GNOME Bugzilla – Bug 755584
remove_operations_button_attention_style: Unsafe timeout handling
Last modified: 2015-10-06 17:15:12 UTC
Here is a f23 crash report: https://retrace.fedoraproject.org/faf/problems/bthash/?bth=3e843c8b22e93b1c6be557a86b6694c61c0161fb&bth=68aba2555a4c1308bd8fac8ec694c1e12f20963e&bth=7739bf887bd56ac532b04fbcab40e54f2730d953 I think what is happening here is that remove_operations_button_attention_style removes the timeout_id *without* removing the actual timeout. I guess you assumed that returning G_SOURCE_REMOVE is good enough. And it is, but only if you return it from an actual timeout. This function is also called from add_operations_button_attention_style (why twice in a row, btw ?). And this leads to the timeout_id being reset without the scheduled timeout getting cleared. And if you are then quick enough to close the window, the dispose() handler will not see the timeout_id, thus not remove the timeout either. And then the timeout gets eventually run and accesses the already-finalized toolbar.
Created attachment 312749 [details] [review] toolbar: remove operations button timeout correctly We were resetting the id to 0 without actually removing it in the case a timeout was already there and we tried to set a new one.
Review of attachment 312749 [details] [review]: looks good to me
Indeed, pushed a fix Attachment 312749 [details] pushed as 9ee7c17 - toolbar: remove operations button timeout correctly