GNOME Bugzilla – Bug 762098
fix to make gtksink demo not hang on exit
Last modified: 2016-04-14 17:43:05 UTC
Created attachment 321278 [details] [review] plausible fix for hang on exit The gtksink demo hangs for me on exit. The attached patch makes it work for me. Valgrind reports... ==15887== Invalid read of size 4 ==15887== at 0x7247355: g_mutex_lock (in /usr/lib64/libglib-2.0.so.0.4705.0) ==15887== by 0x1D1BC983: widget_destroy_cb (gstgtkbasesink.c:155) ==15887== by 0x6F75577: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== by 0x6F88151: ??? (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== by 0x6F9145B: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== by 0x6F9182E: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== by 0x51EBE87: ??? (in /usr/lib64/libgtk-3.so.0.1908.0) ==15887== by 0x6F7BE6B: g_object_run_dispose (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== by 0x51F8498: ??? (in /usr/lib64/libgtk-3.so.0.1908.0) ==15887== by 0x4FAF98F: ??? (in /usr/lib64/libgtk-3.so.0.1908.0) ==15887== by 0x6F75577: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== by 0x6F8871D: ??? (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== Address 0x1c54b6e8 is 584 bytes inside a block of size 1,496 free'd ==15887== at 0x4C2EE6C: free (vg_replace_malloc.c:530) ==15887== by 0x72083ED: g_free (in /usr/lib64/libglib-2.0.so.0.4705.0) ==15887== by 0x721FA6F: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.4705.0) ==15887== by 0x6F99F96: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== by 0x6C6E3D0: ??? (in /usr/lib64/libgstreamer-1.0.so.0.701.0) ==15887== by 0x6C73598: gst_bin_remove (in /usr/lib64/libgstreamer-1.0.so.0.701.0) ==15887== by 0x6C737FA: ??? (in /usr/lib64/libgstreamer-1.0.so.0.701.0) ==15887== by 0x6F7A368: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== by 0x4014A4: destroy_cb (demo.c:69) ==15887== by 0x5080F14: ??? (in /usr/lib64/libgtk-3.so.0.1908.0) ==15887== by 0x6F757A6: ??? (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== by 0x6F90CA2: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== Block was alloc'd at ==15887== at 0x4C2DCBF: malloc (vg_replace_malloc.c:299) ==15887== by 0x72082D8: g_malloc (in /usr/lib64/libglib-2.0.so.0.4705.0) ==15887== by 0x721F352: g_slice_alloc (in /usr/lib64/libglib-2.0.so.0.4705.0) ==15887== by 0x721F98D: g_slice_alloc0 (in /usr/lib64/libglib-2.0.so.0.4705.0) ==15887== by 0x6F99C7C: g_type_create_instance (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== by 0x6F7A9DA: ??? (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== by 0x6F7C95D: g_object_new_valist (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== by 0x6F7CC10: g_object_new (in /usr/lib64/libgobject-2.0.so.0.4705.0) ==15887== by 0x6C975DD: gst_element_factory_create (in /usr/lib64/libgstreamer-1.0.so.0.701.0) ==15887== by 0x6C9788D: gst_element_factory_make (in /usr/lib64/libgstreamer-1.0.so.0.701.0) ==15887== by 0x401903: main (demo.c:152)
Thanks for the bug report! commit 057aca2cda1e03a2208f21894c8e263b7f91d38d Author: Matthew Waters <matthew@centricular.com> Date: Tue Feb 16 19:59:13 2016 +1100 gtk(gl)sink: remove the signal handlers on finalize It's possible that the sink element will be freed before the widget is destroyed. When the widget was eventually destroyed, it was attempting to access member variables of the freed sink struct which resulted in undefined behaviour. Fix by disconnecting our signal on finalize. https://bugzilla.gnome.org/show_bug.cgi?id=762098 And 1.6 a7108e62d79639c5b6c60a5e0c1396273790d170
Tested this patch and it works as a fix for a crash I was seeing on an OS X client using the gtk (gl) sink. https://github.com/jhgorse/onevideo/issues/3