After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 791004 - Crash when searching in file chooser after using location bar
Crash when searching in file chooser after using location bar
Status: RESOLVED FIXED
Product: gtk+
Classification: Platform
Component: Widget: GtkFileChooser
3.22.x
Other Linux
: Normal major
: ---
Assigned To: gtk-bugs
gtk-bugs
Depends on:
Blocks:
 
 
Reported: 2017-11-29 22:38 UTC by Christian Stadelmann
Modified: 2018-03-12 23:09 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
FileChooserWidget: Avoid crash freeing static str (1.17 KB, patch)
2018-03-12 22:52 UTC, Daniel Boles 		committed Details | Review

Description Christian Stadelmann 2017-11-29 22:38:24 UTC 
See this downstream bug for more information (full backtrace, …): https://bugzilla.redhat.com/show_bug.cgi?id=1454378

Description of problem:
This crash happens inside the file chooser.

Steps to reproduce:
1. open gedit or any other Gtk+ 3.x application, including gtk3-widget-factory
2. open a file chooser
3. open the location bar (Ctrl+L) and type a path. Do not open the path (i.e. do not press the Enter key)
4. press the search button or Ctrl+F

What happens:
Immediate crash. Truncated backtrace:
 #7 g_value_unset at gvalue.c:275
 #8 on_source_notify at gbinding.c:332

What should happen:
No crash.

Version-Release number of selected component:
gtk3-devel-3.22.15-1.fc26
Comment 1 Daniel Boles 2018-03-12 22:20:05 UTC 
This is what I get, which unlike the RH backtrace, implicates the notify() on "subtitle":

(ins)(gdb) run
Starting program: /opt/jhbuilt/gnome/bin/gtk3-widget-factory 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffedffe700 (LWP 31506)]
[New Thread 0x7fffed7fd700 (LWP 31507)]
[New Thread 0x7fffe7fff700 (LWP 31516)]
[New Thread 0x7fffe71c8700 (LWP 31517)]
[New Thread 0x7fffe69c7700 (LWP 31518)]
[New Thread 0x7fffe5fbf700 (LWP 31519)]
[Thread 0x7fffe69c7700 (LWP 31518) exited]
[Thread 0x7fffe71c8700 (LWP 31517) exited]
munmap_chunk(): invalid pointer

Thread 1 "gtk3-widget-fac" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(ins)(gdb) bt

+ Trace 238471

  • #0 __GI_raise
    at ../sysdeps/unix/sysv/linux/raise.c line 51
  • #1 __GI_abort
    at abort.c line 79
  • #2 __libc_message
    at ../sysdeps/posix/libc_fatal.c line 181
  • #3 malloc_printerr
  • #4 munmap_chunk
    at malloc.c line 2846
  • #5 g_free
    at /home/daniel/jhbuild/checkout/gnome/glib/glib/gmem.c line 194
  • #6 value_free_string
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gvaluetypes.c line 267
  • #7 g_value_unset
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gvalue.c line 275
  • #8 on_source_notify
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gbinding.c line 332
  • #9 g_cclosure_marshal_VOID__PARAM
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gmarshal.c line 1832
  • #10 g_closure_invoke
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gclosure.c line 804
  • #11 signal_emit_unlocked_R
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gsignal.c line 3635
  • #12 g_signal_emit_valist
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gsignal.c line 3391
  • #13 g_signal_emit
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gsignal.c line 3447
  • #14 g_object_dispatch_properties_changed
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gobject.c line 1082
  • #15 g_object_notify_by_spec_internal
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gobject.c line 1175
  • #16 g_object_notify
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gobject.c line 1223
  • #17 operation_mode_set
    at /home/daniel/jhbuild/checkout/gnome/gtk+-3/gtk/gtkfilechooserwidget.c line 3215
  • #18 search_shortcut_handler
    at /home/daniel/jhbuild/checkout/gnome/gtk+-3/gtk/gtkfilechooserwidget.c line 7980
  • #19 g_cclosure_marshal_VOID__VOID
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gmarshal.c line 875
  • #20 g_closure_invoke
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gclosure.c line 804
  • #21 signal_emit_unlocked_R
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gsignal.c line 3565
  • #22 g_signal_emitv
    at /home/daniel/jhbuild/checkout/gnome/glib/gobject/gsignal.c line 3129
  • #23 gtk_binding_entry_activate
    at /home/daniel/jhbuild/checkout/gnome/gtk+-3/gtk/gtkbindings.c line 646
  • #24 binding_activate
    at /home/daniel/jhbuild/checkout/gnome/gtk+-3/gtk/gtkbindings.c line 1455
  • #25 gtk_bindings_activate_list
    at /home/daniel/jhbuild/checkout/gnome/gtk+-3/gtk/gtkbindings.c line 1514
  • #26 gtk_bindings_activate_event
    at /home/daniel/jhbuild/checkout/gnome/gtk+-3/gtk/gtkbindings.c line 1601
  • #27 gtk_widget_real_key_press_event
    at /home/daniel/jhbuild/checkout/gnome/gtk+-3/gtk/gtkwidget.c line 7158
  • #28 gtk_file_chooser_widget_key_press_event
    at /home/daniel/jhbuild/checkout/gnome/gtk+-3/gtk/gtkfilechooserwidget.c line 1409 






Comment 2


Daniel Boles





          2018-03-12 22:52:24 UTC
        



Created attachment 369591 [details] [review]
FileChooserWidget: Avoid crash freeing static str

Being in location-entry mode then pressing <primary>f to move to search
mode would crash with an invalid free().

This was because the string returned by .get_subtitle() in that case was
not duplicated, and so we ended up freeing a static string from gettext.

Fix by duplicating it, like we do with all the other return values here.






Comment 3


Daniel Boles





          2018-03-12 23:09:42 UTC
        



Attachment 369591 [details] pushed as 9d8fade - FileChooserWidget: Avoid crash freeing static str