280007 – Segfault in Oxygen::render_frame (widget is null)

Bug 280007 - Segfault in Oxygen::render_frame (widget is null)

Summary: Segfault in Oxygen::render_frame (widget is null)

Status:	CLOSED FIXED

Alias:	None

Product:	Oxygen
Classification:	Plasma
Component:	gtk2-engine (show other bugs)
Version:	unspecified
Platform:	Arch Linux Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Hugo Pereira Da Costa

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-08-13 07:54 UTC by Justin Gottula
Modified:	2011-09-13 22:21 UTC (History)
CC List:	4 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Supposed reverting patch (1.55 KB, patch) 2011-08-13 12:01 UTC, Ruslan Kabatsayev	Details
Debug output when running brasero. (22.06 KB, text/plain) 2011-08-13 12:37 UTC, Justin Gottula	Details
Debug output when running gedit. (25.70 KB, text/plain) 2011-08-13 12:38 UTC, Justin Gottula	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Justin Gottula 2011-08-13 07:54:46 UTC

Version:           unspecified (using KDE 4.7.0) 
OS:                Linux

I'm using oxygen-gtk3-git from Arch Linux's user repository (http://aur.archlinux.org/packages.php?ID=48627).

Recently I updated to the latest (as of 2011.08.12) git revision (from git://anongit.kde.org/oxygen-gtk) and now certain GTK3 apps (brasero 3.0.0 and gedit 3.0.6 confirmed) crash with a segmentation fault in /usr/lib/gtk-3.0/3.0.0/theming-engines/liboxygen-gtk.so. Other GTK3 apps (firefox, gnome-calculator, ...) run without any problems and have the proper theme.

To debug, I compiled the oxygen-gtk package with optimizations off and debugging symbols on and ran the affected applications under gdb, producing the attached backtrace.

A quick investigation into the cause of the crash indicated that widget is getting initialized to null somehow. I attempted to view the value of widget immediately after initialization, but gdb just told me the value was optimized away (despite having compiled with -O0). Printing the value to stdout indicated that it was zero immediately after initialization.

I opened up a backup of my root partition from a few weeks back and found that the version of liboxygen-gtk.so I had previously was from 2011.05.28 19:09 UTC (so whatever git HEAD was at that time). When I copied this version of the library over the version my system was using, the affected applications did not crash. So, I have confirmed that this is a bug that is newer than that date. If necessary, I can try to bisect my way through the git revisions and find the one responsible for this issue.

Reproducible: Always

Steps to Reproduce:
- Ensure brasero 3.0.0, gedit 3.0.7 installed
- Get latest git revision
- Compile & install /usr/lib/gtk-3.0/3.0.0/theming-engines/liboxygen-gtk.so
- Run the app

Actual Results:  
Segmentation fault

Expected Results:  
Not a segfault

Program received signal SIGSEGV, Segmentation fault.
0x00007fffe7dc53d6 in animatedRectangleIsValid (widget=0x0, 
    this=<optimized out>)
    at /home/jgottula/Arch/aur/oxygen-gtk3-git/src/oxygen-gtk/src/animations/oxygenmenubarstateengine.h:143
143     /home/jgottula/Arch/aur/oxygen-gtk3-git/src/oxygen-gtk/src/animations/oxygenmenubarstateengine.h: No such file or directory.
        in /home/jgottula/Arch/aur/oxygen-gtk3-git/src/oxygen-gtk/src/animations/oxygenmenubarstateengine.h
(gdb) bt
#0  0x00007fffe7dc53d6 in animatedRectangleIsValid (widget=0x0, 
    this=<optimized out>)
    at /home/jgottula/Arch/aur/oxygen-gtk3-git/src/oxygen-gtk/src/animations/oxygenmenubarstateengine.h:143
#1  Oxygen::render_frame (engine=<optimized out>, context=0x7ffff651ede0, x=0, 
    y=0, w=849, h=22)
    at /home/jgottula/Arch/aur/oxygen-gtk3-git/src/oxygen-gtk/src/oxygenthemingengine.cpp:944
#2  0x00007ffff6dc84ae in gtk_render_frame () from /usr/lib/libgtk-3.so.0
#3  0x00007ffff6d5cca7 in ?? () from /usr/lib/libgtk-3.so.0
#4  0x00007ffff6d4ef18 in ?? () from /usr/lib/libgtk-3.so.0
#5  0x00007ffff6e6efc0 in ?? () from /usr/lib/libgtk-3.so.0
#6  0x00007ffff579e1fe in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#7  0x00007ffff57aee9d in ?? () from /usr/lib/libgobject-2.0.so.0
#8  0x00007ffff57b856b in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
#9  0x00007ffff57b8952 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#10 0x00007ffff6e80c3a in ?? () from /usr/lib/libgtk-3.so.0
#11 0x00007ffff6e80d81 in gtk_widget_send_expose () from /usr/lib/libgtk-3.so.0
#12 0x00007ffff6d4ee1c in gtk_main_do_event () from /usr/lib/libgtk-3.so.0
#13 0x00007ffff69c2077 in ?? () from /usr/lib/libgdk-3.so.0
#14 0x00007ffff69c201b in ?? () from /usr/lib/libgdk-3.so.0
#15 0x00007ffff69c166f in ?? () from /usr/lib/libgdk-3.so.0
---Type <return> to continue, or q <return> to quit---
#16 0x00007ffff69c1ae0 in gdk_window_process_all_updates ()
   from /usr/lib/libgdk-3.so.0
#17 0x00007ffff6ccf296 in ?? () from /usr/lib/libgtk-3.so.0
#18 0x00007ffff69a7d1f in ?? () from /usr/lib/libgdk-3.so.0
#19 0x00007ffff52e329d in g_main_context_dispatch ()
   from /usr/lib/libglib-2.0.so.0
#20 0x00007ffff52e3a78 in ?? () from /usr/lib/libglib-2.0.so.0
#21 0x00007ffff52e40ba in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#22 0x00007ffff6d4dfbd in gtk_main () from /usr/lib/libgtk-3.so.0
#23 0x00000000004483b5 in brasero_app_run_mainwin ()
#24 0x000000000041c5ff in main ()

Comment 1 Justin Gottula 2011-08-13 08:08:42 UTC

Starting to bisect. 72f54a4a31cfc620d0be0eae488920c065eb321c looks good.

Comment 2 Justin Gottula 2011-08-13 08:30:25 UTC

I was able to use git bisect to find the first commit where the issue appears:

63e34f845837e2bf308184ac30727573db52ed30 is the first bad commit

Comment 3 Ruslan Kabatsayev 2011-08-13 10:00:45 UTC

Are you sure your bisect result is correct? The commit seems unrelated. Could you check if the issue appears when you git reset --hard 63e34f8^, and after you git reset --hard 63e34f8 ?

Comment 4 Justin Gottula 2011-08-13 11:23:13 UTC

Second time, bisect appears to be correct:

git reset --hard 63e34f8^
good

git reset --hard 63e34f8
segfault

Comment 5 Ruslan Kabatsayev 2011-08-13 12:01:11 UTC

Created attachment 62801 [details]
Supposed reverting patch

Does this patch revert to working state (merges appear to be somewhat tricky to handle when they appear to be bad commits)?

Also, note that oxygen-gtk3 isn't yet released and is in alpha stage, so shouldn't be used on production systems.

Comment 6 Justin Gottula 2011-08-13 12:18:45 UTC

Applying the patch to the latest git revision does resolve the problem.

Comment 7 Ruslan Kabatsayev 2011-08-13 12:25:20 UTC

Could you give terminal output having compiled latest git oxygen-gtk3 without this patch, setting OXYGEN_DEBUG to 1:
cmake -DOXYGEN_DEBUG=1 ..
?

Comment 8 Justin Gottula 2011-08-13 12:37:44 UTC

Created attachment 62805 [details]
Debug output when running brasero.

Comment 9 Justin Gottula 2011-08-13 12:38:11 UTC

Created attachment 62806 [details]
Debug output when running gedit.

Comment 10 Hugo Pereira Da Costa 2011-08-29 13:56:13 UTC

ok. After a couple of source compilation, I could have gedit-3.0 up and running and can reproduce. Will investigate.

Comment 11 Hugo Pereira Da Costa 2011-08-29 14:03:31 UTC

@Ruslan

I think I know the issue. 

Our WidgetLookup::initializeHook is called too soon, before any GtkWidget is created. So that the typeId is not set, and thus the hook not installed. Hence all the lookups fail, which result in crash.

Before the rootWindow patch, we were creating a GtkWidget manually, and did not have any of these issues.

All in all, should be fixable.

Comment 12 Hugo Pereira Da Costa 2011-08-29 14:04:15 UTC

PS: the GtkWidget type not being created is reflected by error messages a la:

 "Oxygen::Hook::connect - typeId GtkWidget not yet installed" 

in the log.

Comment 13 Hugo Pereira Da Costa 2011-08-29 14:35:18 UTC

Git commit c92b01fa01b90fa30bc51a85594664fdf2d8834f by Hugo Pereira Da Costa.
Committed on 29/08/2011 at 16:28.
Pushed by hpereiradacosta into branch '1.1'.

make sure to reference requested type at least once, when connecting Hook.
CCBUG: 280007

M  +1    -1    src/animations/oxygenhook.cpp

http://commits.kde.org/oxygen-gtk/c92b01fa01b90fa30bc51a85594664fdf2d8834f

Comment 14 Hugo Pereira Da Costa 2011-08-29 14:35:19 UTC

Git commit e78d1b164abf65cc0ed52a7910bd7335c4aaf076 by Hugo Pereira Da Costa.
Committed on 29/08/2011 at 16:11.
Pushed by hpereiradacosta into branch 'gtk3'.

added debug output
CCBUG: 280007

M  +4    -0    src/oxygenwidgetlookup.cpp

http://commits.kde.org/oxygen-gtk/e78d1b164abf65cc0ed52a7910bd7335c4aaf076

Comment 15 Hugo Pereira Da Costa 2011-08-29 14:36:27 UTC

commit from Comment #13 fixes it (in what is I think an elegant and safe way).
Should also fix other issues here and there of un-initialized hooks. So I backported to the gtk2 branches.

Closing.

Comment 16 Justin Gottula 2011-08-29 22:23:30 UTC

Problem is resolved on my end with the latest git version.