Bug#515946: libxi6 2:1.2.0-2 makes iceweasel and midori crash

Wed Aug 12 13:14:36 UTC 2009

On Wed, May 27, 2009 at 17:58:08 +0200, Vincent Lefevre wrote:

> And the backtrace of previous execution (without valgrind):
> 
> vin:~> gdb =midori core
> GNU gdb 6.8-debian
> [...]
> Core was generated by `midori'.
> Program terminated with signal 11, Segmentation fault.
> [New process 10943]
> #0  _gdk_x11_screen_process_owner_change (screen=0x0, event=0x7fffe53b6900)
>     at /scratch/build-area/gtk+2.0-2.16.1/gdk/x11/gdkscreen-x11.c:1124
> 1124    /scratch/build-area/gtk+2.0-2.16.1/gdk/x11/gdkscreen-x11.c: No such file or directory.
>         in /scratch/build-area/gtk+2.0-2.16.1/gdk/x11/gdkscreen-x11.c

this is:
  Atom xcm_selection_atom = gdk_x11_atom_to_xatom_for_display (screen_x11->display,
                                                               screen_x11->cm_selection_atom);

and screen_x11 is NULL.  It might be worth printing *event, too.

> (gdb) bt
> #0  _gdk_x11_screen_process_owner_change (screen=0x0, event=0x7fffe53b6900)
>     at /scratch/build-area/gtk+2.0-2.16.1/gdk/x11/gdkscreen-x11.c:1124
> #1  0x00007feadc5103e4 in gdk_event_translate (display=0x1bb10a0, 
>     event=0x1c27ea0, xevent=0x7fffe53b6900, return_exposes=0)
>     at /scratch/build-area/gtk+2.0-2.16.1/gdk/x11/gdkevents-x11.c:2093

eww. gdk_event_translate() is a freaking monster...
the relevant code seems to be:

  window = NULL;
[...]
  get_real_window (display, xevent, &xwindow, &filter_xwindow);

  window = gdk_window_lookup_for_display (display, xwindow);
[...]
  if (window && !GDK_IS_WINDOW (window))
    window = NULL;
[...]
  if (window)
    {
      screen = GDK_WINDOW_SCREEN (window);
      screen_x11 = GDK_SCREEN_X11 (screen);
      toplevel = _gdk_x11_window_get_toplevel (window);
    }
[...]

      if (xevent->type - display_x11->xfixes_event_base == XFixesSelectionNotify)        {
          XFixesSelectionNotifyEvent *selection_notify = (XFixesSelectionNotifyEvent *)xevent;
          _gdk_x11_screen_process_owner_change (screen, xevent);

and we crash here with a NULL screen.  No clue why the libXi bump gets
gtk confused over a fixes event...  cc:ing the gtk maintainers.

According to your xtrace dump the event is something like
000:>:00df: Event XFIXES SelectionNotify(116) subtype=set owner(0x00) window=0x00600001 owner=0x00000000 selection=0x1("PRIMARY") timestamp=0xe9facbed selectionTimestamp=0xe9facbed

One thing you might be able to do is try to spot a difference in xtrace
dumps between the working and broken cases?

> #2  0x00007feadc5108b7 in _gdk_events_queue (display=0x1bb10a0)
>     at /scratch/build-area/gtk+2.0-2.16.1/gdk/x11/gdkevents-x11.c:2298
> #3  0x00007feadc510c8e in gdk_event_dispatch (source=<value optimized out>, 
>     callback=0x7fffe53b6900, user_data=0x1bb10a0)
>     at /scratch/build-area/gtk+2.0-2.16.1/gdk/x11/gdkevents-x11.c:2358
> #4  0x00007feada4dbf7a in IA__g_main_context_dispatch (context=0x1bbd400)
>     at /tmp/cdt.XX50MgKl/build-area/glib2.0-2.20.1/glib/gmain.c:1814
> #5  0x00007feada4df640 in g_main_context_iterate (context=0x1bbd400, block=1, 
>     dispatch=1, self=<value optimized out>)
>     at /tmp/cdt.XX50MgKl/build-area/glib2.0-2.20.1/glib/gmain.c:2448
> #6  0x00007feada4dfb0d in IA__g_main_loop_run (loop=0x1ccfed0)
>     at /tmp/cdt.XX50MgKl/build-area/glib2.0-2.20.1/glib/gmain.c:2656
> #7  0x00007feadc81eb34 in IA__gtk_dialog_run (dialog=0x1bff050)
>     at /scratch/build-area/gtk+2.0-2.16.1/gtk/gtkdialog.c:1090
> #8  0x000000000041d653 in main ()
> 

Cheers,
Julien