Compiz

gtk-window-decorator segfaults

Bug #1847129 reported by Philipp
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Compiz
New
Undecided
Unassigned

Bug Description

gtk-window-decorator segfaults immediately after starting it. I'm using the current git version (2019-09-18).

My guess is that the error occurs in gtk/window-decorator/gwd-theme.c:

  568: GWDThemePrivate *priv = gwd_theme_get_instance_private (theme);

If gwd_theme_get_instance_private returns NULL, the next line (which is reference by Valgrind) tries to read from NULL:

  569: const gchar *titlebar_font = gwd_settings_get_titlebar_font (priv->settings);

My Compiz is not built with Metacity support. Isn't there a default theme built in?

I'm on Gentoo using glibc 2.30, glib 2.60.7, and gtk+ 3.24.11.

==10271== Memcheck, a memory error detector
==10271== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==10271== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==10271== Command: gtk-window-decorator
==10271==
==10271== Invalid read of size 8 [11/1801]
==10271== at 0x11B2D1: gwd_theme_update_titlebar_font (gwd-theme.c:569)
==10271== by 0x110593: update_titlebar_font_cb (gtk-window-decorator.c:140)
==10271== by 0x52D6922: g_cclosure_marshal_VOID__VOIDv (gmarshal.c:165)
==10271== by 0x52D44AD: _g_closure_invoke_va (gclosure.c:873)
==10271== by 0x52F3A2E: g_signal_emit_valist (gsignal.c:3300)
==10271== by 0x52F4AD0: g_signal_emit (gsignal.c:3447)
==10271== by 0x11DC99: update_titlebar_font (gwd-settings.c:133)
==10271== by 0x11E638: invoke_notify_func (gwd-settings.c:173)
==10271== by 0x537BB9D: g_list_foreach (glist.c:1013)
==10271== by 0x11DF67: release_notify_funcs (gwd-settings.c:182)
==10271== by 0x11E81C: gwd_settings_thaw_updates (gwd-settings.c:516)
==10271== by 0x110D4C: main (gtk-window-decorator.c:383)
==10271== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==10271==
==10271==
==10271== Process terminating with default action of signal 11 (SIGSEGV)
==10271== Access not within mapped region at address 0x0
==10271== at 0x11B2D1: gwd_theme_update_titlebar_font (gwd-theme.c:569)
==10271== by 0x110593: update_titlebar_font_cb (gtk-window-decorator.c:140)
==10271== by 0x52D6922: g_cclosure_marshal_VOID__VOIDv (gmarshal.c:165)
==10271== by 0x52D44AD: _g_closure_invoke_va (gclosure.c:873)
==10271== by 0x52F3A2E: g_signal_emit_valist (gsignal.c:3300)
==10271== by 0x52F4AD0: g_signal_emit (gsignal.c:3447)
==10271== by 0x11DC99: update_titlebar_font (gwd-settings.c:133)
==10271== by 0x11E638: invoke_notify_func (gwd-settings.c:173)
==10271== by 0x537BB9D: g_list_foreach (glist.c:1013)
==10271== by 0x11DF67: release_notify_funcs (gwd-settings.c:182)
==10271== by 0x11E81C: gwd_settings_thaw_updates (gwd-settings.c:516)
==10271== by 0x110D4C: main (gtk-window-decorator.c:383)
==10271== If you believe this happened as a result of a stack
==10271== overflow in your program's main thread (unlikely but
==10271== possible), you can try to increase the size of the
==10271== main thread stack using the --main-stacksize= flag.
==10271== The main thread stack size used in this run was 8388608.
==10271==
==10271== HEAP SUMMARY:
==10271== in use at exit: 1,376,493 bytes in 14,172 blocks
==10271== total heap usage: 182,891 allocs, 168,719 frees, 9,861,647 bytes allocated
==10271==
==10271== LEAK SUMMARY:
==10271== definitely lost: 168 bytes in 5 blocks
==10271== indirectly lost: 95 bytes in 2 blocks
==10271== possibly lost: 3,720 bytes in 45 blocks
==10271== still reachable: 1,303,606 bytes in 13,559 blocks
==10271== of which reachable via heuristic:
==10271== length64 : 2,568 bytes in 45 blocks
==10271== newarray : 1,904 bytes in 39 blocks
==10271== suppressed: 0 bytes in 0 blocks
==10271== Rerun with --leak-check=full to see details of leaked memory
==10271==
==10271== For lists of detected and suppressed errors, rerun with: -s
==10271== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

Revision history for this message
Alberts Muktupāvels (muktupavels) wrote :

Yes, there is default / built-in theme - Cairo!

I tried to rebuild compiz with -DUSE_METACITY=OFF, but I can not reproduce crash. Have you changed some settings or something else that could affect gtk-window-decorator?

gwd_theme_get_instance_private would not/should not return NULL if theme object is valid...

Revision history for this message
Philipp (trilean) wrote :
Download full text (3.2 KiB)

Hi,

I've added some debugging code:

568: GWDThemePrivate *priv = gwd_theme_get_instance_private (theme);
569: printf("MYDEBUG: priv = %p\n", priv);
570: const gchar *titlebar_font = gwd_settings_get_titlebar_font (priv->settings);
570: printf("MYDEBUG: titlebar_font = %p\n", titlebar_font);

And indeed I get:

  MYDEBUG: priv = (nil)

...and it segfaults.

My build configuration is:

  -DUSE_PROTOBUF=yes
  -DUSE_GLES=no
  -DUSE_GTK=yes
  -DUSE_GNOME=no
  -DUSE_INOTIFY=yes
  -DUSE_METACITY=no

CMake output:

************************************************************
* Compiz Buildsystem *
* *
* Package : Compiz *
* Version : 0.9.14.0 *
************************************************************

Optional features:

   GLESv2 : No
   gtk window decorator : Yes
   metacity theme support : No
   gnome : No
   protocol buffers : Yes
   file system change notifications : Yes
************************************************************

Plugin configure check results:

  addhelper : Yes
  animation : Yes
  animationaddon: Yes
  animationjc : Yes
  animationplus : Yes
  annotate : Yes
  bench : Yes
  bicubic : Disabled
  blur : Yes
  ccp : Yes
  clone : Yes
  colorfilter : Yes
  commands : Yes
  compiztoolbox : Yes
  composite : Yes
  copytex : Yes
  crashhandler : Yes
  cube : Yes
  cubeaddon : Yes
  dbus : No (Missing dependencies :)
  decor : Yes
  expo : Yes
  extrawm : Yes
  ezoom : Yes
  fade : Yes
  fadedesktop : Yes
  firepaint : Yes
  freewins : Yes
  gears : Yes
  gnomecompat : Yes
  grid : Yes
  group : Disabled
  imgjpeg : Yes
  imgpng : Yes
  imgsvg : Yes
  inotify : Yes
  loginout : Disabled
  mag : Yes
  matecompat : Yes
  maximumize : Yes
  mblur : Yes
  mousepoll : Yes
  move : Yes
  neg : Yes
  notification : No (Missing dependencies :)
  obs : Yes
  opacify : Yes
  opengl : Yes
  place : Yes
  put : Yes
  reflex : Disabled
  regex : Yes
  resize : Yes
  resizeinfo : Yes
  ring : Yes
  rotate : Yes
  scale : Yes
  scaleaddon : Yes
  scalefilter : Yes
  screenshot : Yes
  session : Yes
  shelf : Yes
  shift : Yes
  showdesktop : Yes
  showmouse : Yes
  showrepaint : Yes
  animationsim : Disabled
  snap : Yes
  splash : Yes
  stackswitch : Disabled
  staticswitcher: Yes
  switcher : Yes
  td : Yes
  text : Yes
  thumbnail : Yes
  titleinfo : Yes
  trailfocus : Yes
  trip : Disabled
  vpswitch : Yes
  wall : Yes
  wallpaper : Yes
  water : Yes
  widget : Yes
  winrules : Yes
  wizard : Yes
  wobbly ...

Read more...

Revision history for this message
Alberts Muktupāvels (muktupavels) wrote :

Then theme is NULL there...

Can you check if update_metacity_theme_cb is called in gtk-window-decorator.c? Add debug info for theme type and theme name. Also check if that function is called before gwd_theme_update_titlebar_font.

Looking at code I found some problems...
1) `GObject parent;` should be `GWDTheme parent;` in _GWDThemeMetacity and _GWDThemeCairo.
2) `g_set_object (&gwd_theme, gwd_theme_new (type, settings));` will cause memory leak. g_set_object is documented to increment the reference count of new object. Should be changed to something like this:
GWDTheme *theme;

theme = gwd_theme_new (type, settings);
g_set_object (&gwd_theme, theme);
g_object_unref (theme);

Revision history for this message
Philipp (trilean) wrote :

> Can you check if update_metacity_theme_cb is called in gtk-window-decorator.c?

`update_metacity_theme_cb` isn't called. The trace is `main` -> `update_titlebar_font_cb` -> `gwd_theme_update_titlebar_font` -> crash

Revision history for this message
Alberts Muktupāvels (muktupavels) wrote :

Could you test linked merge request?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.