[evolution-patches] about adddressbook crash bug 49912
- From: "leon.zhang" <leon zhang sun com>
- To: Chris Toshok <toshok ximian com>
- Cc: sceri-evolution <sceri-evolution sun com>, evolution-patches <evolution-patches ximian com>
- Subject: [evolution-patches] about adddressbook crash bug 49912
- Date: Fri, 24 Oct 2003 13:40:48 +0800
hi, chris
1) steps reproducing the bug:
(1) ensure there are contents in your clipboard(e.g. copy a string from some textbox)
(2) select a label in a minicard
(3) "select all", then delete it (or just delete all by pressing "BACKSPACE" key)
(4) right click above that label, popup menu will appear (and that label disppear too).
(5) click paste in the popup menu, then crash happen
2) From steps above, we can find that when popup menu appear, the label disappear.
From source codes, we can find that e_minicard_field_destroy() will be called and label will be distroyed
("gtk_object_destroy(GTK_OBJECT(field->label))")., which lead to the the contents of EText refered by the minicardlabel
will pointered to some INVALID address, such as "0xaaaaaaaa".
when paste, e_text_paste_clipboard() will access that INVALID addres, this lead to crash!!!!
3) My current solutions:
(1) my previous patch: set null to tet->tep in function: e_minicard_field_destroy(), and detect text->tep in
e_text_paste_clipboard().
(2) another solution: check whether text in e_text_paste_clipboard() is invaild or not, BUT how? Is there a function
can implement this?
(3) Add a line "g_object_ref(text);" before " e_text_do_popup (text, &(event->button),
get_position_from_xy (text, event->button.x, event->button.y));" in function e_text_event(),
that means: add ref to text before popup menu appear, BUT, when will we call "g_object_unref(text)" ???/?
(4) Maybe we can check codes of gnomecanvasitem, but we should konw:
when right click on minicard label, focus is correct, and minicard label has NOT been destroyed yet.
just when popup menu appear, we can find that minicard label disappear and been distroyed in codes of AB.
(or remodel() should not been called here???)
so we should so something in evolution, and maybe canvasitem can also detect current canvas item is VALID or not.
4) Chris, can you give some suggestons? thx
regards
leon
Note:
I add two lines of codes here to trace the exact value of minicardlabel which will be distroyed and its EText:
EMinicardLabel *e_minicard_label = E_MINICARD_LABEL(GTK_OBJECT(field->label));
EText *t = E_TEXT(e_minicard_label->field);
BEFORE: -----------------------------
$9 = (EText *) 0x83a3638
(gdb) p *t
$10 = {item = {object = {parent_instance = {g_type_instance = {g_class = 0x42131348}, ref_count = 138028408, qdata =
0xaaaaaaaa},
flags = 2863311530}, canvas = 0xaaaaaaaa, parent = 0xaaaaaaaa, xform = 0xaaaaaaaa, x1 = -3.7206620809969885e-103,
y1 = -3.7206620809969885e-103, x2 = -3.7206620809969885e-103, y2 = -3.7206620809969885e-103}, model = 0xaaaaaaaa,
model_changed_signal_id = -1431655766, model_repos_signal_id = -1431655766, text = 0xaaaaaaaa <Address 0xaaaaaaaa out
of bounds>,
layout = 0xaaaaaaaa, num_lines = -1431655766, revert = 0xaaaaaaaa <Address 0xaaaaaaaa out of bounds>, anchor =
2863311530,
justification = 2863311530, clip_width = -3.7206620809969885e-103, clip_height = -3.7206620809969885e-103, xofs =
-3.7206620809969885e-103,
yofs = -3.7206620809969885e-103, color = {pixel = 2863311530, red = 43690, green = 43690, blue = 43690}, stipple =
0xaaaaaaaa, gc = 0xaaaaaaaa,
cx = -1431655766, cy = -1431655766, text_cx = -1431655766, text_cy = -1431655766, clip_cx = -1431655766, clip_cy =
-1431655766,
clip_cwidth = -1431655766, clip_cheight = -1431655766, max_width = -1431655766, width = -1431655766, height =
-1431655766, rgba = 2863311530,
affine = {-3.7206620809969885e-103, -3.7206620809969885e-103, -3.7206620809969885e-103, -3.7206620809969885e-103,
-3.7206620809969885e-103,
-3.7206620809969885e-103}, ellipsis = 0xaaaaaaaa <Address 0xaaaaaaaa out of bounds>, ellipsis_width =
-3.7206620809969885e-103,
xofs_edit = -1431655766, yofs_edit = -1431655766, selection_start = -1431655766, selection_end = -1431655766,
select_by_word = -1431655766,
timeout_id = -1431655766, timer = 0xaaaaaaaa, lastx = -1431655766, lasty = -1431655766, last_state = -1431655766,
scroll_start = 2863311530,
show_cursor = -1431655766, button_down = -1431655766, tep = 0xaaaaaaaa, tep_command_id = -1431655766, has_selection =
-1431655766, clip = 0,
fill_clip_rectangle = 1, pointer_in = 0, default_cursor_shown = 1, draw_borders = 0, draw_background = 1, draw_button
= 0, line_wrap = 1,
needs_redraw = 0, needs_recalc_bounds = 1, needs_calc_height = 0, needs_split_into_lines = 1, needs_reset_layout = 0,
bold = 1, strikeout = 0,
tooltip_owner = 1, allow_newlines = 0, use_ellipsis = 1, editable = 0, editing = 1,
break_characters = 0xaaaaaaaa <Address 0xaaaaaaaa out of bounds>, max_lines = -1431655766, default_cursor =
0xaaaaaaaa, i_cursor = 0xaaaaaaaa,
tooltip_timeout = -1431655766, tooltip_count = -1431655766, dbl_timeout = -1431655766, tpl_timeout = -1431655766,
last_type_request = -1431655766,
last_time_request = 2863311530, last_selection_request = 0xaaaaaaaa, queued_requests = 0xaaaaaaaa, im_context =
0xaaaaaaaa,
need_im_reset = -1431655766, im_context_signals_registered = -1431655766, handle_popup = 392}
AFTER: -----------------------------
(gdb) p t
$7 = (EText *) 0x83a3638
(gdb) p *t
$8 = {item = {object = {parent_instance = {g_type_instance = {g_class = 0x82031c8}, ref_count = 1, qdata = 0x835ecb8},
flags = 4272},
canvas = 0x8301e48, parent = 0x83a2580, xform = 0x83a3890, x1 = 98, y1 = 115, x2 = 181, y2 = 132}, model = 0x83b43d0,
model_changed_signal_id = 1794, model_repos_signal_id = 1795, text = 0x83a31f8 "", layout = 0x83a1d78, num_lines = 1,
revert = 0x0,
anchor = GTK_ANCHOR_NORTH_WEST, justification = GTK_JUSTIFY_LEFT, clip_width = 83.25, clip_height = -1, xofs = 0,
yofs = 0, color = {pixel = 0,
red = 0, green = 0, blue = 0}, stipple = 0x0, gc = 0x83bd360, cx = 98, cy = 115, text_cx = 98, text_cy = 115,
clip_cx = 98, clip_cy = 115,
clip_cwidth = 83, clip_cheight = 17, max_width = 0, width = 0, height = 17, rgba = 255, affine = {0, 0, 0, 0, 0, 0},
ellipsis = 0x0,
ellipsis_width = 12288, xofs_edit = 0, yofs_edit = 0, selection_start = 0, selection_end = 0, select_by_word = 0,
timeout_id = 0, timer = 0x0,
lastx = 79, lasty = 119, last_state = 0, scroll_start = 2, show_cursor = 0, button_down = 0, tep = 0x83abc98,
tep_command_id = 1798,
has_selection = 0, clip = 1, fill_clip_rectangle = 0, pointer_in = 1, default_cursor_shown = 1, draw_borders = 0,
draw_background = 0,
draw_button = 0, line_wrap = 0, needs_redraw = 0, needs_recalc_bounds = 0, needs_calc_height = 0,
needs_split_into_lines = 0,
needs_reset_layout = 0, bold = 0, strikeout = 0, tooltip_owner = 0, allow_newlines = 0, use_ellipsis = 1, editable =
1, editing = 0,
break_characters = 0x0, max_lines = -1, default_cursor = 0x83a3938, i_cursor = 0x83bf9c8, tooltip_timeout = 0,
tooltip_count = 0, dbl_timeout = 0,
tpl_timeout = 0, last_type_request = -1, last_time_request = 0, last_selection_request = 0x0, queued_requests = 0x0,
im_context = 0x8301d30,
need_im_reset = 0, im_context_signals_registered = 0, handle_popup = 0}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
