[Pidgin] #3290: Crash when destroying gtkimhtml with highlighted text
Pidgin
trac at pidgin.im
Mon Sep 24 03:54:10 EDT 2007
#3290: Crash when destroying gtkimhtml with highlighted text
--------------------------+-------------------------------------------------
Reporter: MarkDoliner | Owner: seanegan
Type: defect | Status: new
Priority: minor | Milestone:
Component: pidgin (gtk) | Version: 2.2.0
Keywords: | Pending: 0
--------------------------+-------------------------------------------------
I'm not sure exactly what triggers this crash, but I can usually reproduce
it by doing something like the following:
1. Select "New..." from the status box
2. Type some text, hit CTRL+a then CTRL+x
3. Click on "Use"
4. Repeat steps 1 through 3 until it crashes
The crash is clipboard related. My guess is that we're putting stuff in
the clipboard, then we free and destroy the imhtml and consequently the
data in the clipboard, then the next time we go to put stuff in the
clipboard we double-free the previous contents. Maybe we need to strdup()
something before adding it to the clipboard? Sean, you're way more
familiar with this stuff than I am.
Valgrind shows the backtrace. Sometimes it crashes here, sometimes it
crashes after this:
{{{
Invalid read of size 8
at 0x8A69658: g_object_steal_qdata (in
/usr/lib/libgobject-2.0.so.0.1200.11)
by 0x6486E20: (within /usr/lib/libgtk-x11-2.0.so.0.1000.11)
by 0x6488095: (within /usr/lib/libgtk-x11-2.0.so.0.1000.11)
by 0x6488240: gtk_clipboard_set_with_owner (in
/usr/lib/libgtk-x11-2.0.so.0.1000.11)
by 0x046ED21: gtk_imhtml_finalize (gtkimhtml.c:1272)
by 0x8A6A6A7: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1200.11)
by 0x63C385E: (within /usr/lib/libgtk-x11-2.0.so.0.1000.11)
by 0x62EC3F0: (within /usr/lib/libgtk-x11-2.0.so.0.1000.11)
by 0x8A68897: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1200.11)
by 0x8A78B9A: (within /usr/lib/libgobject-2.0.so.0.1200.11)
by 0x8A79842: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1200.11)
by 0x8A79A12: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.11)
Address 0xBADBED0 is not stack'd, malloc'd or (recently) free'd
}}}
Lines 1271 and 1272 of gtkimhtml.c are:
{{{
if (clipboard_selection)
gtk_clipboard_set_with_owner(clipboard_selection,
selection_targets, sizeof(selection_targets) /
sizeof(GtkTargetEntry),
(GtkClipboardGetFunc)gtk_imhtml_clipboard_get,
(GtkClipboardClearFunc)NULL, G_OBJECT(imhtml));
}}}
Which Sean committed in revision 4ced433906d17bb2758a2b010ce264314d17fe04
with the following message:
{{{
Maintain global poitners to the clipboard selection text, with the aim of
keeping that selection from disappearing when the widget is destroyed.
The GtkTextView destructor gives up the clipboard selection, so I have to
grab it back after calling the destructor. I don't care for that hack.
I don't know how this effects Windows
Fixes #391
}}}
--
Ticket URL: <http://developer.pidgin.im/ticket/3290>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list