Bug#927162: gnome-shell segfaults in libst-1.0.so
Simon McVittie
smcv at debian.org
Wed Apr 17 00:13:16 BST 2019
On Tue, 16 Apr 2019 at 15:13:56 -0700, Eloston wrote:
> After looking at the TopIcons code at the line indicated in journalctl, I am
> able to reproduce the crash with the following:
>
> 1. Open Looking Glass (lg)
> 2. Run the following:
>
> a = new St.Widget();
> a.destroy();
> a.get_theme_node();
>
> After running the third line, gnome-shell will crash.
This is undefined behaviour (i.e. incorrect code): nothing should be
calling methods on a widget that has been destroyed. Ideally, it
would just log a warning and carry on, instead of crashing (and that's
what the upstream patch that I'm testing does), but nothing is going to
make this correct.
Looking at line 121 in the top-icons-plus extension, what I would expect
should happen is that in response to the destroy signal emitted by the
icon's destroy() method, everything else stops trying to do anything with
the icon (in particular, stops trying to draw it, which would involve
calling get_theme_node() on it). I'm not sure yet why that doesn't happen.
It might be a bug in the top-icons-plus extension, or a bug elsewhere in
GNOME Shell.
smcv
More information about the pkg-gnome-maintainers
mailing list