GNOME Bugzilla – Bug 759014
Segmentation fault when pressing CapsLock
Last modified: 2016-03-27 18:43:23 UTC
To reproduce: - open the patterns dialog dock - ensure "View as List" is enabled - double-click on a pattern name (it becomes editable) - click on another pattern - press CapsLock Terminal output: (gimp-2.9:4806): GLib-GObject-CRITICAL **: g_type_instance_get_private: assertion 'instance != NULL && instance->g_class != NULL' failed (gimp-2.9:4806): GLib-GObject-CRITICAL **: g_type_instance_get_private: assertion 'instance != NULL && instance->g_class != NULL' failed /home/thom/local/bin/gimp-2.9: fatal error: Segmentation fault All items'lists with editable names are impacted (layers, channels, gradients, paths, brushes, paint dynamics, palettes, tool presets, templates). Stack:
+ Trace 235784
compiled against GTK+ version 2.24.28
valgrind shows: >==2== Invalid read of size 8 >==2== at 0x914DEED: g_type_instance_get_private (glib/gobject/gtype.c:4723) >==2== by 0x51864C6: keymap_state_changed (gtk-2-24/gtk/gtkentry.c:10119) >==2== by 0x91277D1: g_closure_invoke (glib/gobject/gclosure.c:804) >==2== by 0x9139B12: signal_emit_unlocked_R (glib/gobject/gsignal.c:3629) >==2== by 0x9142D20: g_signal_emit_valist (glib/gobject/gsignal.c:3385) >==2== by 0x914349B: g_signal_emit_by_name (glib/gobject/gsignal.c:3481) >==2== by 0x57BAC2D: gdk_event_translate (gtk-2-24/gdk/x11/gdkevents-x11.c:2142) >==2== by 0x57BB7A2: _gdk_events_queue (gtk-2-24/gdk/x11/gdkevents-x11.c:2358) >==2== by 0x57BB864: gdk_event_dispatch (gtk-2-24/gdk/x11/gdkevents-x11.c:2419) >==2== by 0x93B4263: g_main_dispatch (glib/glib/gmain.c:3154) >==2== by 0x93B4263: g_main_context_dispatch (glib/glib/gmain.c:3769) >==2== by 0x93B45A7: g_main_context_iterate.isra.29 (glib/glib/gmain.c:3840) >==2== by 0x93B48E1: g_main_loop_run (glib/glib/gmain.c:4034) >==2== by 0x48E09D: app_run (gimp/app/app.c:309) >==2== by 0x48DA9A: main (gimp/app/main.c:546) >==2== Address 0x4524e700 is 112 bytes inside a block of size 328 free'd >==2== at 0x4C29CF0: free (/builddir/build/BUILD/valgrind-3.11.0/coregrind/m_replacemalloc/vg_replace_malloc.c:530) >==2== by 0x93B9BB5: g_free (glib/glib/gmem.c:189) >==2== by 0x93D123F: g_slice_free1 (glib/glib/gslice.c:1136) >==2== by 0x914B908: g_type_free_instance (glib/gobject/gtype.c:1946) >==2== by 0x536A255: gtk_window_real_set_focus (gtk-2-24/gtk/gtkwindow.c:5552) >==2== by 0x91277D1: g_closure_invoke (glib/gobject/gclosure.c:804) >==2== by 0x913A0D5: signal_emit_unlocked_R (glib/gobject/gsignal.c:3667) >==2== by 0x9142D20: g_signal_emit_valist (glib/gobject/gsignal.c:3385) >==2== by 0x9142FDC: g_signal_emit (glib/gobject/gsignal.c:3441) >==2== by 0x533B919: gtk_tree_view_grab_focus (gtk-2-24/gtk/gtktreeview.c:8063) >==2== by 0x91279F4: _g_closure_invoke_va (glib/gobject/gclosure.c:867) >==2== by 0x91429E6: g_signal_emit_valist (glib/gobject/gsignal.c:3294) >==2== by 0x9142FDC: g_signal_emit (glib/gobject/gsignal.c:3441) >==2== by 0x535C379: gtk_widget_grab_focus (gtk-2-24/gtk/gtkwidget.c:5333) >==2== by 0x57C7B7: gimp_container_tree_view_button_press (gimp/app/widgets/gimpcontainertreeview.c:1033) >==2== Block was alloc'd at >==2== at 0x4C28BF6: malloc (/builddir/build/BUILD/valgrind-3.11.0/coregrind/m_replacemalloc/vg_replace_malloc.c:299) >==2== by 0x93B9A80: g_malloc (glib/glib/gmem.c:94) >==2== by 0x93D0AB4: g_slice_alloc (glib/glib/gslice.c:1025) >==2== by 0x93D115E: g_slice_alloc0 (glib/glib/gslice.c:1051) >==2== by 0x914B608: g_type_create_instance (glib/gobject/gtype.c:1848) >==2== by 0x912CC37: g_object_new_internal (glib/gobject/gobject.c:1781) >==2== by 0x912EAB4: g_object_new_valist (glib/gobject/gobject.c:2040) >==2== by 0x912EE03: g_object_new (glib/gobject/gobject.c:1624) >==2== by 0x5153E85: gtk_cell_renderer_text_start_editing (gtk-2-24/gtk/gtkcellrenderertext.c:1838) >==2== by 0x514C73F: gtk_cell_renderer_start_editing (gtk-2-24/gtk/gtkcellrenderer.c:665) basically when the entry is unreffed before it receives the focus out event, it does not disconnect the signal handler for a keymap "state-changed" signal. Using g_signal_connect_object (..., 0); here: https://git.gnome.org/browse/gtk+/tree/gtk/gtkentry.c?h=gtk-2-24#n4137 valgrind stops reporting these warnings. It seems to be a gtk+ problem.
Unfortunately I can't easily try that because I disabled by CapsLock key ;) Do you know if it also happens on gtk3-port?
s/by/my/
(In reply to Michael Natterer from comment #2) > Unfortunately I can't easily try that because I disabled by CapsLock > key ;) Do you know if it also happens on gtk3-port? No, gtk3-port does not have this problem. I'd say it has been fixed by this commit commit 7d3693b82b02f047cb26649b1d871af7902a5d70 Author: Matthias Clasen <mclasen@redhat.com> Date: Tue Apr 26 07:48:27 2011 -0400 GtkEntry: Explicitly disconnect keymap signals Might fix https://bugzilla.gnome.org/show_bug.cgi?id=648419 adapting it to gtk-2-24, that is using only the first 2 hunks, those referring to gtk_entry_dispose, (neglecting white spaces and different line numbers) fixes the issue.
(In reply to Massimo from comment #4) > (In reply to Michael Natterer from comment #2) > > Unfortunately I can't easily try that because I disabled by CapsLock > > key ;) Do you know if it also happens on gtk3-port? > > No, gtk3-port does not have this problem. > > I'd say it has been fixed by this commit > > commit 7d3693b82b02f047cb26649b1d871af7902a5d70 > Author: Matthias Clasen <mclasen@redhat.com> > Date: Tue Apr 26 07:48:27 2011 -0400 > > GtkEntry: Explicitly disconnect keymap signals > > Might fix https://bugzilla.gnome.org/show_bug.cgi?id=648419 > > > adapting it to gtk-2-24, that is using only the first 2 hunks, > those referring to gtk_entry_dispose, (neglecting white spaces > and different line numbers) fixes the issue. the link to the commit is: https://git.gnome.org/browse/gtk+/commit/?id=7d3693b82b02f047cb26649b1d871af7902a5d70
Yep that's it, resolving as duplicate of the resp. GTK+ bug. *** This bug has been marked as a duplicate of bug 648419 ***