! Please note that this is a snapshot of our old Bugzilla server, which is read only since May 29, 2020. Please go to gitlab.xfce.org for our new server !
Crash with SIGSEGV in libgtk-3.so
Status:
RESOLVED: FIXED
Product:
Xfce4-screenshooter
Component:
General

Comments

Description Paul Menzel 2019-08-07 13:00:59 CEST
After upgrading some GTK+, gtkmm, and GLib components, xfce4-screenshooter crashes now in `libgtk-3.so.0.2404.6`. GTK+ upstream says, it is a dangling GtkWidget * pointer that's been freed elsewhere [1]. It only happens when using *Select a region*.

Rebuilding xfce4-screenshooter from git does not help. With `./configure --enable-debug=full` the GDB output looks like below.

(gdb) run
Starting program: /dev/shm/xfce4-screenshooter/src/xfce4-screenshooter 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
TRACE[lib/screenshooter-utils.c:130] screenshooter_read_rc_file(): Open the rc file
TRACE[lib/screenshooter-utils.c:136] screenshooter_read_rc_file(): Read the entries
TRACE[lib/screenshooter-utils.c:158] screenshooter_read_rc_file(): Close the rc file
TRACE[lib/screenshooter-utils.c:165] screenshooter_read_rc_file(): Set the values of the struct
[New Thread 0x7fffeb035700 (LWP 14261)]
[New Thread 0x7fffea834700 (LWP 14262)]
[New Thread 0x7fffe8f82700 (LWP 14263)]
TRACE[lib/screenshooter-capture.c:1394] screenshooter_capture_screenshot(): Let the user select the region to screenshot
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:569] cb_button_pressed(): Left button pressed
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.
TRACE[lib/screenshooter-capture.c:705] cb_motion_notify(): Mouse is moving with left button pressed
TRACE[lib/screenshooter-capture.c:506] cb_draw(): Draw event received.

Thread 1 "xfce4-screensho" received signal SIGSEGV, Segmentation fault.
0x00007ffff6e74f16 in gtk_widget_destroy (widget=0x804270)
    at /dev/shm/bee-root/gtk3/gtk3-3.24.10-0/source/gtk/gtkwidget.c:4770
4770	  g_return_if_fail (GTK_IS_WIDGET (widget));
(gdb) set pagination off
(gdb) l
4765	 * See also: gtk_container_remove()
4766	 */
4767	void
4768	gtk_widget_destroy (GtkWidget *widget)
4769	{
4770	  g_return_if_fail (GTK_IS_WIDGET (widget));
4771	
4772	  if (!widget->priv->in_destruction)
4773	    g_object_run_dispose (G_OBJECT (widget));
4774	}
(gdb) bt
#0  0x00007ffff6e74f16 in gtk_widget_destroy (widget=0x804270) at /dev/shm/bee-root/gtk3/gtk3-3.24.10-0/source/gtk/gtkwidget.c:4770
#1  0x000000000040c951 in get_rectangle_screenshot_composited (delay=4) at lib/screenshooter-capture.c:963
#2  0x000000000040dbc9 in screenshooter_capture_screenshot (region=3, delay=4, show_mouse=1, plugin=0) at lib/screenshooter-capture.c:1398
#3  0x000000000040a49f in take_screenshot_idle (sd=0x431600) at lib/screenshooter-actions.c:136
#4  0x00007ffff4a5ff25 in g_main_dispatch (context=0x475280) at ../source/glib/gmain.c:3189
#5  g_main_context_dispatch (context=context@entry=0x475280) at ../source/glib/gmain.c:3854
#6  0x00007ffff4a602c8 in g_main_context_iterate (context=0x475280, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../source/glib/gmain.c:3927
#7  0x00007ffff4a605d2 in g_main_loop_run (loop=0x653ae0) at ../source/glib/gmain.c:4123
#8  0x00007ffff6d40515 in gtk_main () at /dev/shm/bee-root/gtk3/gtk3-3.24.10-0/source/gtk/gtkmain.c:1323
#9  0x000000000040a01b in main (argc=1, argv=0x7fffffffe7d8) at src/main.c:337
(gdb) frame 1
#1  0x000000000040c951 in get_rectangle_screenshot_composited (delay=4) at lib/screenshooter-capture.c:963
963	  gtk_widget_destroy (rbdata.size_window);
(gdb) l
958	                                             rbdata.rectangle.width,
959	                                             rbdata.rectangle.height,
960	                                             delay);
961	
962	  cleanup:
963	  gtk_widget_destroy (rbdata.size_window);
964	  gdk_seat_ungrab (seat);
965	  gdk_display_flush (display);
966	
967	  return screenshot;
(gdb) bt f
#0  0x00007ffff6e74f16 in gtk_widget_destroy (widget=0x804270) at /dev/shm/bee-root/gtk3/gtk3-3.24.10-0/source/gtk/gtkwidget.c:4770
        __inst = 0x804270
        __t = 4724816
        __r = <optimized out>
        _g_boolean_var_ = <optimized out>
        __func__ = "gtk_widget_destroy"
#1  0x000000000040c951 in get_rectangle_screenshot_composited (delay=4) at lib/screenshooter-capture.c:963
        window = 0x773940
        rbdata = {left_pressed = 1, rubber_banding = 1, cancelled = 0, move_rectangle = 0, anchor = 0, x = 862, y = 445, x_root = 862, y_root = 445, rectangle = {x = 862, y = 445, width = 415, height = 181}, size_window = 0x804270, size_label = 0x44f8d0}
        screenshot = 0x781980
        res = GDK_GRAB_SUCCESS
        seat = 0x462680
        xhair_cursor = 0x560d40
        display = 0x44f0e0
        screen_geometry = {x = 10, y = 0, width = 1920, height = 1080}
#2  0x000000000040dbc9 in screenshooter_capture_screenshot (region=3, delay=4, show_mouse=1, plugin=0) at lib/screenshooter-capture.c:1398
        screenshot = 0x0
        window = 0x0
        screen = 0x456020
        display = 0x44f0e0
        border = 8337664
        needs_unref = 1
        __func__ = "screenshooter_capture_screenshot"
#3  0x000000000040a49f in take_screenshot_idle (sd=0x431600) at lib/screenshooter-actions.c:136
No locals.
#4  0x00007ffff4a5ff25 in g_main_dispatch (context=0x475280) at ../source/glib/gmain.c:3189
        dispatch = 0x7ffff4a5c970 <g_idle_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x431600
        callback = 0x40a471 <take_screenshot_idle>
        cb_funcs = 0x7ffff4d2d920 <g_source_callback_funcs>
        cb_data = 0x7f3820
        need_destroy = <optimized out>
        source = 0x5c2810
        current = 0x4d57a0
        i = 1
        current = <optimized out>
        i = <optimized out>
        source = <optimized out>
        _g_boolean_var_ = <optimized out>
        was_in_call = <optimized out>
        user_data = <optimized out>
        callback = <optimized out>
        cb_funcs = <optimized out>
        cb_data = <optimized out>
        need_destroy = <optimized out>
        dispatch = <optimized out>
        prev_source = <optimized out>
        _g_boolean_var_ = <optimized out>
#5  g_main_context_dispatch (context=context@entry=0x475280) at ../source/glib/gmain.c:3854
No locals.
#6  0x00007ffff4a602c8 in g_main_context_iterate (context=0x475280, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../source/glib/gmain.c:3927
        max_priority = 200
        timeout = 0
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = 3
        fds = 0x79af40
#7  0x00007ffff4a605d2 in g_main_loop_run (loop=0x653ae0) at ../source/glib/gmain.c:4123
        self = <optimized out>
        __FUNCTION__ = "g_main_loop_run"
#8  0x00007ffff6d40515 in gtk_main () at /dev/shm/bee-root/gtk3/gtk3-3.24.10-0/source/gtk/gtkmain.c:1323
        loop = 0x653ae0
#9  0x000000000040a01b in main (argc=1, argv=0x7fffffffe7d8) at src/main.c:337
        cli_error = 0x0
        default_save_dir = 0x4bcd20
        rc_file = 0x4b57e0 "/home/pmenzel/.config/xfce4/xfce4-screenshooter"
        conflict_error = 0x4172b8 "Conflicting options: --%s and --%s cannot be used at the same time.\n"
        ignore_error = 0x417318 "The --%s option is only used when --fullscreen, --window or --region is given. It will be ignored.\n"
        sd = 0x431600
        __func__ = "main"

[1]: https://gitlab.gnome.org/GNOME/gtk/issues/2083
Comment 1 Paul Menzel 2019-08-07 13:40:21 CEST
Using a different window manager, awesome WM in this case, I am unable to reproduce this.
Comment 2 Paul Menzel 2019-08-07 13:45:59 CEST
Disabling *Enable display compositing* in *Window Manager Tweaks* also works around the problem.
Comment 3 Andre Miranda editbugs 2019-08-11 04:21:34 CEST
Created attachment 8864 
possible-fix.diff

Please let me know if the attached patch fixes the problem for you.
Comment 4 Paul Menzel 2019-08-12 10:20:31 CEST
Thank you for looking into this. Your patch indeed fixes the issue.

Do you have an idea, what caused it to only show up now? Did compositing not work before?
Comment 5 Paul Menzel 2019-08-12 12:34:04 CEST
And could you reproduce it on your system?
Comment 6 Git Bot editbugs 2019-08-14 05:10:38 CEST
Andre Miranda referenced this bugreport in commit 696501cd594821dd779820b2aecd1e60fdc7a3d2

Avoid destroying size window twice (Bug #15792)

https://git.xfce.org/apps/xfce4-screenshooter/commit?id=696501cd594821dd779820b2aecd1e60fdc7a3d2
Comment 7 Andre Miranda editbugs 2019-08-14 05:11:16 CEST
(In reply to Paul Menzel from comment #4)
> Thank you for looking into this. Your patch indeed fixes the issue.
> 
> Do you have an idea, what caused it to only show up now? Did compositing not
> work before?
No idea.

(In reply to Paul Menzel from comment #5)
> And could you reproduce it on your system?
No, but the code is wrong trying to destroy a widget twice.
Comment 8 Andre Miranda editbugs 2019-08-26 01:36:32 CEST
*** Bug 15742 has been marked as a duplicate of this bug. ***

Bug #15792

Reported by:
Paul Menzel
Reported on: 2019-08-07
Last modified on: 2019-08-26
Duplicates (1):
  • 15742 rbdata.size_window : core dumped with latest versions of Gtk

People

Assignee:
Xfce Bug Triage
CC List:
2 users

Version

Attachments

possible-fix.diff (750 bytes, patch)
2019-08-11 04:21 CEST , Andre Miranda
no flags

Additional information