Bug#507097: Segmentation fault in GtkTrayIcon

Thu Nov 27 23:51:11 UTC 2008

Package: libgtk2.0-0
Version: 2.12.11-4
Severity: important
Tags: patch

When using epiphany-gecko, downloading files to disk causes a tray icon
to appear to notify that file(s) are being downloaded.

However, every two or three downloads makes Epiphany segfault. I
installed the necessary debug packages and got the following backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f97ffbf5780 (LWP 10475)]
0x00007f97fa5be376 in gtk_tray_icon_manager_filter
(xevent=0x7fff07d34f20, event=0x2c32e70, user_data=<value optimized
out>) at /scratch/build-area/gtk+2.0-2.12.11/gtk/gtktrayicon-x11.c:236
236	/scratch/build-area/gtk+2.0-2.12.11/gtk/gtktrayicon-x11.c: No
such file or directory.
	in /scratch/build-area/gtk+2.0-2.12.11/gtk/gtktrayicon-x11.c
	(gdb) bt
#0  0x00007f97fa5be376 in gtk_tray_icon_manager_filter
	(xevent=0x7fff07d34f20, event=0x2c32e70, user_data=<value
	optimized out>) at
	/scratch/build-area/gtk+2.0-2.12.11/gtk/gtktrayicon-x11.c:236
#1  0x00007f97f9eac09a in gdk_event_translate (display=0xf65000,
	event=0x2c32e70, xevent=0x7fff07d34f20, return_exposes=0) at
	/scratch/build-area/gtk+2.0-2.12.11/gdk/x11/gdkevents-x11.c:345
#2  0x00007f97f9eadb87 in _gdk_events_queue (display=0xf65000) at
	/scratch/build-area/gtk+2.0-2.12.11/gdk/x11/gdkevents-x11.c:2285
#3  0x00007f97f9eadf5e in gdk_event_dispatch (source=<value optimized
	out>, callback=0x2c32e70, user_data=0x1c) at
	/scratch/build-area/gtk+2.0-2.12.11/gdk/x11/gdkevents-x11.c:2345
#4  0x00007f97f80ba78b in g_main_context_dispatch () from
	/usr/lib/libglib-2.0.so.0
#5  0x00007f97f80bdf5d in ?? () from /usr/lib/libglib-2.0.so.0
#6  0x00007f97f80be11b in g_main_context_iteration () from
	/usr/lib/libglib-2.0.so.0
#7  0x00007f97f269dcad in nsBaseAppShell::DoProcessNextNativeEvent
	(this=0x7fff07d34f20, mayWait=46345840) at
	nsBaseAppShell.cpp:151
#8  0x00007f97f269de5e in nsBaseAppShell::OnProcessNextEvent
	(this=0x27d5500, thr=0xfc14d0, mayWait=0, recursionDepth=<value
	optimized out>) at nsBaseAppShell.cpp:278
#9  0x00007f97f274348d in nsThread::ProcessNextEvent (this=0xfc14d0,
	mayWait=0, result=0x7fff07d3522c) at nsThread.cpp:497
#10 0x00007f97f271959a in NS_ProcessPendingEvents_P (thread=0xfc14d0,
	timeout=20) at nsThreadUtils.cpp:180
#11 0x00007f97f269df80 in nsBaseAppShell::NativeEventCallback
	(this=0x27d5500) at nsBaseAppShell.cpp:121
#12 0x00007f97f268a8dc in nsAppShell::EventProcessorCallback
	(source=<value optimized out>, condition=<value optimized out>,
	data=0x27d5500) at nsAppShell.cpp:69
#13 0x00007f97f80ba78b in g_main_context_dispatch () from
	/usr/lib/libglib-2.0.so.0
#14 0x00007f97f80bdf5d in ?? () from /usr/lib/libglib-2.0.so.0
#15 0x00007f97f80be48d in g_main_loop_run () from
	/usr/lib/libglib-2.0.so.0
#16 0x00007f97fa46d737 in IA__gtk_main () at
	/scratch/build-area/gtk+2.0-2.12.11/gtk/gtkmain.c:1163
#17 0x000000000043a730 in main (argc=1, argv=<value optimized out>) at
	/tmp/buildd/epiphany-browser-2.22.3/src/ephy-main.c:753

(gdb) p icon
$1 = (GtkTrayIcon *) 0x2044220
(gdb) p icon->priv
$2 = (GtkTrayIconPrivate *) 0x0

I can reproduce this easily by simply right clicking on links and
choosing "Save Link As". It appears to work for the first 2-3
downloads and a tray icon appears, but then it segfaults in the
aforementioned fashion.

The files I downloaded to cause the segfault have all been small and
seeing that icon->priv was NULL then the download had completed and the
GtkTrayIconPrivate instance freed in the middle of something.

Anyway, I attach a patch which appears to fix my problem, but I'm not
confident it's the "correct" fix, and I haven't been able to thoroughly
test it. Comments welcome!

Kind regards,

-- 
Jonny Lamb, UK
jonny at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20081127/2783e5eb/attachment.pgp 