_view_item_accessible_set_visibility (gtkiconviewaccessible.c:723) ==17582== by 0x4E62315: gtk_icon_view_accessible_traverse_items (gtkiconviewaccessible.c:990) ==17582== by 0x4E623C8: gtk_icon_view_accessible_model_row_deleted (gtkiconviewaccessible.c:1130) ==17582== by 0x5213C39: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==17582== by 0x5210E75: g_closure_invoke (gclosure.c:777) ==17582== by 0x5222C95: signal_emit_unlocked_R (gsignal.c:3621) ==17582== by 0x522AB55: g_signal_emit_valist (gsignal.c:3300) ==17582== by 0x522ACD2: g_signal_emit (gsignal.c:3356) ==17582== by 0x4DCBDE9: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==17582== by 0x4CC0DF0: gtk_list_store_remove (gtkliststore.c:1231) ==17582== by 0x4CC1689: gtk_list_store_clear (gtkliststore.c:1450) ==17582== by 0x2F7D8797: ??? ==17582== Address 0x284f63cc is 12 bytes inside a block of size 48 free'd ==17582== at 0x482768C: free (vg_replace_malloc.c:446) ==17582== by 0x52A377A: standard_free (gmem.c:98) ==17582== by 0x52A38EF: g_free (gmem.c:252) ==17582== by 0x52B91BA: g_slice_free1 (gslice.c:1111) ==17582== by 0x4C9B386: gtk_icon_view_item_free (gtkiconview.c:3030) ==17582== by 0x4C9B626: gtk_icon_view_row_deleted (gtkiconview.c:3262) ==17582== by 0x5213C39: g_cclosure_marshal_VOID__BOXED (gmarshal.c:1120) ==17582== by 0x5210E75: g_closure_invoke (gclosure.c:777) ==17582== by 0x5222944: signal_emit_unlocked_R (gsignal.c:3551) ==17582== by 0x522AB55: g_signal_emit_valist (gsignal.c:3300) ==17582== by 0x522ACD2: g_signal_emit (gsignal.c:3356) ==17582== by 0x4DCBDE9: gtk_tree_model_row_deleted (gtktreemodel.c:1868) ==17582== by 0x4CC0DF0: gtk_list_store_remove (gtkliststore.c:1231) ==17582== by 0x4CC1689: gtk_list_store_clear (gtkliststore.c:1450) ==17582== by 0x2F7D8797: ??? […]
Sadly, I think the stack traces her are too old to be much use anymore. Let's close this. If this still happens, we will get reports with more useful stacktraces.