FS#40778 : [gcolor2] GTK color picker segfault

FS#40778 - [gcolor2] GTK color picker segfault

Attached to Project: Community Packages
Opened by Jeff (jgmdev) - Tuesday, 10 June 2014, 02:08 GMT
Last edited by Florian Pritz (bluewind) - Sunday, 06 July 2014, 17:49 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Florian Pritz (bluewind)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:

The native gtk color selection dialog is crashing if the color picker button is pressed. The crash happens in any application that uses the native color selector dialog picker like: gcolor2, geany color chooser plugin, etc...

Steps to reproduce:

1. Install gcolor2
2. Run gcolor2
3. Click color picker

Valgrind output of above steps:

$ valgrind gcolor2
==1444== Memcheck, a memory error detector
==1444== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==1444== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==1444== Command: gcolor2
==1444==
==1444== Syscall param open(filename) points to unaddressable byte(s)
==1444== at 0x6195590: __open_nocancel (in /usr/lib/libc-2.19.so)
==1444== by 0x612EB01: _IO_file_open (in /usr/lib/libc-2.19.so)
==1444== by 0x612EC8F: _IO_file_fopen@@GLIBC_2.2.5 (in /usr/lib/libc-2.19.so)
==1444== by 0x6123C83: __fopen_internal (in /usr/lib/libc-2.19.so)
==1444== by 0x404B40: ??? (in /usr/bin/gcolor2)
==1444== by 0x4046B8: ??? (in /usr/bin/gcolor2)
==1444== by 0x60D8FFF: (below main) (in /usr/lib/libc-2.19.so)
==1444== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==1444==
==1444== Invalid write of size 4
==1444== at 0x6E4794B: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6E47F40: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6DEB44F: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6E62E9F: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6E34696: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6DF3EEB: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6DECE48: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6DE5D24: cairo_fill (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0xE0B8A4E: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so)
==1444== by 0xE0CAC19: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so)
==1444== by 0xE0C2947: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so)
==1444== by 0x4F9D854: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.23)
==1444== Address 0xffeffbef8 is on thread 1's stack
==1444==
==1444== Invalid read of size 4
==1444== at 0x6E44E3F: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6E46A27: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6E4797B: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6E47F40: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6DEB44F: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6E62E9F: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6E34696: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6DF3EEB: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6DECE48: ??? (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0x6DE5D24: cairo_fill (in /usr/lib/libcairo.so.2.11200.16)
==1444== by 0xE0B8A4E: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so)
==1444== by 0xE0CAC19: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so)
==1444== Address 0xffeffbef8 is on thread 1's stack
==1444==
==1444== Conditional jump or move depends on uninitialised value(s)
==1444== at 0xE0D091B: murrine_draw_expander (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so)
==1444== by 0xE0C079B: ??? (in /usr/lib/gtk-2.0/2.10.0/engines/libmurrine.so)
==1444== by 0x4EFE8EF: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.23)
==1444== by 0x4F5F434: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.23)
==1444== by 0x5B71351: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.4000.0)
==1444== by 0x5B82B1A: ??? (in /usr/lib/libgobject-2.0.so.0.4000.0)
==1444== by 0x5B8A718: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.4000.0)
==1444== by 0x5B8AD01: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.4000.0)
==1444== by 0x506EFE3: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.23)
==1444== by 0x4EE8387: gtk_container_propagate_expose (in /usr/lib/libgtk-x11-2.0.so.0.2400.23)
==1444== by 0x4EB4AD9: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.23)
==1444== by 0x4EE6F13: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2400.23)
==1444==
==1444== Stack overflow in thread 1: can't grow stack to 0xffe801fd8
==1444==
==1444== Process terminating with default action of signal 11 (SIGSEGV)
==1444== Access not within mapped region at address 0xFFE801FD8
==1444== at 0x61230FF: _IO_file_doallocate (in /usr/lib/libc-2.19.so)
==1444== If you believe this happened as a result of a stack
==1444== overflow in your program's main thread (unlikely but
==1444== possible), you can try to increase the size of the
==1444== main thread stack using the --main-stacksize= flag.
==1444== The main thread stack size used in this run was 8388608.
==1444== Stack overflow in thread 1: can't grow stack to 0xffe801fd0
==1444==
==1444== Process terminating with default action of signal 11 (SIGSEGV)
==1444== Access not within mapped region at address 0xFFE801FD0
==1444== at 0x4A236C0: _vgnU_freeres (in /usr/lib/valgrind/vgpreload_core-amd64-linux.so)
==1444== If you believe this happened as a result of a stack
==1444== overflow in your program's main thread (unlikely but
==1444== possible), you can try to increase the size of the
==1444== main thread stack using the --main-stacksize= flag.
==1444== The main thread stack size used in this run was 8388608.
==1444==
==1444== HEAP SUMMARY:
==1444== in use at exit: 4,424,190 bytes in 142,278 blocks
==1444== total heap usage: 1,350,088 allocs, 1,207,810 frees, 291,908,217 bytes allocated
==1444==
==1444== LEAK SUMMARY:
==1444== definitely lost: 3,840 bytes in 6 blocks
==1444== indirectly lost: 17,920 bytes in 748 blocks
==1444== possibly lost: 74,419 bytes in 1,073 blocks
==1444== still reachable: 4,132,435 bytes in 139,562 blocks
==1444== suppressed: 0 bytes in 0 blocks
==1444== Rerun with --leak-check=full to see details of leaked memory
==1444==
==1444== For counts of detected and suppressed errors, rerun with: -v
==1444== Use --track-origins=yes to see where uninitialised values come from
==1444== ERROR SUMMARY: 6 errors from 4 contexts (suppressed: 1 from 1)
Segmentation fault (core dumped)

This task depends upon

Closed by Florian Pritz (bluewind)
Sunday, 06 July 2014, 17:49 GMT
Reason for closing: Works for me

Comment by Florian Pritz (bluewind) - Tuesday, 10 June 2014, 07:42 GMT

"like: gcolor2, geany color chooser plugin, etc..." don't put gcolor2 in the subject then. Looks like your theme or the murrine engine could be the problem. Try changing both, the theme and engine you use.

Comment by Jeff (jgmdev) - Tuesday, 10 June 2014, 15:30 GMT

I didn't put gcolor2 in subject, it was added by last editor. It doesn't affects only that application, but any application that uses the gtk color picker widget.

I made sure to use another theme before submitting this bug, but just in case I changed my theme to Adwaita and this is the trimmed output of valgrind:

$ valgrind gcolor2
==1451== Memcheck, a memory error detector
==1451== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==1451== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==1451== Command: gcolor2
==1451==
==1451== Syscall param open(filename) points to unaddressable byte(s)
==1451== at 0x6195590: __open_nocancel (in /usr/lib/libc-2.19.so)
==1451== by 0x612EB01: _IO_file_open (in /usr/lib/libc-2.19.so)
==1451== by 0x612EC8F: _IO_file_fopen@@GLIBC_2.2.5 (in /usr/lib/libc-2.19.so)
==1451== by 0x6123C83: __fopen_internal (in /usr/lib/libc-2.19.so)
==1451== by 0x404B40: ??? (in /usr/bin/gcolor2)
==1451== by 0x4046B8: ??? (in /usr/bin/gcolor2)
==1451== by 0x60D8FFF: (below main) (in /usr/lib/libc-2.19.so)
==1451== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==1451==
==1451== Stack overflow in thread 1: can't grow stack to 0xffe801fc8
==1451==
==1451== Process terminating with default action of signal 11 (SIGSEGV)
==1451== Access not within mapped region at address 0xFFE801FC8
==1451== at 0x61230FF: _IO_file_doallocate (in /usr/lib/libc-2.19.so)

The applications that I mentioned used gtk2, so I found that gcolor was rewritten to use gtk3 and theres a pkgbuild on aur https://aur.archlinux.org/packages/gcolor3/ that I installed to test and the problem is also present on gtk3.

Here the valgrind output with gcolor3:

$ valgrind gcolor3
==4852== Memcheck, a memory error detector
==4852== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==4852== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==4852== Command: gcolor3
==4852==

(gcolor3:4852): Gtk-CRITICAL **: gtk_box_pack: assertion 'gtk_widget_get_parent (child) == NULL' failed

(gcolor3:4852): Gtk-WARNING **: Theme file for Adwaita has no name

(gcolor3:4852): Gtk-WARNING **: Theme file for Adwaita has no directories

==4852== Invalid write of size 4
==4852== at 0x713F94B: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x713FF40: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x70E344F: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x715AE9F: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x712C696: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x71315AF: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x7131FDE: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x712C696: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x70EBEEB: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x70E4E48: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x70DDD24: cairo_fill (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x4F5DB79: ??? (in /usr/lib/libgtk-3.so.0.1200.2)
==4852== Address 0xffeffe1b8 is on thread 1's stack
==4852==
==4852== Invalid read of size 4
==4852== at 0x713CE3F: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x713EA27: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x713F97B: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x713FF40: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x70E344F: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x715AE9F: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x712C696: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x71315AF: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x7131FDE: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x712C696: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x70EBEEB: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== by 0x70E4E48: ??? (in /usr/lib/libcairo.so.2.11200.16)
==4852== Address 0xffeffe1b8 is on thread 1's stack
==4852==
==4852== Stack overflow in thread 1: can't grow stack to 0xffe801ff8
==4852==
==4852== Process terminating with default action of signal 11 (SIGSEGV)
==4852== Access not within mapped region at address 0xFFE801FF8
==4852== at 0x600EFB1: _IO_setb (in /usr/lib/libc-2.19.so)

Anyway it seems the valgrind output isn't been any useful without the debugging symbols.

Comment by Doug Newgard (Scimmia) - Tuesday, 10 June 2014, 15:41 GMT

""like: gcolor2, geany color chooser plugin, etc..." don't put gcolor2 in the subject then. Looks like your theme or the murrine engine could be the problem. Try changing both, the theme and engine you use."

That's my fault. I missed the line you quoted and was looking at the steps to reproduce.

Comment by Florian Pritz (bluewind) - Wednesday, 11 June 2014, 09:40 GMT

You could try rebuilding cairo with debug symbols and then asking upstream what's going on.

https://wiki.archlinux.org/index.php/Debug_-_Getting_Traces

Comment by Jeff (jgmdev) - Friday, 13 June 2014, 14:40 GMT

I suspect this issue is caused by some update to gtk+ libraries, since applications that make use of them are often crashing on me, like gimp, firefox and even openoffice is crashing. Kcolorchooser (which uses QT) works perfectly. All this segmentation faults are occurring after some upgrade which I don't remember when it was.

I need to compile gtk+ with debugging symbols but haven't found the time.

Comment by Jeff (jgmdev) - Saturday, 21 June 2014, 18:57 GMT

While troubleshooting this issue, I compiled gtk2/3 with debug symbols (valgrind: culprit wasn't gtk libraries), boot with LTS kernel, did a re-install of all packages fresh from repository, but I was still getting segfaults, but still was getting segfaults.

This segfaults and bugs include:

* using a color picker
* Write file name on a Save as dialog
* Firefox
* Netbeans interface not displaying the text/font (edit - found this is related to https://bugs.archlinux.org/task/40871)

This all is happening on gnome3 with radeon 6670 graphics card. So I decided to install xfce4 and everything was working as expected, none of the bugs mentioned before where happening, I'm still not sure what was causing this issue but it surely is something to do with gnome3 and radeon, the same setup on a intel laptop wasn't causing all the bugs I mentioned.

Comment by Jeff (jgmdev) - Sunday, 06 July 2014, 17:17 GMT

Doing a clean arch install fixed the issue, maybe this bug should be closed.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#40778 - [gcolor2] GTK color picker segfault

Details

Loading...