[Xfce-bugs] [Bug 15792] New: Crash with SIGSEGV in libgtk-3.so

bugzilla-daemon at xfce.org bugzilla-daemon at xfce.org
Wed Aug 7 13:00:59 CEST 2019 

https://bugzilla.xfce.org/show_bug.cgi?id=15792

            Bug ID: 15792
           Summary: Crash with SIGSEGV in libgtk-3.so
    Classification: Apps
           Product: Xfce4-screenshooter
           Version: unspecified
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: Medium
         Component: General
          Assignee: xfce-bugs at xfce.org
          Reporter: pmenzel+bugzilla.xfce.org at molgen.mpg.de
  Target Milestone: ---

After upgrading some GTK+, gtkmm, and GLib components, xfce4-screenshooter
crashes now in `libgtk-3.so.0.2404.6`. GTK+ upstream says, it is a dangling
GtkWidget * pointer that's been freed elsewhere [1]. It only happens when using
*Select a region*.

Rebuilding xfce4-screenshooter from git does not help. With `./configure
--enable-debug=full` the GDB output looks like below.

(gdb) run
Starting program: /dev/shm/xfce4-screenshooter/src/xfce4-screenshooter 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
TRACE[lib/screenshooter-utils.c:130] screenshooter_read_rc_file(): Open the rc
file
TRACE[lib/screenshooter-utils.c:136] screenshooter_read_rc_file(): Read the
entries
TRACE[lib/screenshooter-utils.c:158] screenshooter_read_rc_file(): Close the rc
file
TRACE[lib/screenshooter-utils.c:165] screenshooter_read_rc_file(): Set the
values of the struct
[New Thread 0x7fffeb035700 (LWP 14261)]
[New Thread 0x7fffea834700 (LWP 14262)]
[New Thread 0x7fffe8f82700 (LWP 14263)]
TRACE[lib/screenshooter-capture.c:1394] screenshooter_capture_screenshot(): Let
the user select the region to screenshot
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:569] cb_button_pressed(): Left button pressed
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with
left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with
left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with
left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with
left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with
left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with
left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with
left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with
left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with
left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with
left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with
left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with
left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.

Thread 1 "xfce4-screensho" received signal SIGSEGV, Segmentation fault.
0x00007ffff6e74f16 in gtk_widget_destroy (widget=0x804270)
    at /dev/shm/bee-root/gtk3/gtk3-3.24.10-0/source/gtk/gtkwidget.c:4770
4770      g_return_if_fail (GTK_IS_WIDGET (widget));
(gdb) set pagination off
(gdb) l
4765     * See also: gtk_container_remove()
4766     */
4767    void
4768    gtk_widget_destroy (GtkWidget *widget)
4769    {
4770      g_return_if_fail (GTK_IS_WIDGET (widget));
4771    
4772      if (!widget->priv->in_destruction)
4773        g_object_run_dispose (G_OBJECT (widget));
4774    }
(gdb) bt
#0  0x00007ffff6e74f16 in gtk_widget_destroy (widget=0x804270) at
/dev/shm/bee-root/gtk3/gtk3-3.24.10-0/source/gtk/gtkwidget.c:4770
#1  0x000000000040c951 in get_rectangle_screenshot_composited (delay=4) at
lib/screenshooter-capture.c:963
#2  0x000000000040dbc9 in screenshooter_capture_screenshot (region=3, delay=4,
show_mouse=1, plugin=0) at lib/screenshooter-capture.c:1398
#3  0x000000000040a49f in take_screenshot_idle (sd=0x431600) at
lib/screenshooter-actions.c:136
#4  0x00007ffff4a5ff25 in g_main_dispatch (context=0x475280) at
../source/glib/gmain.c:3189
#5  g_main_context_dispatch (context=context at entry=0x475280) at
../source/glib/gmain.c:3854
#6  0x00007ffff4a602c8 in g_main_context_iterate (context=0x475280,
block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at
../source/glib/gmain.c:3927
#7  0x00007ffff4a605d2 in g_main_loop_run (loop=0x653ae0) at
../source/glib/gmain.c:4123
#8  0x00007ffff6d40515 in gtk_main () at
/dev/shm/bee-root/gtk3/gtk3-3.24.10-0/source/gtk/gtkmain.c:1323
#9  0x000000000040a01b in main (argc=1, argv=0x7fffffffe7d8) at src/main.c:337
(gdb) frame 1
#1  0x000000000040c951 in get_rectangle_screenshot_composited (delay=4) at
lib/screenshooter-capture.c:963
963       gtk_widget_destroy (rbdata.size_window);
(gdb) l
958                                                  rbdata.rectangle.width,
959                                                  rbdata.rectangle.height,
960                                                  delay);
961     
962       cleanup:
963       gtk_widget_destroy (rbdata.size_window);
964       gdk_seat_ungrab (seat);
965       gdk_display_flush (display);
966     
967       return screenshot;
(gdb) bt f
#0  0x00007ffff6e74f16 in gtk_widget_destroy (widget=0x804270) at
/dev/shm/bee-root/gtk3/gtk3-3.24.10-0/source/gtk/gtkwidget.c:4770
        __inst = 0x804270
        __t = 4724816
        __r = <optimized out>
        _g_boolean_var_ = <optimized out>
        __func__ = "gtk_widget_destroy"
#1  0x000000000040c951 in get_rectangle_screenshot_composited (delay=4) at
lib/screenshooter-capture.c:963
        window = 0x773940
        rbdata = {left_pressed = 1, rubber_banding = 1, cancelled = 0,
move_rectangle = 0, anchor = 0, x = 862, y = 445, x_root = 862, y_root = 445,
rectangle = {x = 862, y = 445, width = 415, height = 181}, size_window =
0x804270, size_label = 0x44f8d0}
        screenshot = 0x781980
        res = GDK_GRAB_SUCCESS
        seat = 0x462680
        xhair_cursor = 0x560d40
        display = 0x44f0e0
        screen_geometry = {x = 10, y = 0, width = 1920, height = 1080}
#2  0x000000000040dbc9 in screenshooter_capture_screenshot (region=3, delay=4,
show_mouse=1, plugin=0) at lib/screenshooter-capture.c:1398
        screenshot = 0x0
        window = 0x0
        screen = 0x456020
        display = 0x44f0e0
        border = 8337664
        needs_unref = 1
        __func__ = "screenshooter_capture_screenshot"
#3  0x000000000040a49f in take_screenshot_idle (sd=0x431600) at
lib/screenshooter-actions.c:136
No locals.
#4  0x00007ffff4a5ff25 in g_main_dispatch (context=0x475280) at
../source/glib/gmain.c:3189
        dispatch = 0x7ffff4a5c970 <g_idle_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x431600
        callback = 0x40a471 <take_screenshot_idle>
        cb_funcs = 0x7ffff4d2d920 <g_source_callback_funcs>
        cb_data = 0x7f3820
        need_destroy = <optimized out>
        source = 0x5c2810
        current = 0x4d57a0
        i = 1
        current = <optimized out>
        i = <optimized out>
        source = <optimized out>
        _g_boolean_var_ = <optimized out>
        was_in_call = <optimized out>
        user_data = <optimized out>
        callback = <optimized out>
        cb_funcs = <optimized out>
        cb_data = <optimized out>
        need_destroy = <optimized out>
        dispatch = <optimized out>
        prev_source = <optimized out>
        _g_boolean_var_ = <optimized out>
#5  g_main_context_dispatch (context=context at entry=0x475280) at
../source/glib/gmain.c:3854
No locals.
#6  0x00007ffff4a602c8 in g_main_context_iterate (context=0x475280,
block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at
../source/glib/gmain.c:3927
        max_priority = 200
        timeout = 0
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = 3
        fds = 0x79af40
#7  0x00007ffff4a605d2 in g_main_loop_run (loop=0x653ae0) at
../source/glib/gmain.c:4123
        self = <optimized out>
        __FUNCTION__ = "g_main_loop_run"
#8  0x00007ffff6d40515 in gtk_main () at
/dev/shm/bee-root/gtk3/gtk3-3.24.10-0/source/gtk/gtkmain.c:1323
        loop = 0x653ae0
#9  0x000000000040a01b in main (argc=1, argv=0x7fffffffe7d8) at src/main.c:337
        cli_error = 0x0
        default_save_dir = 0x4bcd20
        rc_file = 0x4b57e0 "/home/pmenzel/.config/xfce4/xfce4-screenshooter"
        conflict_error = 0x4172b8 "Conflicting options: --%s and --%s cannot be
used at the same time.\n"
        ignore_error = 0x417318 "The --%s option is only used when
--fullscreen, --window or --region is given. It will be ignored.\n"
        sd = 0x431600
        __func__ = "main"

[1]: https://gitlab.gnome.org/GNOME/gtk/issues/2083

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Xfce-bugs mailing list