After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 691306 - segfault when closing secondary window
segfault when closing secondary window
Status: RESOLVED DUPLICATE of bug 690118
Product: epiphany
Classification: Core
Component: General
git master
Other Linux
: Normal major
: ---
Assigned To: Epiphany Maintainers
Epiphany Maintainers
Depends on:
Blocks:
 
 
Reported: 2013-01-07 18:54 UTC by Alban Browaeys
Modified: 2013-01-08 15:35 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Free the UI in ephy_window_finalize not dispose. (2.55 KB, patch)
2013-01-07 18:54 UTC, Alban Browaeys
reviewed Details | Review

Description Alban Browaeys 2013-01-07 18:54:32 UTC
Created attachment 232916 [details] [review]
Free the UI in ephy_window_finalize not dispose.

[PATCH] Free the UI in ephy_window_finalize not dispose.

I one open a second window and press "<Ctrl>+w",
then the ephy_window_dispose function is called by
 in the food chain. The former finalize the ui manager
inside the handler for "activate" of the accelerator
"<Ctrl>+w". This manager finalization leaves only one
reference on the handler for "activate" "<Ctrl>+w".
One is then freed by the g_closure_invoke (from
signal_emit_unlock_R <- g_signal_emit_valist <- g_signal_emit
<- gtk_accel_group_activate <- gtk_accel_groups_activate
<- gtk_window_activate_key <- gtk_window_key_press_event
<- ephy_window_key_press_event
with signal "activate" and quark 2373 (here "<Primary>w" )
 closure_invoke_notifiers call,then signal_emit_unlocked_R attempt
 to unref the handler with a critical warning (there is then another:
(epiphany:19148): GLib-GObject-CRITICAL **: handler_unref_R: assertion
`handler->ref_count > 0' failed
and a:
(epiphany:19148): GLib-GObject-WARNING **:
/home/prahal/checkout/gnome/glib/gobject/gclosure.c:697: unable to
remove uninstalled invalidation notifier: 0x7ffff1025dad
(0x7fff7801f000)
.

This is with a glib patch that uses remove_invalid_closure_notify
in invalid_closure_notify instead of just setting:
handler->has_invalid_closure_notify to 0.
Otherwise plain segfault ensue from above explanation
as when the invalid_closure_notify is called the handler is already
unreffed and unregistered. Thus when handler_lookup return NULL as
handler segfault ensue from handler->has_invalid_closure_notify
dereference.


Happy epiphany !
Comment 1 Xan Lopez 2013-01-08 15:34:46 UTC
Hey, thanks for the patch. I must say I'm not really getting what's the problem here, so I'll just say a couple of things:

- In theory references have to be dropped in dispose, not finalize, so your patch is going in the wrong direction. It might be OK to do this to workaround some bug, but it would require some thorough explanation.

- In general it just feels like we are hiding the bug instead of fixing it. Why is this crashing in the first place? What has changed recently to make it so?

FWIW it seemed like the culprit could be some changes in glib (see bug #689919), but Gustavo said it seemed unrelated (see bug #690118), so I think this just needs a more thorough investigation. FWIW Gustavo's patch, if anything, would seem more appropriate than yours.

I'll close this as dupe of bug #690118, we can continue our conversation there!

*** This bug has been marked as a duplicate of bug 690118 ***