[Bug 926889] Re: Ubuntu gtk leaks references in GtkTreeView / GtTreeModelSort which cause segfault in bluefish
Bryce Harrington
926889 at bugs.launchpad.net
Wed Feb 22 03:35:08 UTC 2012
** Description changed:
+ [Impact]
+ <fill me in with explanation of severity and frequency of bug on users and justification for backporting the fix to the stable release>
+
+ [Development Fix]
+ <fill me in with an explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix. >
+
+ [Stable Fix]
+ <fill me in by pointing out a minimal patch applicable to the stable version of the package.>
+
+ [Text Case]
+ <fill me in with detailed *instructions* on how to reproduce the bug. This will be used by people later on to verify the updated package fixes the problem.>
+ 1.
+ 2.
+ 3.
+ Broken Behavior:
+ Fixed Behavior:
+
+ [Regression Potential]
+ <fill me in with a discussion of likelihood and potential severity of regressions and how users could get inadvertently affected.
+
+ [Original Report]
+
In Bluefish we get a lot of bugreports from users on Ubuntu 11.10 that
have a segfault and all backtraces have something weird: a
GtkTreeModelSort is calling it's sort function after the model has been
unreffed by bluefish already.
This behaviour cannot be reproduced on Fedora 16 which also has Gtk-3.2.
Checking with libgobject-list (from http://people.gnome.org/~mortenw
/gobject-list.c) reveals that on Ubuntu there is a GtkTreeModelSort
leaking, that is not leaking on Fedora 16.
After a gdb breakpoint g_object_ref and g_object_unref with a condition
object == 0x123123123 (the pointer of the GtkTreeModelSort) and doing a
backtrace for each break, I found which function does not clean it's
reference count:
Breakpoint 2, g_object_ref (object=0xaebbb0) at gobject-list.c:642
642 GObject *obj = G_OBJECT (object);
#0 g_object_ref (object=0xaebbb0) at gobject-list.c:642
- #1 0x00007ffff7548abd in gtk_tree_row_reference_new_proxy (proxy=0xaebbb0,
- model=0xaebbb0, path=0x1942660)
- at /build/buildd/gtk+3.0-3.2.0/./gtk/gtktreemodel.c:2300
- #2 0x00007ffff75dae49 in cell_info_new (accessible=0x196f820, tree_model=0xaebbb0,
- path=0x1942660, tv_col=0x746bc0, cell=0x1908dc0)
- at /build/buildd/gtk+3.0-3.2.0/./gtk/a11y/gtktreeviewaccessible.c:3227
+ #1 0x00007ffff7548abd in gtk_tree_row_reference_new_proxy (proxy=0xaebbb0,
+ model=0xaebbb0, path=0x1942660)
+ at /build/buildd/gtk+3.0-3.2.0/./gtk/gtktreemodel.c:2300
+ #2 0x00007ffff75dae49 in cell_info_new (accessible=0x196f820, tree_model=0xaebbb0,
+ path=0x1942660, tv_col=0x746bc0, cell=0x1908dc0)
+ at /build/buildd/gtk+3.0-3.2.0/./gtk/a11y/gtktreeviewaccessible.c:3227
#3 0x00007ffff75de929 in gtk_tree_view_accessible_ref_child (obj=0x196f820, i=18)
- at /build/buildd/gtk+3.0-3.2.0/./gtk/a11y/gtktreeviewaccessible.c:563
+ at /build/buildd/gtk+3.0-3.2.0/./gtk/a11y/gtktreeviewaccessible.c:563
#4 0x00007ffff75de608 in focus_in (widget=0xaba3c0)
- at /build/buildd/gtk+3.0-3.2.0/./gtk/a11y/gtktreeviewaccessible.c:1939
- #5 0x00007ffff7456f08 in _gtk_marshal_BOOLEAN__BOXED (closure=0x1930ca0,
- return_value=0x7fffffffd640, n_param_values=<optimized out>, param_values=0x1720980,
- invocation_hint=<optimized out>, marshal_data=<optimized out>)
- at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmarshalers.c:85
- #6 0x00007ffff61d00a4 in g_closure_invoke (closure=0x1930ca0,
- return_value=0x7fffffffd640, n_param_values=2, param_values=0x1720980,
- invocation_hint=<optimized out>)
- at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c:774
- #7 0x00007ffff61e202a in signal_emit_unlocked_R (node=<optimized out>, detail=0,
- instance=0xaba3c0, emission_return=0x7fffffffd7a0, instance_and_params=0x1720980)
- at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3272
- #8 0x00007ffff61eb483 in g_signal_emit_valist (instance=<optimized out>,
- signal_id=<optimized out>, detail=<optimized out>, var_args=<optimized out>)
- at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3013
- #9 0x00007ffff61eb852 in g_signal_emit (instance=<optimized out>,
- signal_id=<optimized out>, detail=<optimized out>)
- at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3060
+ at /build/buildd/gtk+3.0-3.2.0/./gtk/a11y/gtktreeviewaccessible.c:1939
+ #5 0x00007ffff7456f08 in _gtk_marshal_BOOLEAN__BOXED (closure=0x1930ca0,
+ return_value=0x7fffffffd640, n_param_values=<optimized out>, param_values=0x1720980,
+ invocation_hint=<optimized out>, marshal_data=<optimized out>)
+ at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmarshalers.c:85
+ #6 0x00007ffff61d00a4 in g_closure_invoke (closure=0x1930ca0,
+ return_value=0x7fffffffd640, n_param_values=2, param_values=0x1720980,
+ invocation_hint=<optimized out>)
+ at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c:774
+ #7 0x00007ffff61e202a in signal_emit_unlocked_R (node=<optimized out>, detail=0,
+ instance=0xaba3c0, emission_return=0x7fffffffd7a0, instance_and_params=0x1720980)
+ at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3272
+ #8 0x00007ffff61eb483 in g_signal_emit_valist (instance=<optimized out>,
+ signal_id=<optimized out>, detail=<optimized out>, var_args=<optimized out>)
+ at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3013
+ #9 0x00007ffff61eb852 in g_signal_emit (instance=<optimized out>,
+ signal_id=<optimized out>, detail=<optimized out>)
+ at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3060
#10 0x00007ffff7584fe9 in gtk_widget_event_internal (widget=0xaba3c0, event=0x1912930)
- at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwidget.c:6132
+ at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwidget.c:6132
#11 0x00007ffff7591492 in gtk_widget_send_focus_change (widget=0xaba3c0, event=0x1912930)
- at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwidget.c:14204
+ at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwidget.c:14204
#12 0x00007ffff75968d0 in do_focus_change (widget=0xaba3c0, in=1)
- at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:6009
+ at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:6009
#13 0x00007ffff75a2149 in _gtk_window_set_is_active (window=0x6fa170, is_active=1)
- at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:9377
- #14 0x00007ffff75a25ea in gtk_window_focus_in_event (widget=0x6fa170,
- event=<optimized out>) at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:6063
+ at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:9377
+ #14 0x00007ffff75a25ea in gtk_window_focus_in_event (widget=0x6fa170,
+ event=<optimized out>) at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:6063
#15 gtk_window_focus_in_event (widget=0x6fa170, event=<optimized out>)
- at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:6049
- #16 0x00007ffff7456f08 in _gtk_marshal_BOOLEAN__BOXED (closure=0x6d5a90,
- return_value=0x7fffffffdb80, n_param_values=<optimized out>, param_values=0x1944010,
- invocation_hint=<optimized out>, marshal_data=<optimized out>)
- at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmarshalers.c:85
- #17 0x00007ffff61d00a4 in g_closure_invoke (closure=0x6d5a90,
- return_value=0x7fffffffdb80, n_param_values=2, param_values=0x1944010,
- invocation_hint=<optimized out>)
- at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c:774
- #18 0x00007ffff61e1e5f in signal_emit_unlocked_R (node=<optimized out>, detail=0,
- instance=0x6fa170, emission_return=0x7fffffffdce0, instance_and_params=0x1944010)
- at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3310
- #19 0x00007ffff61eb483 in g_signal_emit_valist (instance=<optimized out>,
- signal_id=<optimized out>, detail=<optimized out>, var_args=<optimized out>)
- at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3013
- #20 0x00007ffff61eb852 in g_signal_emit (instance=<optimized out>,
- signal_id=<optimized out>, detail=<optimized out>)
- at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3060
+ at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:6049
+ #16 0x00007ffff7456f08 in _gtk_marshal_BOOLEAN__BOXED (closure=0x6d5a90,
+ return_value=0x7fffffffdb80, n_param_values=<optimized out>, param_values=0x1944010,
+ invocation_hint=<optimized out>, marshal_data=<optimized out>)
+ at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmarshalers.c:85
+ #17 0x00007ffff61d00a4 in g_closure_invoke (closure=0x6d5a90,
+ return_value=0x7fffffffdb80, n_param_values=2, param_values=0x1944010,
+ invocation_hint=<optimized out>)
+ at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c:774
+ #18 0x00007ffff61e1e5f in signal_emit_unlocked_R (node=<optimized out>, detail=0,
+ instance=0x6fa170, emission_return=0x7fffffffdce0, instance_and_params=0x1944010)
+ at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3310
+ #19 0x00007ffff61eb483 in g_signal_emit_valist (instance=<optimized out>,
+ signal_id=<optimized out>, detail=<optimized out>, var_args=<optimized out>)
+ at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3013
+ #20 0x00007ffff61eb852 in g_signal_emit (instance=<optimized out>,
+ signal_id=<optimized out>, detail=<optimized out>)
+ at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3060
#21 0x00007ffff7584fe9 in gtk_widget_event_internal (widget=0x6fa170, event=0x1912bb0)
- at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwidget.c:6132
+ at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwidget.c:6132
#22 0x00007ffff7456da3 in gtk_main_do_event (event=0x1912bb0)
- at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmain.c:1835
- #23 0x00007ffff70cf102 in gdk_event_source_dispatch (source=<optimized out>,
- callback=<optimized out>, user_data=<optimized out>)
- at /build/buildd/gtk+3.0-3.2.0/./gdk/x11/gdkeventsource.c:360
+ at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmain.c:1835
+ #23 0x00007ffff70cf102 in gdk_event_source_dispatch (source=<optimized out>,
+ callback=<optimized out>, user_data=<optimized out>)
+ at /build/buildd/gtk+3.0-3.2.0/./gdk/x11/gdkeventsource.c:360
#24 0x00007ffff55a0a5d in g_main_dispatch (context=0x709090)
- at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:2441
+ at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:2441
#25 g_main_context_dispatch (context=0x709090)
- at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3011
- #26 0x00007ffff55a1258 in g_main_context_iterate (context=0x709090,
- block=<optimized out>, dispatch=1, self=<optimized out>)
- at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3089
+ at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3011
+ #26 0x00007ffff55a1258 in g_main_context_iterate (context=0x709090,
+ block=<optimized out>, dispatch=1, self=<optimized out>)
+ at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3089
#27 0x00007ffff55a1792 in g_main_loop_run (loop=0x7fde50)
- at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3297
+ at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3297
#28 0x00007ffff7455ecd in gtk_main () at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmain.c:1367
#29 0x0000000000422aff in main (argc=1, argv=0x7fffffffe218) at bluefish.c:402
I don't know what causes this leak. It might be Ubuntu specific patches
on gtk, the gtk theme that Ubuntu is using, or accesibility settings
that default to a different value on Ubuntu (both on Ubuntu and Fedora I
did not change any accessibility option from the default setting).
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/926889
Title:
Ubuntu gtk leaks references in GtkTreeView / GtTreeModelSort which
cause segfault in bluefish
Status in GTK+ GUI Toolkit:
Fix Released
Status in “gtk+3.0” package in Ubuntu:
Fix Released
Status in “gtk+3.0” source package in Oneiric:
Triaged
Bug description:
[Impact]
<fill me in with explanation of severity and frequency of bug on users and justification for backporting the fix to the stable release>
[Development Fix]
<fill me in with an explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix. >
[Stable Fix]
<fill me in by pointing out a minimal patch applicable to the stable version of the package.>
[Text Case]
<fill me in with detailed *instructions* on how to reproduce the bug. This will be used by people later on to verify the updated package fixes the problem.>
1.
2.
3.
Broken Behavior:
Fixed Behavior:
[Regression Potential]
<fill me in with a discussion of likelihood and potential severity of regressions and how users could get inadvertently affected.
[Original Report]
In Bluefish we get a lot of bugreports from users on Ubuntu 11.10 that
have a segfault and all backtraces have something weird: a
GtkTreeModelSort is calling it's sort function after the model has
been unreffed by bluefish already.
This behaviour cannot be reproduced on Fedora 16 which also has
Gtk-3.2.
Checking with libgobject-list (from http://people.gnome.org/~mortenw
/gobject-list.c) reveals that on Ubuntu there is a GtkTreeModelSort
leaking, that is not leaking on Fedora 16.
After a gdb breakpoint g_object_ref and g_object_unref with a
condition object == 0x123123123 (the pointer of the GtkTreeModelSort)
and doing a backtrace for each break, I found which function does not
clean it's reference count:
Breakpoint 2, g_object_ref (object=0xaebbb0) at gobject-list.c:642
642 GObject *obj = G_OBJECT (object);
#0 g_object_ref (object=0xaebbb0) at gobject-list.c:642
#1 0x00007ffff7548abd in gtk_tree_row_reference_new_proxy (proxy=0xaebbb0,
model=0xaebbb0, path=0x1942660)
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtktreemodel.c:2300
#2 0x00007ffff75dae49 in cell_info_new (accessible=0x196f820, tree_model=0xaebbb0,
path=0x1942660, tv_col=0x746bc0, cell=0x1908dc0)
at /build/buildd/gtk+3.0-3.2.0/./gtk/a11y/gtktreeviewaccessible.c:3227
#3 0x00007ffff75de929 in gtk_tree_view_accessible_ref_child (obj=0x196f820, i=18)
at /build/buildd/gtk+3.0-3.2.0/./gtk/a11y/gtktreeviewaccessible.c:563
#4 0x00007ffff75de608 in focus_in (widget=0xaba3c0)
at /build/buildd/gtk+3.0-3.2.0/./gtk/a11y/gtktreeviewaccessible.c:1939
#5 0x00007ffff7456f08 in _gtk_marshal_BOOLEAN__BOXED (closure=0x1930ca0,
return_value=0x7fffffffd640, n_param_values=<optimized out>, param_values=0x1720980,
invocation_hint=<optimized out>, marshal_data=<optimized out>)
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmarshalers.c:85
#6 0x00007ffff61d00a4 in g_closure_invoke (closure=0x1930ca0,
return_value=0x7fffffffd640, n_param_values=2, param_values=0x1720980,
invocation_hint=<optimized out>)
at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c:774
#7 0x00007ffff61e202a in signal_emit_unlocked_R (node=<optimized out>, detail=0,
instance=0xaba3c0, emission_return=0x7fffffffd7a0, instance_and_params=0x1720980)
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3272
#8 0x00007ffff61eb483 in g_signal_emit_valist (instance=<optimized out>,
signal_id=<optimized out>, detail=<optimized out>, var_args=<optimized out>)
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3013
#9 0x00007ffff61eb852 in g_signal_emit (instance=<optimized out>,
signal_id=<optimized out>, detail=<optimized out>)
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3060
#10 0x00007ffff7584fe9 in gtk_widget_event_internal (widget=0xaba3c0, event=0x1912930)
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwidget.c:6132
#11 0x00007ffff7591492 in gtk_widget_send_focus_change (widget=0xaba3c0, event=0x1912930)
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwidget.c:14204
#12 0x00007ffff75968d0 in do_focus_change (widget=0xaba3c0, in=1)
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:6009
#13 0x00007ffff75a2149 in _gtk_window_set_is_active (window=0x6fa170, is_active=1)
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:9377
#14 0x00007ffff75a25ea in gtk_window_focus_in_event (widget=0x6fa170,
event=<optimized out>) at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:6063
#15 gtk_window_focus_in_event (widget=0x6fa170, event=<optimized out>)
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:6049
#16 0x00007ffff7456f08 in _gtk_marshal_BOOLEAN__BOXED (closure=0x6d5a90,
return_value=0x7fffffffdb80, n_param_values=<optimized out>, param_values=0x1944010,
invocation_hint=<optimized out>, marshal_data=<optimized out>)
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmarshalers.c:85
#17 0x00007ffff61d00a4 in g_closure_invoke (closure=0x6d5a90,
return_value=0x7fffffffdb80, n_param_values=2, param_values=0x1944010,
invocation_hint=<optimized out>)
at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c:774
#18 0x00007ffff61e1e5f in signal_emit_unlocked_R (node=<optimized out>, detail=0,
instance=0x6fa170, emission_return=0x7fffffffdce0, instance_and_params=0x1944010)
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3310
#19 0x00007ffff61eb483 in g_signal_emit_valist (instance=<optimized out>,
signal_id=<optimized out>, detail=<optimized out>, var_args=<optimized out>)
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3013
#20 0x00007ffff61eb852 in g_signal_emit (instance=<optimized out>,
signal_id=<optimized out>, detail=<optimized out>)
at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3060
#21 0x00007ffff7584fe9 in gtk_widget_event_internal (widget=0x6fa170, event=0x1912bb0)
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwidget.c:6132
#22 0x00007ffff7456da3 in gtk_main_do_event (event=0x1912bb0)
at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmain.c:1835
#23 0x00007ffff70cf102 in gdk_event_source_dispatch (source=<optimized out>,
callback=<optimized out>, user_data=<optimized out>)
at /build/buildd/gtk+3.0-3.2.0/./gdk/x11/gdkeventsource.c:360
#24 0x00007ffff55a0a5d in g_main_dispatch (context=0x709090)
at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:2441
#25 g_main_context_dispatch (context=0x709090)
at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3011
#26 0x00007ffff55a1258 in g_main_context_iterate (context=0x709090,
block=<optimized out>, dispatch=1, self=<optimized out>)
at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3089
#27 0x00007ffff55a1792 in g_main_loop_run (loop=0x7fde50)
at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3297
#28 0x00007ffff7455ecd in gtk_main () at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmain.c:1367
#29 0x0000000000422aff in main (argc=1, argv=0x7fffffffe218) at bluefish.c:402
I don't know what causes this leak. It might be Ubuntu specific
patches on gtk, the gtk theme that Ubuntu is using, or accesibility
settings that default to a different value on Ubuntu (both on Ubuntu
and Fedora I did not change any accessibility option from the default
setting).
To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/926889/+subscriptions
More information about the Ubuntu-sponsors
mailing list