Bug 766694 – crash on save as in any gtk3 application starting gtk+ 3.20.5

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 766694 - crash on save as in any gtk3 application starting gtk+ 3.20.5


Summary:	crash on save as in any gtk3 application starting gtk+ 3.20.5


Status:	RESOLVED FIXED

Product:	gtk+
Classification:	Platform
Component:	Widget: GtkFileChooser
Version:	3.20.x
Hardware:	Other Linux

Importance:	High critical
Target Milestone:	---
Assigned To:	gtk-bugs
QA Contact:	Federico Mena Quintero

URL:
Whiteboard:

Depends on:
Blocks:	766701

Reported:	2016-05-20 04:18 UTC by Hussam Al-Tayeb
Modified:	2016-05-24 13:24 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Hussam Al-Tayeb 2016-05-20 04:18:14 UTC

Any application running under gtk+ 3.20.5 crashes a second after pressing "save"
in the save as dialog.
To reproduce, open gedit or anything and press save as. pick a new name and location for your file and press save. the application poofs. I confirmed this in gedit, evolution (saving an email as mbox), firefox, and a few other applications.

Thread 1 "gedit" received signal SIGSEGV, Segmentation fault.
compare_directory (model=model@entry=0xab9ca0, a=a@entry=0x7fffffffdf60, 
    b=b@entry=0x7fffffffdf80, impl=<optimized out>)
    at gtkfilechooserwidget.c:4109
4109	  if (priv->sort_directories_first && dir_a != dir_b)
(gdb) bt full

+ Trace 236266

#0 compare_directory
at gtkfilechooserwidget.c line 4109
#1 time_sort_func
at gtkfilechooserwidget.c line 4230
#2 compare_array_element
at gtkfilesystemmodel.c line 766
#3 msort_with_tmp
at gqsort.c line 152
#4 msort_with_tmp
at gqsort.c line 85
#5 msort_with_tmp
at gqsort.c line 85
#6 msort_with_tmp
at gqsort.c line 85
#7 msort_r
at gqsort.c line 237
#8 g_qsort_with_data
at gqsort.c line 303
#9 gtk_file_system_model_sort
at gtkfilesystemmodel.c line 790
#10 gtk_file_system_model_sort
at gtkfilesystemmodel.c line 1870
#11 gtk_file_system_model_sort_node
at gtkfilesystemmodel.c line 833
#12 add_file
at gtkfilesystemmodel.c line 1869
#13 _gtk_file_system_model_update_file
at gtkfilesystemmodel.c line 1944
#14 gtk_file_system_model_query_done
at gtkfilesystemmodel.c line 1227
#15 g_task_return_now
at gtask.c line 1107
#16 complete_in_idle_cb
at gtask.c line 1121
#17 g_main_dispatch
at gmain.c line 3154
#18 g_main_context_dispatch
at gmain.c line 3769
#19 g_main_context_iterate
at gmain.c line 3840
#20 g_main_context_iteration
at gmain.c line 3901
#21 g_application_run
#22 main
at gedit/gedit.c line 146


gtk 3.20.4 did not suffer from this crash. I confirmed by downgrading.

Comment 1 Bjørn Lie 2016-05-21 17:08:54 UTC

https://git.gnome.org/browse/gtk+/commit/?h=gtk-3-20&id=ca8d51e6d0f78cc170cc212dd7ef6664d2e662f4

Suggest we can close this as fixed?

Comment 2 Hussam Al-Tayeb 2016-05-21 18:22:05 UTC

Thank you very much for the quick fix.

Comment 3 Bjørn Lie 2016-05-21 18:23:28 UTC

(In reply to Hussam Al-Tayeb from comment #2)
> Thank you very much for the quick fix.

I might have written my above comment too soon, please test, cause I just did, and had the same crash still.

Waiting for debug packages to build.

Comment 4 Hussam Al-Tayeb 2016-05-21 18:30:12 UTC

That's odd. It not longer crashes here. I tested with both Firefox and Gedit.
Let me know please if you would like me to reopen.

Comment 5 Bjørn Lie 2016-05-21 19:03:51 UTC

(In reply to Hussam Al-Tayeb from comment #4)
> That's odd. It not longer crashes here. I tested with both Firefox and Gedit.
> Let me know please if you would like me to reopen.

Yes please do - while still waiting for the blasted debuginfo packages to build - I tested revert to .4 - and bug was gone.
Upgrade again to .5 and crash is back

Comment 6 Bjørn Lie 2016-05-21 19:23:52 UTC

(In reply to Bjørn Lie from comment #5)
> (In reply to Hussam Al-Tayeb from comment #4)
> > That's odd. It not longer crashes here. I tested with both Firefox and Gedit.
> > Let me know please if you would like me to reopen.
> 
> Yes please do - while still waiting for the blasted debuginfo packages to
> build - I tested revert to .4 - and bug was gone.
> Upgrade again to .5 and crash is back

For clarity, .5 with the patch.

Comment 7 Bjørn Lie 2016-05-21 19:41:40 UTC

With patch applied

+ Trace 236272

#0 compare_directory
at gtkfilechooserwidget.c line 4109
#1 name_sort_func
at gtkfilechooserwidget.c line 4192
#2 compare_array_element
at gtkfilesystemmodel.c line 766
#3 msort_with_tmp
at gqsort.c line 152
#4 msort_with_tmp
at gqsort.c line 86
#5 msort_with_tmp
at gqsort.c line 85
#6 msort_with_tmp
at gqsort.c line 85
#7 msort_with_tmp
at gqsort.c line 85
#8 msort_with_tmp
at gqsort.c line 85
#9 msort_with_tmp
at gqsort.c line 85
#10 msort_r
at gqsort.c line 237
#11 g_qsort_with_data
at gqsort.c line 303
#12 gtk_file_system_model_sort
at gtkfilesystemmodel.c line 790
#13 gtk_file_system_model_sort
at gtkfilesystemmodel.c line 1870
#14 gtk_file_system_model_sort_node
at gtkfilesystemmodel.c line 833
#15 add_file
at gtkfilesystemmodel.c line 1869
#16 _gtk_file_system_model_update_file
at gtkfilesystemmodel.c line 1944
#17 gtk_file_system_model_query_done
at gtkfilesystemmodel.c line 1227
#18 g_task_return_now
at gtask.c line 1107
#19 complete_in_idle_cb
at gtask.c line 1121
#20 g_main_dispatch
at gmain.c line 3154
#21 g_main_context_dispatch
at gmain.c line 3769
#22 g_main_context_iterate
at gmain.c line 3840
#23 g_main_context_iteration
at gmain.c line 3901
#24 g_application_run
at gapplication.c line 2381
#25 main
at gedit/gedit.c line 146

        dir = <optimized out>
        __func__ = "main"
(gdb)

Comment 8 Bjørn Lie 2016-05-23 16:16:10 UTC

Touch wood, but so far I've been unable to trigger the crash on when using gtk+-3.20.6

But please lets keep the bug open for a while longer to make sure.

Comment 9 Matthias Clasen 2016-05-24 13:24:01 UTC

No, please keep it closed. You can always file a new one