Reproducible crash when using gtk2 2.18.0

blueprint · September 24, 2009, 9:47am

Hi,

The following program:

-=-=—=-=—=-=—=-=–
require ‘gtk2’
Gtk::Window.new.show_all.signal_connect(“delete-event”) { |e,w|
w.window.cursor = Gdk::Cursor.new(Gdk::Cursor::WATCH) }
Gtk.main
-=-=—=-=—=-=—=-=–

crashes when trying to close the window, when used with gtk 2.18.0
runtime (or a late 2.17.x), but not with gtk 2.16.1 or 2.14.3 (glib
being 2.22.0). rg2 versions tried were 0.19.0, 0.19.1, and 019.2; we
also tried to recompile rg2 against gtk 2.18.0, all that make no
differences. export GDK_NATIVE_WINDOWS=1 also makes no difference.
Valgrind[1] says the crash is related to something in gdk/X:

==1833== Invalid read of size 4
==1833== at 0x4F091DD: XAddExtension (in /usr/lib/libX11.so.6.2.0)
==1833== by 0x5CDBDC6: _XcursorGetDisplayInfo (in
/usr/lib/libXcursor.so.1.0.2)
==1833== by 0x5CDC48A: XcursorGetDefaultSize (in
/usr/lib/libXcursor.so.1.0.2)
==1833== by 0x5CDEACD: XcursorLibraryLoadCursor (in
/usr/lib/libXcursor.so.1.0.2)
==1833== by 0x5CDEBAA: XcursorShapeLoadCursor (in
/usr/lib/libXcursor.so.1.0.2)
==1833== by 0x5B98111: _gdk_x11_cursor_update_theme
(gdkcursor-x11.c:587)
==1833== by 0x5BBB3DC: gdk_window_x11_set_cursor
(gdkwindow-x11.c:2738)
==1833== by 0x5B846B5: update_cursor (gdkwindow.c:8735)
==1833== by 0x5B8722F: gdk_window_set_cursor (gdkwindow.c:7666)
==1833== by 0x478A84F: g_object_set_property (in
/usr/lib/libgobject-2.0.so.0.2200.0)
==1833== by 0x4750734: ??? (in
/usr/lib/ruby/site_ruby/1.8/i586-linux/glib2.so)
==1833== by 0x4062CF1: call_cfunc (eval.c:5771)
==1833== Address 0x74050453 is not stack’d, malloc’d or (recently)
free’d

(libX11R6 is 1.2.1 and libXcursor is 1.1.9 but downgrading these makes
no difference)

but the equivalent program in C doesn’t crash:

-=-=—=-=—=-=—=-=–
#include <gtk/gtk.h>

static void setcursor( GtkWidget *widget, gpointer data ) {
GdkCursor *cursor = gdk_cursor_new(GDK_WATCH);
GdkWindow *win = widget->window;
gdk_window_set_cursor(win, cursor);
}

int main( int argc, char *argv[] ) {
GtkWidget *window;
gtk_init (&argc, &argv);
window = gtk_window_new (GTK_WINDOW_TOPLEVEL);
gtk_widget_show_all(window);
g_signal_connect (G_OBJECT (window), “delete_event”, G_CALLBACK
(setcursor), NULL);
gtk_main ();
return 0;
}
-=-=—=-=—=-=—=-=–

I also tried to rewrite the setcursor function to use
g_object_set_property, but it makes no difference (it still doesn’t
crash in C):

-=-=—=-=—=-=—=-=–
GValue item = { 0, };
g_value_init (&item, G_TYPE_POINTER);
GdkCursor *cursor = gdk_cursor_new(GDK_WATCH);
GdkWindow *win = widget->window;
g_value_set_pointer(&item, cursor);
g_object_set_property(G_OBJECT(win), “cursor”, &item);
-=-=—=-=—=-=—=-=–

(though I am not sure how to choose the G_TYPE in such a case)

I guess there is something specific with how rg2 “uses” gtk but it’s
difficult to say from that point on… It would be useful to have a
means to automatically generate the exact equivalent of C calls to gtk
from a rg2-based program (I know, this is idealistic).

Anyway, any idea maybe, someone?

[1] valgrind --tool=memcheck --suppressions=/tmp/valgrind-ruby.supp[2]
ruby test.rb

[2]
http://cvs.m17n.org/viewcvs/ruby/valgrind-ruby/valgrind-ruby.supp?revision=1.3&view=markup
(don’t forget to have debugging symbols available for
suppressions to work properly)

–
Guillaume C. - http://zarb.org/~gc/

blueprint · September 24, 2009, 12:25pm

Guillaume C. wrote:

Hi,

The following program:

-=-=—=-=—=-=—=-=–
require ‘gtk2’
Gtk::Window.new.show_all.signal_connect(“delete-event”) { |e,w|
w.window.cursor = Gdk::Cursor.new(Gdk::Cursor::WATCH) }
Gtk.main
-=-=—=-=—=-=—=-=–

This is what I get with ruby 1.8.6p383, rg2-0.19.2, each time I click on
close button.

(eval): line 2
Gdk-CRITICAL **:gdk_cursor_ref: assertion `cursor->ref_count > 0’
failed

but no crash.

LANGUAGE=C aptitude show libgtk2.0-dev

Package: libgtk2.0-dev
New: yes
State: installed
Automatically installed: no
Version: 2.18.0-1

If it can help you.

Simon

blueprint · September 24, 2009, 12:26pm

Simon A. wrote:

This is what I get with ruby 1.8.6p383, rg2-0.19.2, each time I click on
close button.

Forgot to say, both built from sources after aptitude updates.

simon

blueprint · September 27, 2009, 6:16am

Hi,

In [email protected]
“[ruby-gnome2-devel-en] reproducible crash when using gtk2 2.18.0” on
Thu, 24 Sep 2009 09:46:22 +0200,
Guillaume C. [email protected] wrote:

runtime (or a late 2.17.x), but not with gtk 2.16.1 or 2.14.3 (glib
being 2.22.0).

I’ve fixed it in trunk.
You doesn’t need to use set_cursor instead of cursor=.

Thanks,

kou

blueprint · September 24, 2009, 12:53pm

Guillaume C. wrote:

-=-=—=-=—=-=—=-=–
require ‘gtk2’
Gtk::Window.new.show_all.signal_connect(“delete-event”) { |e,w|
w.window.cursor = Gdk::Cursor.new(Gdk::Cursor::WATCH) }
Gtk.main
-=-=—=-=—=-=—=-=–

Btw, with set_cursor, it works as expected, here.
w.window.set_cursor Gdk::Cursor.new(Gdk::Cursor::WATCH)

I couldn’t find where cursor= is defined in my little research.

I also noticed, I can interchange w and e, and it still works
Either |e,w| or |w,e| works the same.
Someone knows why ?

regards

Simon

blueprint · September 27, 2009, 10:00am

crashes when trying to close the window, when used with gtk 2.18.0
runtime (or a late 2.17.x), but not with gtk 2.16.1 or 2.14.3 (glib
being 2.22.0).

I’ve fixed it in trunk.

Thanks Kou. That said, a specific workaround in rg2 potentially means
more crashes in corner cases. So I’ve investigated a bit more and I
think the problem was in rbgobj_valuetypes.c:

gpointer
rbgobj_ptr2cptr(ptr)
VALUE ptr;
{
#ifdef RBGOBJ_USE_DLPTR
return rb_dlptr2cptr(ptr);
#else
gpointer dest;
if (rb_obj_is_kind_of(ptr, GTYPE2CLASS(G_TYPE_POINTER))){
Data_Get_Struct(ptr, void, dest);
} else if (rb_obj_is_kind_of(ptr, rb_cObject)){

    dest = (gpointer)ptr;
} else{
    rb_raise(rb_eTypeError, "not a pointer object");
}
return dest;

#endif
}

–
Guillaume C. - Guillaume Cottenceau

blueprint · September 29, 2009, 2:11pm

Hi,

In [email protected]
“Re: [ruby-gnome2-devel-en] reproducible crash when using gtk2 2.18.0”
on Sun, 27 Sep 2009 10:02:57 +0200,
Guillaume C. [email protected] wrote:

Thanks Kou. That said, a specific workaround in rg2 potentially means
e,A e,A gpointer dest;
}

So I guess the problem is the “gpointer” type of cursor property in
GdkWindow is too imprecise for rg2, or at least for rg2’s
implementation of properties use. Mistake or not, I don’t know, but
I’ve filed in gnome bugzilla:

Bug 596494 – New property "cursor" in 2.18's GdkWindow with wrong type?

Thanks! The bug item makes sense!

–
kou

blueprint · September 27, 2009, 10:03am

Grmbl, too fast posting!

On Sun, Sep 27, 2009 at 9:59 AM, Guillaume C.
[email protected] wrote:

gpointer
// ************ problem is this cast ***********
dest = (gpointer)ptr;
} else{
rb_raise(rb_eTypeError, “not a pointer object”);
}
return dest;
#endif
}

So I guess the problem is the “gpointer” type of cursor property in
GdkWindow is too imprecise for rg2, or at least for rg2’s
implementation of properties use. Mistake or not, I don’t know, but
I’ve filed in gnome bugzilla:

https://bugzilla.gnome.org/show_bug.cgi?id=596494

–
Guillaume C. - Guillaume Cottenceau