Bug#652073: a11y: Fix crash in treeview
Alban Browaeys
prahal at yahoo.com
Wed Dec 14 15:55:02 UTC 2011
Package: libgtk-3-0
Version: 3.2.2-3
Severity: normal
Dear Maintainer,
One iteration of this segfault is button press event (mouse click) on an
evolution account item in the mail sidebar (right or left click).
Crash or corruption which leads to crash ensue, valgrind gives;
==8654== Invalid read of size 4
==8654== at 0x9AD2865: model_row_changed (gtktreeviewaccessible.c:2001)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD208789: signal_emit_unlocked_R (gsignal.c:3272)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A4D1A2: gtk_tree_store_set_valist (gtktreestore.c:1164)
==8654== by 0x9A4D236: gtk_tree_store_set (gtktreestore.c:1193)
==8654== by 0x1E0DFED2: folder_tree_model_set_unread_count (em-folder-tree-model.c:456)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD208789: signal_emit_unlocked_R (gsignal.c:3272)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x1E0FFF37: flush_updates_idle_cb (mail-folder-cache.c:263)
==8654== by 0xDA8E0CE: g_main_context_dispatch (gmain.c:2442)
==8654== by 0xDA8E8C7: g_main_context_iterate.isra.19 (gmain.c:3076)
==8654== by 0xDA8EE01: g_main_loop_run (gmain.c:3284)
==8654== by 0x994BEEC: gtk_main (gtkmain.c:1362)
==8654== by 0x403079: main (main.c:688)
==8654== Address 0x42207770 is 32 bytes inside a block of size 40 free'd
==8654== at 0x4C26BCE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8654== by 0xDA7C239: g_hash_table_insert_internal (ghash.c:1108)
==8654== by 0x9AD3BAC: refresh_cell_index (gtktreeviewaccessible.c:3279)
==8654== by 0x9ABE6B3: gtk_cell_accessible_get_index_in_parent (gtkcellaccessible.c:99)
==8654== by 0x18539C37: ??? (in /usr/lib/gtk-3.0/modules/libatk-bridge.so)
==8654== by 0xD2080D8: signal_emit_unlocked_R (gsignal.c:3238)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD21219C: g_signal_emit_by_name (gsignal.c:3097)
==8654== by 0x9AD3048: focus_in (gtktreeviewaccessible.c:1957)
==8654== by 0x994CF67: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:85)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD208789: signal_emit_unlocked_R (gsignal.c:3272)
==8654== by 0xD211BE2: g_signal_emit_valist (gsignal.c:3013)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A79A98: gtk_widget_event_internal (gtkwidget.c:6132)
==8654== by 0x9A85F41: gtk_widget_send_focus_change (gtkwidget.c:14218)
==8654== by 0x9A8B36F: do_focus_change (gtkwindow.c:5978)
==8654== by 0x9A8C699: gtk_window_real_set_focus (gtkwindow.c:6217)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD2085BE: signal_emit_unlocked_R (gsignal.c:3310)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A60C95: gtk_tree_view_grab_focus (gtktreeview.c:8432)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD2085BE: signal_emit_unlocked_R (gsignal.c:3310)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A7ABC9: gtk_widget_grab_focus (gtkwidget.c:6415)
==8654== by 0x9A503C3: grab_focus_and_unset_draw_keyfocus (gtktreeview.c:2811)
==8654== by 0x9A61870: gtk_tree_view_button_press (gtktreeview.c:3171)
==8654== by 0x1E0E30F0: folder_tree_button_press_event (em-folder-tree.c:1292)
==8654== by 0x994CF67: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:85)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD2085BE: signal_emit_unlocked_R (gsignal.c:3310)
==8654== by 0xD211BE2: g_signal_emit_valist (gsignal.c:3013)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A79A98: gtk_widget_event_internal (gtkwidget.c:6132)
==8654== by 0x994C709: gtk_propagate_event (gtkmain.c:2624)
==8654== by 0x994CB0A: gtk_main_do_event (gtkmain.c:1889)
==8654== by 0x9E8F6A1: gdk_event_source_dispatch (gdkeventsource.c:360)
==8654==
^Z
(evolution:8654): GLib-WARNING **: Failed to read from child watch wake up pipe: Appel système interrompu
==8654== Invalid read of size 8
==8654== at 0x9AD3199: gtk_tree_view_accessible_ref_child (gtktreeviewaccessible.c:3252)
==8654== by 0x9AD3084: idle_cursor_changed (gtktreeviewaccessible.c:1889)
==8654== by 0x9E624DE: gdk_threads_dispatch (gdk.c:754)
==8654== by 0xDA8E0CE: g_main_context_dispatch (gmain.c:2442)
==8654== by 0xDA8E8C7: g_main_context_iterate.isra.19 (gmain.c:3076)
==8654== by 0xDA8EE01: g_main_loop_run (gmain.c:3284)
==8654== by 0x994BEEC: gtk_main (gtkmain.c:1362)
==8654== by 0x403079: main (main.c:688)
==8654== Address 0x42207750 is 0 bytes inside a block of size 40 free'd
==8654== at 0x4C26BCE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8654== by 0xDA7C239: g_hash_table_insert_internal (ghash.c:1108)
==8654== by 0x9AD3BAC: refresh_cell_index (gtktreeviewaccessible.c:3279)
==8654== by 0x9ABE6B3: gtk_cell_accessible_get_index_in_parent (gtkcellaccessible.c:99)
==8654== by 0x18539C37: ??? (in /usr/lib/gtk-3.0/modules/libatk-bridge.so)
==8654== by 0xD2080D8: signal_emit_unlocked_R (gsignal.c:3238)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD21219C: g_signal_emit_by_name (gsignal.c:3097)
==8654== by 0x9AD3048: focus_in (gtktreeviewaccessible.c:1957)
==8654== by 0x994CF67: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:85)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD208789: signal_emit_unlocked_R (gsignal.c:3272)
==8654== by 0xD211BE2: g_signal_emit_valist (gsignal.c:3013)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A79A98: gtk_widget_event_internal (gtkwidget.c:6132)
==8654== by 0x9A85F41: gtk_widget_send_focus_change (gtkwidget.c:14218)
==8654== by 0x9A8B36F: do_focus_change (gtkwindow.c:5978)
==8654== by 0x9A8C699: gtk_window_real_set_focus (gtkwindow.c:6217)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD2085BE: signal_emit_unlocked_R (gsignal.c:3310)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A60C95: gtk_tree_view_grab_focus (gtktreeview.c:8432)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD2085BE: signal_emit_unlocked_R (gsignal.c:3310)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A7ABC9: gtk_widget_grab_focus (gtkwidget.c:6415)
==8654== by 0x9A503C3: grab_focus_and_unset_draw_keyfocus (gtktreeview.c:2811)
==8654== by 0x9A61870: gtk_tree_view_button_press (gtktreeview.c:3171)
==8654== by 0x1E0E30F0: folder_tree_button_press_event (em-folder-tree.c:1292)
==8654== by 0x994CF67: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:85)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD2085BE: signal_emit_unlocked_R (gsignal.c:3310)
==8654== by 0xD211BE2: g_signal_emit_valist (gsignal.c:3013)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A79A98: gtk_widget_event_internal (gtkwidget.c:6132)
==8654== by 0x994C709: gtk_propagate_event (gtkmain.c:2624)
==8654== by 0x994CB0A: gtk_main_do_event (gtkmain.c:1889)
==8654== by 0x9E8F6A1: gdk_event_source_dispatch (gdkeventsource.c:360)
==8654==
==8654== Invalid read of size 8
==8654== at 0x9AD0AD4: cell_info_free (gtktreeviewaccessible.c:213)
==8654== by 0xDA7C239: g_hash_table_insert_internal (ghash.c:1108)
==8654== by 0x9ACF834: cell_info_new (gtktreeviewaccessible.c:3236)
==8654== by 0x9AD32F8: gtk_tree_view_accessible_ref_child (gtktreeviewaccessible.c:573)
==8654== by 0x9AD3084: idle_cursor_changed (gtktreeviewaccessible.c:1889)
==8654== by 0x9E624DE: gdk_threads_dispatch (gdk.c:754)
==8654== by 0xDA8E0CE: g_main_context_dispatch (gmain.c:2442)
==8654== by 0xDA8E8C7: g_main_context_iterate.isra.19 (gmain.c:3076)
==8654== by 0xDA8EE01: g_main_loop_run (gmain.c:3284)
==8654== by 0x994BEEC: gtk_main (gtkmain.c:1362)
==8654== by 0x403079: main (main.c:688)
==8654== Address 0x42207758 is 8 bytes inside a block of size 40 free'd
==8654== at 0x4C26BCE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8654== by 0xDA7C239: g_hash_table_insert_internal (ghash.c:1108)
==8654== by 0x9AD3BAC: refresh_cell_index (gtktreeviewaccessible.c:3279)
==8654== by 0x9ABE6B3: gtk_cell_accessible_get_index_in_parent (gtkcellaccessible.c:99)
==8654== by 0x18539C37: ??? (in /usr/lib/gtk-3.0/modules/libatk-bridge.so)
==8654== by 0xD2080D8: signal_emit_unlocked_R (gsignal.c:3238)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD21219C: g_signal_emit_by_name (gsignal.c:3097)
==8654== by 0x9AD3048: focus_in (gtktreeviewaccessible.c:1957)
==8654== by 0x994CF67: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:85)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD208789: signal_emit_unlocked_R (gsignal.c:3272)
==8654== by 0xD211BE2: g_signal_emit_valist (gsignal.c:3013)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A79A98: gtk_widget_event_internal (gtkwidget.c:6132)
==8654== by 0x9A85F41: gtk_widget_send_focus_change (gtkwidget.c:14218)
==8654== by 0x9A8B36F: do_focus_change (gtkwindow.c:5978)
==8654== by 0x9A8C699: gtk_window_real_set_focus (gtkwindow.c:6217)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD2085BE: signal_emit_unlocked_R (gsignal.c:3310)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A60C95: gtk_tree_view_grab_focus (gtktreeview.c:8432)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD2085BE: signal_emit_unlocked_R (gsignal.c:3310)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A7ABC9: gtk_widget_grab_focus (gtkwidget.c:6415)
==8654== by 0x9A503C3: grab_focus_and_unset_draw_keyfocus (gtktreeview.c:2811)
==8654== by 0x9A61870: gtk_tree_view_button_press (gtktreeview.c:3171)
==8654== by 0x1E0E30F0: folder_tree_button_press_event (em-folder-tree.c:1292)
==8654== by 0x994CF67: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:85)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD2085BE: signal_emit_unlocked_R (gsignal.c:3310)
==8654== by 0xD211BE2: g_signal_emit_valist (gsignal.c:3013)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A79A98: gtk_widget_event_internal (gtkwidget.c:6132)
==8654== by 0x994C709: gtk_propagate_event (gtkmain.c:2624)
==8654== by 0x994CB0A: gtk_main_do_event (gtkmain.c:1889)
==8654== by 0x9E8F6A1: gdk_event_source_dispatch (gdkeventsource.c:360)
==8654==
==8654== Invalid free() / delete / delete[] / realloc()
==8654== at 0x4C26BCE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8654== by 0xDA7C239: g_hash_table_insert_internal (ghash.c:1108)
==8654== by 0x9ACF834: cell_info_new (gtktreeviewaccessible.c:3236)
==8654== by 0x9AD32F8: gtk_tree_view_accessible_ref_child (gtktreeviewaccessible.c:573)
==8654== by 0x9AD3084: idle_cursor_changed (gtktreeviewaccessible.c:1889)
==8654== by 0x9E624DE: gdk_threads_dispatch (gdk.c:754)
==8654== by 0xDA8E0CE: g_main_context_dispatch (gmain.c:2442)
==8654== by 0xDA8E8C7: g_main_context_iterate.isra.19 (gmain.c:3076)
==8654== by 0xDA8EE01: g_main_loop_run (gmain.c:3284)
==8654== by 0x994BEEC: gtk_main (gtkmain.c:1362)
==8654== by 0x403079: main (main.c:688)
==8654== Address 0x42207750 is 0 bytes inside a block of size 40 free'd
==8654== at 0x4C26BCE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8654== by 0xDA7C239: g_hash_table_insert_internal (ghash.c:1108)
==8654== by 0x9AD3BAC: refresh_cell_index (gtktreeviewaccessible.c:3279)
==8654== by 0x9ABE6B3: gtk_cell_accessible_get_index_in_parent (gtkcellaccessible.c:99)
==8654== by 0x18539C37: ??? (in /usr/lib/gtk-3.0/modules/libatk-bridge.so)
==8654== by 0xD2080D8: signal_emit_unlocked_R (gsignal.c:3238)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD21219C: g_signal_emit_by_name (gsignal.c:3097)
==8654== by 0x9AD3048: focus_in (gtktreeviewaccessible.c:1957)
==8654== by 0x994CF67: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:85)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD208789: signal_emit_unlocked_R (gsignal.c:3272)
==8654== by 0xD211BE2: g_signal_emit_valist (gsignal.c:3013)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A79A98: gtk_widget_event_internal (gtkwidget.c:6132)
==8654== by 0x9A85F41: gtk_widget_send_focus_change (gtkwidget.c:14218)
==8654== by 0x9A8B36F: do_focus_change (gtkwindow.c:5978)
==8654== by 0x9A8C699: gtk_window_real_set_focus (gtkwindow.c:6217)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD2085BE: signal_emit_unlocked_R (gsignal.c:3310)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A60C95: gtk_tree_view_grab_focus (gtktreeview.c:8432)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD2085BE: signal_emit_unlocked_R (gsignal.c:3310)
==8654== by 0xD211E10: g_signal_emit_valist (gsignal.c:3003)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A7ABC9: gtk_widget_grab_focus (gtkwidget.c:6415)
==8654== by 0x9A503C3: grab_focus_and_unset_draw_keyfocus (gtktreeview.c:2811)
==8654== by 0x9A61870: gtk_tree_view_button_press (gtktreeview.c:3171)
==8654== by 0x1E0E30F0: folder_tree_button_press_event (em-folder-tree.c:1292)
==8654== by 0x994CF67: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:85)
==8654== by 0xD1F6803: g_closure_invoke (gclosure.c:774)
==8654== by 0xD2085BE: signal_emit_unlocked_R (gsignal.c:3310)
==8654== by 0xD211BE2: g_signal_emit_valist (gsignal.c:3013)
==8654== by 0xD211FB1: g_signal_emit (gsignal.c:3060)
==8654== by 0x9A79A98: gtk_widget_event_internal (gtkwidget.c:6132)
==8654== by 0x994C709: gtk_propagate_event (gtkmain.c:2624)
==8654== by 0x994CB0A: gtk_main_do_event (gtkmain.c:1889)
==8654== by 0x9E8F6A1: gdk_event_source_dispatch (gdkeventsource.c:360)
==8654==
Attached patch from upstream gtk-3-2 branch fixes it.
I tested it thus the 3.2.2-3.1 versioning of my packages.
Cheers,
Alban
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-rc5test0-00038-g373da0a (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libgtk-3-0 depends on:
ii libatk1.0-0 2.2.0-2
ii libc6 2.13-23
ii libcairo-gobject2 1.10.2-6.1
ii libcairo2 1.10.2-6.1
ii libcolord1 0.1.13-1
ii libcomerr2 1.42-1
ii libcups2 1.5.0-13
ii libfontconfig1 2.8.0-3
ii libfreetype6 2.4.8-1
ii libgcrypt11 1.5.0-3
ii libgdk-pixbuf2.0-0 2.24.0-1
ii libglib2.0-0 2.30.2-4
ii libgnutls26 2.12.14-4
ii libgssapi-krb5-2 1.10+dfsg~alpha1-6
ii libgtk-3-common 3.2.2-3.1
ii libk5crypto3 1.10+dfsg~alpha1-6
ii libkrb5-3 1.10+dfsg~alpha1-6
ii libpango1.0-0 1.29.4-2
ii libx11-6 2:1.4.4-4
ii libxcomposite1 1:0.4.3-2
ii libxcursor1 1:1.1.12-1
ii libxdamage1 1:1.1.3-2
ii libxext6 2:1.3.0-3
ii libxfixes3 1:5.0-4
ii libxi6 2:1.4.3-3
ii libxinerama1 2:1.1.1-3
ii libxrandr2 2:1.3.2-2
ii multiarch-support 2.13-23
ii shared-mime-info 0.90-1
ii zlib1g 1:1.2.5.dfsg-1
Versions of packages libgtk-3-0 recommends:
ii hicolor-icon-theme 0.12-1
ii libgtk-3-bin 3.2.2-3.1
Versions of packages libgtk-3-0 suggests:
ii gvfs 1.10.1-2
ii librsvg2-common 2.34.2-1
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: a11y_Fix-crash-in-treeview-debian.patch
Type: text/x-diff
Size: 1874 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20111214/f1f906f6/attachment.patch>
More information about the pkg-gnome-maintainers
mailing list