Re: GTK+ 2.2.1 crashes

From: Hans Petter Jansson <hpj ximian com>
To: Owen Taylor <otaylor redhat com>
Cc: gtk-devel-list gnome org
Subject: Re: GTK+ 2.2.1 crashes
Date: 14 May 2003 19:23:11 -0500

On Wed, 2003-05-14 at 16:38, Owen Taylor wrote:
> On Wed, 2003-05-14 at 16:06, Hans Petter Jansson wrote:

> It wasn't clear to me what you mean by "apparently been fixed on the 2.2
> branch in CVS".  I guess you mean "I tested it with 2.2 and it didn't
> happen".
> 
> It's also not clear what you mean to me by "not in HEAD". Do you mean
> you tested it with HEAD and it was broken or do you mean that you
> didn't test it with HEAD?
> 
> We have a policy that all bug fixes in 2.2 go *immediately* into HEAD.

What I meant was "not fixed in HEAD". Here's how it looks:

GTK_2_2_1: Crash.
HEAD:      Crash.
gtk-2-2:   No crash.

With checkouts made today and the test case I attached earlier.
GTK_2_2_1 and HEAD yield the same stack traces. gtk-2-2 doesn't exhibit
any misbehaviour.

> > It could be serious, since it's memory corrupting and appears to happen
> > in a memcpy () somewhere under gdk_draw_pixbuf () [the rest of the stack
> > trace seems imprecise]. Most of the time it doesn't crash, it just
> > writes outside its buffer. That code has undergone a revamp on the 2.2
> > branch, and I guess that's why the bad behaviour went away, although I
> > don't see a reference to the problem in the ChangeLog.

> I don't remember any changes to gdk_draw_pixbuf() in 2.2 that aren't in
> HEAD; can you give a particular reference to what you are talking about?

I just saw there were a bunch of changes in gdk/x11/ (where the only
likely memcpy()s were) from GTK_2_2_1 to gtk-2-2. I have a better stack
trace now, which shows that the memory violation happens in
convert_to_format() at gdkdrawable-x11.c:1167 (today's HEAD). That file
is identical in gtk-2-2 and HEAD, so I was probably wrong and the
problem lies somewhere else (see attached full trace).

Although 2.2 might have the bug too; it might just not show under the
same circumstances.

Sorry for not coming up with better information, or a patch. I'm not
familiar with this code, and the bug doesn't look trivial. I'm still
looking at it, though.

-- 
Hans Petter

(gdb) bt
#0  vg_do_syscall3 (syscallno=4294966784, arg1=18461, arg2=0, arg3=0)
    at vg_mylibc.c:92
#1  0x0000481d in ?? ()
#2  0x4015f621 in memcpy (dst=0xbfffeb20, src=0xfffffe00, len=18461)
    at vg_clientfuncs.c:501
#3  0x404693b3 in convert_to_format (src_buf=0x41bba93c "",
    src_rowstride=1024, dest_buf=0x43424700 "", dest_rowstride=1024,
    dest_format=FORMAT_EXACT_MASK, dest_byteorder=GDK_LSB_FIRST, width=113,
    height=16) at gdkdrawable-x11.c:1167
#4  0x4046955b in draw_with_images (drawable=0x71, gc=0x425c1560,
    format_type=FORMAT_EXACT_MASK, format=0x41b22e20, mask_format=0x4261b918,
    src_rgb=0x41bba93c "", src_rowstride=1024, dest_x=0, dest_y=1, width=113,
    height=16) at gdkdrawable-x11.c:1334
#5  0x40469843 in gdk_x11_draw_pixbuf (drawable=0x4327f780, gc=0x425c1560,
    pixbuf=0x41bbe810, src_x=143, src_y=0, dest_x=0, dest_y=1, width=113,
    height=16, dither=GDK_RGB_DITHER_NORMAL, x_dither=-145, y_dither=0)
    at gdkdrawable-x11.c:1517
#6  0x404471b1 in gdk_draw_pixbuf (drawable=0x4327f780, gc=0x425c1560,
    pixbuf=0x41bbe810, src_x=143, src_y=0, dest_x=0, dest_y=1, width=113,
    height=16, dither=GDK_RGB_DITHER_NORMAL, x_dither=-145, y_dither=0)
    at gdkdraw.c:768
#7  0x4044fe91 in gdk_pixmap_draw_pixbuf (drawable=0xfffffe00, gc=0x425c1560,
    pixbuf=0x41bbe810, src_x=143, src_y=0, dest_x=0, dest_y=1, width=113,
    height=16, dither=GDK_RGB_DITHER_NORMAL, x_dither=-145, y_dither=0)
    at gdkpixmap.c:405
#8  0x404471b1 in gdk_draw_pixbuf (drawable=0x4327c768, gc=0x425c1560,
    pixbuf=0x41bbe810, src_x=143, src_y=0, dest_x=0, dest_y=1, width=113,
    height=16, dither=GDK_RGB_DITHER_NORMAL, x_dither=-145, y_dither=0)
    at gdkdraw.c:768
#9  0x4045af1c in gdk_window_draw_pixbuf (drawable=0x425ca7c8, gc=0x425c1560,
    pixbuf=0x41bbe810, src_x=143, src_y=0, dest_x=0, dest_y=1, width=113,
    height=16, dither=GDK_RGB_DITHER_NORMAL, x_dither=-145, y_dither=0)
    at gdkwindow.c:1942
#10 0x404471b1 in gdk_draw_pixbuf (drawable=0x425ca7c8, gc=0x425c1560,
    pixbuf=0x41bbe810, src_x=143, src_y=0, dest_x=145, dest_y=1, width=113,
    height=16, dither=GDK_RGB_DITHER_NORMAL, x_dither=0, y_dither=0)
    at gdkdraw.c:768
#11 0x40252cb7 in gtk_cell_renderer_pixbuf_render (cell=0xbfffeeb0,
    window=0x425ca7c8, widget=0x41b7cb18, background_area=0xbfffefe0,
    cell_area=0xbfffeff0, expose_area=0xbffff66c,
    flags=GTK_CELL_RENDERER_SELECTED) at gtkcellrendererpixbuf.c:451
#12 0x4024ea70 in gtk_cell_renderer_render (cell=0x41b98028,
    window=0x425ca7c8, widget=0x41b7cb18, background_area=0xbfffefe0,
    cell_area=0xbfffeff0, expose_area=0xbffff66c,
    flags=GTK_CELL_RENDERER_SELECTED) at gtkcellrenderer.c:512
#13 0x4038c2f9 in gtk_tree_view_column_cell_process_action (
    tree_column=0x41b9c738, window=0x425ca7c8, background_area=0xbffff180,
    cell_area=0xbffff170, flags=1, action=0, expose_area=0xbffff66c,
    focus_rectangle=0x0, editable_widget=0x0, event=0x0, path_string=0x0)
    at gtktreeviewcolumn.c:2586
#14 0x4038c3db in _gtk_tree_view_column_cell_render (tree_column=0x41b9c738,
    window=0x425ca7c8, background_area=0xbffff180, cell_area=0xbffff170,
    expose_area=0xbffff66c, flags=1) at gtktreeviewcolumn.c:2904
#15 0x40378bf6 in gtk_tree_view_bin_expose (widget=0x41b7cb18,
    event=0xbffff660) at gtktreeview.c:3208
#16 0x402c7f41 in _gtk_marshal_BOOLEAN__BOXED (closure=0xbffff444,
    return_value=0xbffff310, n_param_values=2, param_values=0xbffff430,
    invocation_hint=0xbffff338, marshal_data=0x40378edc) at gtkmarshalers.c:82
#17 0x40555bee in g_type_class_meta_marshal (closure=0x41b52ed0,
    return_value=0xbffff310, n_param_values=2, param_values=0xbffff430,
    invocation_hint=0xbffff338, marshal_data=0x425bed18) at gclosure.c:514
#18 0x4055594e in g_closure_invoke (closure=0x41b52ed0,
    return_value=0xbffff310, n_param_values=2, param_values=0xbffff430,
    invocation_hint=0xbffff338) at gclosure.c:437
#19 0x40564f14 in signal_emit_unlocked_R (node=0x41b53110, detail=0,
    instance=0x41b7cb18, emission_return=0xbffff3d0,
    instance_and_params=0xbffff430) at gsignal.c:2860
#20 0x40564399 in g_signal_emit_valist (instance=0x41b7cb18, signal_id=0,
    detail=0, var_args=0xbffff5c0 "????8\005?A????\221{9 ????")
    at gsignal.c:2564
#21 0x40564763 in g_signal_emit (instance=0x41b7cb18, signal_id=39, detail=0)
    at gsignal.c:2612
#22 0x40397d43 in gtk_widget_event_internal (widget=0x41b7cb18,
    event=0xbffff660) at gtkwidget.c:3143
#23 0x402c6bdf in gtk_main_do_event (event=0xbffff660) at gtkmain.c:1462
#24 0x4045b5f2 in gdk_window_process_updates_internal (window=0x425ca7c8)
    at gdkwindow.c:2131
#25 0x4045b692 in gdk_window_process_all_updates () at gdkwindow.c:2166
#26 0x4045b6f6 in gdk_window_update_idle (data=0x0) at gdkwindow.c:2180
#27 0x405a5b88 in g_idle_dispatch (source=0x4263a8d0,
    callback=0x4045b6c8 <gdk_window_update_idle>, user_data=0x0)
    at gmain.c:3164
#28 0x405a3407 in g_main_dispatch (context=0x41b3a830) at gmain.c:1653
#29 0x405a4309 in g_main_context_dispatch (context=0x41b3a830) at gmain.c:2197
#30 0x405a460f in g_main_context_iterate (context=0x41b3a830, block=1,
    dispatch=1, self=0x42591d20) at gmain.c:2278
#31 0x405a4c5e in g_main_loop_run (loop=0x4260a110) at gmain.c:2498
#32 0x402c64a7 in gtk_main () at gtkmain.c:1093
#33 0x08048db7 in main ()
#34 0x405fb907 in __libc_start_main () from /lib/libc.so.6

Follow-Ups:
- Re: GTK+ 2.2.1 crashes
  - From: Owen Taylor

References:
- GTK+ 2.2.1 crashes
  - From: Hans Petter Jansson
- Re: GTK+ 2.2.1 crashes
  - From: Owen Taylor
- Re: GTK+ 2.2.1 crashes
  - From: Hans Petter Jansson
- Re: GTK+ 2.2.1 crashes
  - From: Owen Taylor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]