After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 725733 - Crash when accessing freed AtkObject
Crash when accessing freed AtkObject
Status: RESOLVED FIXED
Product: gtk+
Classification: Platform
Component: Accessibility
3.10.x
Other Linux
: Normal normal
: ---
Assigned To: gtk-bugs
gtk-bugs
Depends on:
Blocks:
 
 
Reported: 2014-03-05 15:58 UTC by Marek Kašík
Modified: 2015-03-07 22:18 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Don't access freed AtkObject (1.15 KB, patch)
2014-03-05 15:58 UTC, Marek Kašík 		none Details | Review

Description Marek Kašík 2014-03-05 15:58:04 UTC 
Created attachment 271002 [details] [review]
Don't access freed AtkObject

Hi,

it showed during debugging of https://bugzilla.redhat.com/show_bug.cgi?id=1013457#c12 that GTK+ tries to access an already freed AtkObject in handler of GtkContainer's signal "remove". The signal is emitted during disposing of EvView class in evince here (see ev_view_dispose() in libview/ev-view.c):

G_OBJECT_CLASS (ev_view_parent_class)->dispose (object);

But the the AtkObject was freed few lines before:

g_clear_object(&view->accessible);

I think that the AtkObject should be passed to the g_signal_connect() with increased reference count (e.g. by g_signal_connect_object).

Attached patch fixes the problem from https://bugzilla.redhat.com/show_bug.cgi?id=1013457 for me.

Marek
Comment 1 Pavel Roskin 2015-03-07 20:53:51 UTC 
The patch doesn't apply to recent versions of gtk. Evince doesn't crash on Ctrl-W in text entry field anymore (up to date Fedora 21 x86_64, gtk3-3.14.9-1). I believe this bug can be closed.
Comment 2 Emmanuele Bassi (:ebassi) 2015-03-07 22:18:48 UTC 
Indeed, the GtkContainerAccessible implementation has changed pretty drastically.

Closing, as per comment #1.