GNOME Bugzilla – Bug 699262
Nullify the gobject cache accessible when the accessible is finalized.
Last modified: 2013-05-06 11:50:06 UTC
Created attachment 242846 [details] [review] Nullify the gobject cache accessible when the accessible is finalized. When the gobject is disposed the weak reference finalize the accessible. But the gobject could still be reference thus not finalized. As the gobject still holds the accessible in its qdata, next call to atk_gobject_accessible_for_object returns the old accessible freed memory. If the caller attempts to do anything with this memory as if an atkobject it segfaults. This happens here : gnome-shell segfault when the password prompt it generates is triggered more than once. As the clutter stage still holds a reference to the StIMText, which wasdisposed when the password widget was destroyed with the end of the first password widget, when the second password prompt attempt notify key focus to the old widget, it gets its accessible (now freed memory) via the StIMText qdata cache, and pass this to atk_object_notify_state_change.
gnome shell backtrace about this atk issue: Firs gnoem-shell password prompt destroyed (valid): Breakpoint 1, atk_object_finalize (object=0x415bf40 [CallyText]) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/atk/atk/atkobject.c:1354 1354 g_return_if_fail (ATK_IS_OBJECT (object)); (gdb) bt
+ Trace 231876
$1 = 0x7886cf0 [StIMText] (gdb)
Review of attachment 242846 [details] [review]: Looks good
(In reply to comment #2) > Review of attachment 242846 [details] [review]: > > Looks good I noted that I accepted the patch some days ago, but you didn't commit it and in the same time you provided more bugs and patches (thanks!). I assumed that you had commit access. Is that the case? or do you need me to commit your patch?
indeed I do not have commit access. I forgot to tell .
(In reply to comment #4) > indeed I do not have commit access. I forgot to tell . Committed in your behalf. Closing the bug. Thanks