[Github-comments] [geany/geany] Segmentation fault with vte while quitting (#2457)

Alynx Zhou notifications at xxxxx
Thu Mar 19 07:27:04 UTC 2020 

>From https://bugzilla.opensuse.org/show_bug.cgi?id=1166820, user reported when quitting geany, a segmentation fault happened, and got such backtrace:

```
$ gdb /usr/bin/geany core
/usr/share/gdb/python/gdb/command/prompt.py:48: SyntaxWarning: "is not" with a literal. Did you mean "!="?
  if self.value is not '':
/usr/share/gdb/python/gdb/command/prompt.py:60: SyntaxWarning: "is not" with a literal. Did you mean "!="?
  if self.value is not '':
GNU gdb (GDB; openSUSE Tumbleweed) 8.3.1
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-suse-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.opensuse.org/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/geany...
Reading symbols from /usr/lib/debug/usr/bin/geany-1.36-2.1.x86_64.debug...
[New LWP 5507]
[New LWP 5514]
[New LWP 5513]
[New LWP 5523]
[New LWP 5522]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `geany debugsource'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f6f9d4d9722 in vte_start (widget=0x56253b412180) at vte.c:497
497				if (! vf->vte_terminal_spawn_sync(VTE_TERMINAL(widget), VTE_PTY_DEFAULT,
[Current thread is 1 (Thread 0x7f6f9b533140 (LWP 5507))]
(gdb) bt
#0  0x00007f6f9d4d9722 in vte_start (widget=0x56253b412180) at vte.c:497
#1  0x00007f6f9c72531e in g_cclosure_marshal_VOID__BOOLEANv (closure=<optimized out>, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x56253b4085c0)
    at ../gobject/gmarshal.c:272
#2  0x00007f6f9c7230e6 in _g_closure_invoke_va (closure=0x56253b4833f0, return_value=0x0, instance=0x56253b412180, args=0x7ffef715f070, n_params=1, param_types=0x56253b4085c0) at ../gobject/gclosure.c:873
#3  0x00007f6f9c73f428 in g_signal_emit_valist (instance=0x56253b412180, signal_id=<optimized out>, detail=0, var_args=var_args at entry=0x7ffef715f070) at ../gobject/gsignal.c:3306
#4  0x00007f6f9c73fbcf in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=detail at entry=0) at ../gobject/gsignal.c:3453
#5  0x00007f6f98c98f07 in vte::platform::Widget::emit_child_exited (status=9, this=0x56253b412020) at ../src/widget.hh:47
#6  vte::platform::Widget::dispose (this=0x56253b412020) at ../src/widget.cc:135
#7  vte::platform::Widget::dispose (this=0x56253b412020) at ../src/widget.cc:131
#8  vte_terminal_dispose (object=0x56253b412180) at ../src/vtegtk.cc:412
#9  0x00007f6f9c729a4e in g_object_run_dispose (object=0x56253b412180) at ../gobject/gobject.c:1130
#10 0x00007f6f9ccfe729 in gtk_widget_destroy (widget=<optimized out>) at gtkwidget.c:4776
#11 0x00007f6f9d5016eb in vte_close () at vte.c:402
#12 do_main_quit () at libmain.c:1353
#13 do_main_quit () at libmain.c:1274
#14 0x00007f6f9d503558 in main_quit () at libmain.c:1415
#15 0x00007f6f9d537e69 in on_window_delete_event (widget=widget at entry=0x56253aed0510, event=event at entry=0x56253b099710, gdata=<optimized out>) at callbacks.c:85
#16 0x00007f6f9ccb6a5b in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x56253adaf8b0, return_value=0x7ffef715f380, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x56253aa5ec90) at gtkmarshalers.c:129
#17 0x00007f6f9c7230e6 in _g_closure_invoke_va (closure=0x56253adaf8b0, return_value=0x7ffef715f380, instance=0x56253aed0510, args=0x7ffef715f450, n_params=1, param_types=0x56253aa5ec90) at ../gobject/gclosure.c:873
#18 0x00007f6f9c73f06a in g_signal_emit_valist (instance=0x56253aed0510, signal_id=<optimized out>, detail=0, var_args=var_args at entry=0x7ffef715f450) at ../gobject/gsignal.c:3306
#19 0x00007f6f9c73fbcf in g_signal_emit (instance=instance at entry=0x56253aed0510, signal_id=<optimized out>, detail=detail at entry=0) at ../gobject/gsignal.c:3453
#20 0x00007f6f9cd01c62 in gtk_widget_event_internal (event=0x56253b099710, widget=0x56253aed0510) at gtkwidget.c:7808
#21 gtk_widget_event_internal (widget=0x56253aed0510, event=0x56253b099710) at gtkwidget.c:7677
#22 0x00007f6f9ce42149 in gtk_main_do_event (event=0x56253b099710) at gtkmain.c:1818
#23 gtk_main_do_event (event=<optimized out>) at gtkmain.c:1687
#24 0x00007f6f9cbaf6e4 in _gdk_event_emit (event=0x56253b099710) at gdkevents.c:73
#25 _gdk_event_emit (event=0x56253b099710) at gdkevents.c:67
#26 0x00007f6f9cb7e1f2 in gdk_event_source_dispatch (source=source at entry=0x56253a99b1c0, callback=<optimized out>, user_data=<optimized out>) at gdkeventsource.c:367
#27 0x00007f6f9c633008 in g_main_dispatch (context=0x56253a99b2b0) at ../glib/gmain.c:3216
#28 g_main_context_dispatch (context=context at entry=0x56253a99b2b0) at ../glib/gmain.c:3881
#29 0x00007f6f9c633390 in g_main_context_iterate (context=0x56253a99b2b0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:3954
#30 0x00007f6f9c633663 in g_main_loop_run (loop=0x56253f429830) at ../glib/gmain.c:4148
#31 0x00007f6f9ce3bd75 in gtk_main () at gtkmain.c:1325
#32 0x00007f6f9d510104 in main_lib (argc=<optimized out>, argv=<optimized out>) at libmain.c:1259
#33 0x00007f6f9d5f7ceb in __libc_start_main (main=0x5625392e7050 <main>, argc=2, argv=0x7ffef715fa08, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffef715f9f8) at ../csu/libc-start.c:308
#34 0x00005625392e708a in _start () at ../sysdeps/x86_64/start.S:120
```

User said it can be reproduced with such steps:

- boot,
- login to openbox window manager,
- start a 'gnome-terminal',
- run 'geany somefile' (or with '&' to set it into background, no matter),
- wait until geany has come up,
- close geany via the 'X' of the window manager,
  or via menu 'File -> Quit' (doesn't matter which).
--> Segmentation fault (core dumped)

But I failed to reproduce it, while user can not reproduce it if he create another system account.

I've read it and some code, seems `vte_close()` called `g_free(vf);` and `gtk_widget_destroy(vc->vte);`, `gtk_widget_destroy(vc->vte);` will make vte emit `child-exited` event because it will kill child process while disposing, and there are `g_signal_connect(vte, "child-exited", G_CALLBACK(vte_start), NULL);`  in `create_vte()`, and then go to `#0` of backtrace.

But if so, I should be able to reproduce it, another strange thing is that gdb shows that `vf`, `vc->vte` are all valid, I don't know why, if dispose is called, at least `vf` should be freed.

I'll try to update if I get some new idea.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/geany/geany/issues/2457
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.geany.org/pipermail/github-comments/attachments/20200319/63acb923/attachment-0001.htm>

More information about the Github-comments mailing list