Applications segfault with gtk+ version 2.17.2 when selecting listbox values

I'm not sure what else I need to attach.

Thank you for your bug report. The issue is an upstream one and it would be nice if somebody having it could send the bug the to the people writting the software (https://wiki.ubuntu.com/Bugs/Upstream/GNOME)

I applied two patches from git repo:

3d527afadb802c9027365480023f8aeda18e7ad7
bgo#586315 - gtk_file_chooser_list_shortcut_folders() was crashing

3c75004474b099ff695c0d3d1835c245a550f12f
Don't set the sort column when there is no model

With these two patches, this bug disappears.
I put compiled packages in my ppa:

deb http://ppa.launchpad.net/portis25/ppa/ubuntu karmic main
deb-src http://ppa.launchpad.net/portis25/ppa/ubuntu karmic main

Forget my previous message. It's not resolved. Sorry.

I'm seeing two other crashes on 2.17.2 that go away if I roll back to 2.17.0

   rhythmbox crashing almost always when I hit play
   sound-juicer crashing early - either immediately or part way through the first track.

in both cases these have been in gailtreeview.c (update_call_value and tree_view_ref_child) with bad 'renderers' pointer and 'renderers_list' respectively.

This is on x86-64.

I'm seeing segfaults in Eclipse (non-Ubuntu-packaged) when opening comboboxes, at /build/buildd/gtk+2.0-2.17.2/gtk/gtkcombobox.c:1703 - this is in cell_view_is_sensitive(GtkCellView *cell_view) whilst trying to iterate the result of gtk_cell_view_get_cell_renderers(cell_view)

This is particularly easy to reproduce in Evolution, when using the listbox to switch between different accounts in the "from" field of a new email. In this case, it segfaults in cell_view_is_sensitive, rather than tree_view_is_sensitive. Backtrace attached.

Anecdotally, 32 bit environments don't seem to suffer this - based on a quick poll of a few karmic using folk, all the 64 bit users see it, none of the 32 bit ones do.

I'm confused by the removal of these tags. This seems like a pretty clear metabug, and the previous comment certainly gives reason to think that 'amd64' is also correct?

Hi guys,

the problem is the use of the deprecated function get_cell_renderers. Instances of the bugs are in
- gtk file chooser in the location bar, the drop down tooltip for completion segfaults,
- evince, the drop down list widget to change the zoom makes the app segfault
- epiphany, the url bar would somtime segfaults when showing possible completions
- .. much more.

cherry picking the following commits from upstream fixes all these issues:

http://git.gnome.org/cgit/gtk+/commit/?id=d51132e5846d93d15a9a35e4b2cbade1008078fb
http://git.gnome.org/cgit/gtk+/commit/?id=c12a8388f6f88477c0fcf52d66287d744d40929d
http://git.gnome.org/cgit/gtk+/commit/?id=3bf1c7adadb1fda69e63fc6fe0f3698d937a1b80

Since the issues are already fixed upstream I don't think a bug report is necessary.

Best,

Kim:

Assuming those cherrypicks fix the crashes, doesn't that still mean that the deprecated function is still broken and should be reported/fixed?

It's not broken, it's gone.

You have:

+#ifndef GTK_DISABLE_DEPRECATED
GList *gtk_cell_view_get_cell_renderers (GtkCellView *cell_view);
+#endif

in gtkcellview.h (and of course GTK_DISABLE_DEPREATED is enabled during compilation).
The code is still there so the there is no linking error but now every use of the function as a
return type of int. (the default type for functions in C) instead of GList*. I guess the segfaults
only occur on amd64 since on this arch sizeof(void*) is 8 and sizeof(int) is 4, so the higher 4 bytes
of the pointer gets truncated. This would explain why the segfaults do not occur 100% of the time
(when the old function returns an address which fits on 4 bytes then everything is fine).

Anyway, these functions are not used upstream anymore by gtk itself but other libs might still use them
(and thus compile without GTK_DISABLE_DEPRECATED) so there really isn't anything to report upstream.

So, I have duplicates under this bug for nm-applet and pidgin and
empathy, should I remove them as duplicates and ask for the projects
to stop using deprecated functions?

On Tue, Jul 7, 2009 at 9:25 AM, Kim Nguyễn<email address hidden> wrote:
> It's not broken, it's gone.
>
> You have:
>
> +#ifndef GTK_DISABLE_DEPRECATED
> GList *gtk_cell_view_get_cell_renderers (GtkCellView *cell_view);
> +#endif
>
> in gtkcellview.h (and of course GTK_DISABLE_DEPREATED is enabled during compilation).
> The code is still there so the there is no linking error but now every use of the function as a
> return type of int. (the default type for functions in C) instead of GList*. I guess the segfaults
> only occur on amd64 since on this arch sizeof(void*) is 8 and sizeof(int) is 4, so the higher 4 bytes
> of the pointer gets truncated. This would explain why the segfaults do not occur 100% of the time
> (when the old function returns an address which fits on 4 bytes then everything is fine).
>
> Anyway, these functions are not used upstream anymore by gtk itself but other libs might still use them
> (and thus compile without GTK_DISABLE_DEPRECATED) so there really isn't anything to report upstream.
>
> --
> Applications segfault with gtk+ version 2.17.2 when selecting listbox values
> https://bugs.launchpad.net/bugs/391398
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>

Are the deprecated functions really used by nm-applet and pidgin or is it only gtk which is segfaulting ?

A quick grep in the pidgin source code shows that at least pidgin is not using gtk_cell_view_get_cell_renderers.

With gtk currently compiled as it is in Karmic, *any* program which uses a drop down list might segfault on amd64.

not really sure, but I've got backtraces with debugging symbols if you wanna check it out. empathy was crashing with gail_tree_view_ref_child(). Pidgin has been stable for me for a day or so, and I've switched to kde until this is fixed. Still using pidgin however, and it seems fine. The nm-applet crash seems to be in gail as well.

Bug #395210 empathy crashes in gail_tree_view_ref_child()
Bug #395340 pidgin crashes in IA__g_slice_free_chain_with_offset()
Bug #395198 nm-applet crashes.

* Gary Trakhman (<email address hidden>) wrote:
> not really sure, but I've got backtraces with debugging symbols if you
> wanna check it out. empathy was crashing with
> gail_tree_view_ref_child(). Pidgin has been stable for me for a day or
> so, and I've switched to kde until this is fixed. Still using pidgin
> however, and it seems fine. The nm-applet crash seems to be in gail as

sound-juicer and rhythmbox were also crashing gail_tree code for me.
It was looking like it was running down a bad pointer (I think
I put some traces in an earlier message).

I really don't like the idea of saying this is due to something
deprecated and having basically all earlier Gnome binaries break -
then we need compatibility libraries adding, a bump in version
numbers of libraries and changed dependencies.

Dave

--
 -----Open up your eyes, open up your mind, open up your code -------
/ Dr. David Alan Gilbert | Running GNU/Linux on Alpha,68K| Happy \
\ gro.gilbert @ treblig.org | MIPS,x86,ARM,SPARC,PPC & HPPA | In Hex /
 \ _________________________|_____ http://www.treblig.org |_______/

What?

removing deprecated code is a major goal toward gtk 3.0 so this has to be done. Note that *none* of the applications are broken because of the deprecation, you don't need a compatibility library and they don't need
to be updated (at least not as far as this bug is concerned).
All the applications are broken because there is a *bug* in gtk 2.17.2 namely it uses internally a deprecated api which in turn cause the problem of pointer cast I mentioned above. This has already been fixed upstream.
Glitches like this are bound too happen, 2.17.x *is* a developpement release.

so there's nothing to be done, just wait for changes to trickle down?

On Tue, Jul 7, 2009 at 7:13 PM, Kim Nguyễn<email address hidden> wrote:
> What?
>
> removing deprecated code is a major goal toward gtk 3.0 so this has to be done. Note that *none* of the applications are broken because of the deprecation, you don't need a compatibility library and they don't need
> to be updated (at least not as far as this bug is concerned).
> All the applications are broken because there is a *bug* in gtk 2.17.2 namely it uses internally a deprecated api which in turn cause the problem of pointer cast I mentioned above. This has already been fixed upstream.
> Glitches like this are bound too happen, 2.17.x *is* a developpement release.
>
> --
> Applications segfault with gtk+ version 2.17.2 when selecting listbox values
> https://bugs.launchpad.net/bugs/391398
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>

Kim: Deprecated API is only removed when 3.0 is released, not in releases leading up to 3.0

However, are you saying this bug is because GTK+ was using the deprecated API but also building with GTK_DISABLE_DEPRECATED or are you saying the deprecated API is completely gone and/or broken? If it is the former those patches will fix this bug. If it is the latter the GTK+ maintainers are smoking crack and someone probably needs to hit them with a cluebat.

> Kim: Deprecated API is only removed when 3.0 is released, not in releases leading up to 3.

This is an *development* release leading to 3.0. From my understanding deprecation is done in two steps.
1) Deprecate only the header, not the code. This way new programs don't use the old function and old programs can still be compiled without GTK_DISABLE_DEPRECATED. Incidentally, gtk itself is compiled (always for an development branch) with GTK_DISABLE_DEPRECATED in order to spot deprecated code paths and not use them internally. This is what is done in 2.17.x I believe.

2) Removal of deprecated code. Old program using the deprecated function won't compile anymore. This will happen in the unstable leading to 3.0 (perhaps 2.19.x ?).

So to sum up. GTK *internally* was still using a depreacted function in 2.17.2 despite compiling with GTK_DISABLE_DEPRECATED, hence the segfaults. Bummer, developpment releases are precisely done for this puropose, testing new features and bug reporting. No one should complain about this. The bug was fixed upstream even before this bugreport was filled. The package is lagging a bit behind but considering the huge change that 2.17.3 is (integration of the client-side-window branch in particular, which breaks the directfb port and still has a few rendering glitches), one can hardly blame the debian/ubuntu package maintainers for not uploading this version yet.

I have tested the three patches against the current 2.17.2 in karmic. I have uploaded the patched packages in a ppa I just opened, they are queued for building and should be ready sometime today.

>If it is the latter the GTK+ maintainers are smoking crack and someone probably needs to hit them with a cluebat.

This is a bugtracker, not a forum, please refrain from doing such comments, it only add to the noise.
Everyone is welcome to try the new packages when they are built:

https://launchpad.net/~kim.nguyen/+archive/ppa

Fundamentally, one might say that the bug is in the definition of the C language itself, allowing undeclared functions to still compile, otherwise this problem would have been easily spotted with a build failure.

with the ppa, i get even more crashes, can't even run synaptic now :-)
I guess kde or back to jaunty for me.

That's very strange I haven't had a single segfault since the upgrade. Would you mind posting a backtrace of
synaptic ?

I tried do do a backtrace.. notice it says "GKT_CELL_LAYOUT" instead
of GTK. looks like a typo?

Starting program: /usr/sbin/synaptic
[Thread debugging using libthread_db enabled]
/usr/sbin/synaptic: symbol lookup error:
/usr/lib/gtk-2.0/modules/libgail.so: undefined symbol: GKT_CELL_LAYOUT

Program exited with code 0177.
(gdb) backtrace full
No stack.
(gdb) info registers
The program has no registers now.
(gdb) thread apply all backtrace
(gdb) quit

On Wed, Jul 8, 2009 at 3:28 PM, Kim Nguyễn<email address hidden> wrote:
> That's very strange I haven't had a single segfault since the upgrade. Would you mind posting a backtrace of
> synaptic ?
>
> --
> Applications segfault with gtk+ version 2.17.2 when selecting listbox values
> https://bugs.launchpad.net/bugs/391398
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>

same problem with empathy:

empathy: symbol lookup error: /usr/lib/gtk-2.0/modules/libgail.so:
undefined symbol: GKT_CELL_LAYOUT

On Wed, Jul 8, 2009 at 3:46 PM, Grigory Trakhman<email address hidden> wrote:
> I tried do do a backtrace.. notice it says "GKT_CELL_LAYOUT" instead
> of GTK.  looks like a typo?
>
>
> Starting program: /usr/sbin/synaptic
> [Thread debugging using libthread_db enabled]
> /usr/sbin/synaptic: symbol lookup error:
> /usr/lib/gtk-2.0/modules/libgail.so: undefined symbol: GKT_CELL_LAYOUT
>
> Program exited with code 0177.
> (gdb) backtrace full
> No stack.
> (gdb) info registers
> The program has no registers now.
> (gdb) thread apply all backtrace
> (gdb) quit
>
>
> On Wed, Jul 8, 2009 at 3:28 PM, Kim Nguyễn<email address hidden> wrote:
>> That's very strange I haven't had a single segfault since the upgrade. Would you mind posting a backtrace of
>> synaptic ?
>>
>> --
>> Applications segfault with gtk+ version 2.17.2 when selecting listbox values
>> https://bugs.launchpad.net/bugs/391398
>> You received this bug notification because you are a direct subscriber
>> of a duplicate bug.
>>
>

HAaaa the typo is actually upstream it seems:

http://git.gnome.org/cgit/gtk+/commit/?id=3bf1c7adadb1fda69e63fc6fe0f3698d937a1b80

towards the end.

It's only in libgail. Could you try disabling assistive technologies and see if it still segfaults ?
System/Preferences/Assistive Technologies and untick enable assistive tech.

I'll upload a new version of the package to fix it and report upstream to.

woot, it works.

On Wed, Jul 8, 2009 at 4:21 PM, Kim Nguyễn<email address hidden> wrote:
> HAaaa the typo is actually upstream it seems:
>
> http://git.gnome.org/cgit/gtk+/commit/?id=3bf1c7adadb1fda69e63fc6fe0f3698d937a1b80
>
> towards the end.
>
> It's only in libgail. Could you try disabling assistive technologies and see if it still segfaults ?
> System/Preferences/Assistive Technologies and untick enable assistive tech.
>
> I'll upload a new version of the package to fix it and report upstream
> to.
>
> --
> Applications segfault with gtk+ version 2.17.2 when selecting listbox values
> https://bugs.launchpad.net/bugs/391398
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>

As a matter of fact, this typo as well as a few others were fixed by commit:
http://git.gnome.org/cgit/gtk+/commit/?id=1a385c50f041cdcc8ee88b27af85094901c2b05d

I'll add it to the package.

The packages are built, I have been running all day with the patched gtk lib and no segfaults. Feel free to try them out.

I'm running the packages from Kim's ppa. No crashes choosing list boxes in Transmission or Firefox.

Same here; thanks Kim! Yay, I can use Eclipse again without having to worry about losing my code changes every time I go and select a drop down list.

Thanks a million!

the 2.17.3 tarball is available now and will be uploaded to karmic

the issue should be fixed with 2.27.3 in karmic

Just updated; 2.17.3 seems to work nicely.

Dave