Closed Bug 389801 Opened 18 years ago Closed 18 years ago

Firefox crashes with some GTK+ themes whose gtkrc contains GtkOptionMenu::indicator_size and GtkOptionMenu::indicator_spacing

Categories

(Core Graveyard :: GFX: Gtk, defect)

Product:
Core Graveyard
Component:
GFX: Gtk
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla1.9beta1

People

(Reporter: hwasung.kim, Assigned: fred)

References

(
URL
)

Details

(Keywords: crash, fixed1.8.0.14, fixed1.8.1.8)

Attachments

(1 file, 4 obsolete files)

better patch
484 bytes, patch
chpe
: review+
roc
: superreview+
dveditz
: approval1.8.1.8+
dveditz
: approval1.8.0.14+
roc
: approval1.9+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007072604 Minefield/3.0a7pre (Firefox 3) Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007072604 Minefield/3.0a7pre (Firefox 3) With a theme I metioned above, visiting a page contians a select element or opening the preferences window (which may contain dropdown menus) causes Firefox to crash or to be unresponsive. I commented out two lines (GtkOptionMenu::indicator_size and GtkOptionMenu::indicator_spacing) in gtkrc after I found the problem occured in 'moz_gtk_option_menu_get_metrics' function (in /widget/src/gtk2/gtk2drawing.c). Then no more crash. Reproducible: Always Steps to Reproduce: 1. change the gtk+ theme to a theme such as Nova, GSM, etc. 2. launch Minefield 3. visit a page contains a select element or open the preferences window Actual Results: crash or being unresponsive Expected Results: display normally Breakpad Crash Reports: d8e41d78-3b89-11dc-a4d7-001a4bd43ed6 66f1830f-3b7d-11dc-a9e1-001a4bd43ed6 dcb123ab-3b8a-11dc-aac2-001a4bd43e5c 0d0df6cc-3b8e-11dc-8d0d-001a4bd46e84 be0473eb-3b93-11dc-bb3d-001a4bd43ed6 b9adca70-3b8f-11dc-85e4-001a4bd43ed6 6dde5bee-3b96-11dc-9143-001a4bd43ef6 de24b097-3b97-11dc-a30b-001a4bd46e84
UUID 66f1830f-3b7d-11dc-a9e1-001a4bd43ed6 Time 2007-07-26 06:37:49.840000-07:00 Build ID 2007072604 OS Linux OS Version 0.0.0 Linux 2.6.22-8-generic #1 SMP Thu Jul 12 15:59:45 GMT 2007 i686 GNU/Linux CPU x86 CPU Info GenuineIntel family 2 model 2 stepping 4 Crash Reason SIGABRT Crash Address 0xffffe410 Stack of Crashing Thread frame signature 0 @0xffffe410 1 libc-2.6.so@0x2c1f0 2 libc-2.6.so@0x61e2b 3 libc-2.6.so@0x6d8fa 4 libglib-2.0.so.0.1307.0@0x36960 5 moz_gtk_option_menu_get_metrics 6 moz_gtk_widget_paint 7 ThemeRenderer::NativeDraw(_XDisplay*, unsigned long, Visual*, short, short, XRectangle*, unsigned int) 8 NativeRendering(void*, _XDisplay*, unsigned long, Visual*, short, short, XRectangle*, unsigned int) 9 cairo_draw_with_xlib
URL: http://bonsai.mozilla.org/cvsblame.cg...
Severity: normal → critical
Component: General → Widget: Gtk
Keywords: crash
Product: Firefox → Core
QA Contact: general → gtk
Version: unspecified → Trunk
Severity: critical → normal
Component: Widget: Gtk → General
QA Contact: gtk → general
Version: Trunk → unspecified
Component: General → GFX: Gtk
QA Contact: general → gtk
565 GtkBorder *tmp_indicator_spacing; 566 567 gtk_widget_style_get(gOptionMenuWidget, [...] 570 "indicator_spacing", &tmp_indicator_spacing, [...] 585 g_free(tmp_indicator_spacing); You have to use gtk_border_free() to free a GtkBorder* obtained with gtk_widget_style_get, not g_free().
And similarly you need to use gtk_requisition_free to free the GtkRequisition* tmp_indicator_size.
Attached patch like this? (obsolete) — Splinter Review
Assignee: nobody → timeless
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #274406 - Flags: review?(chpe)
Attached patch more like this? (obsolete) — Splinter Review
Attachment #274406 - Attachment is obsolete: true
Attachment #274408 - Flags: review?(chpe)
Attachment #274406 - Flags: review?(chpe)
Comment on attachment 274408 [details] [diff] [review] more like this? You need to null-check, since neither they don't accept null, in contrast to g_free.
Attachment #274408 - Flags: review?(chpe) → review-
Attached patch details... (obsolete) — Splinter Review
Attachment #274408 - Attachment is obsolete: true
Attachment #274410 - Flags: review?(chpe)
Comment on attachment 274410 [details] [diff] [review] details... You mixed them up, used gtk_border_free in the if() of the GtkRequisition, and likewise for the other one too ;)
Attachment #274410 - Flags: review?(chpe) → review-
Attachment #274410 - Attachment is obsolete: true
Attachment #274430 - Flags: review?(chpe)
Attachment #274430 - Flags: review?(chpe) → review+
Comment on attachment 274430 [details] [diff] [review] ok, patching whlie sleepy is bad? roc: could you please approve this for 1.9?
Attachment #274430 - Flags: superreview?(roc)
Attachment #274430 - Flags: superreview?(roc) → superreview+
Attachment #274430 - Flags: approval1.9?
I'd like to but I technically I can't.
Comment on attachment 274430 [details] [diff] [review] ok, patching whlie sleepy is bad? okay, now I can.
Attachment #274430 - Flags: approval1.9? → approval1.9+
attachment 274430 [details] [diff] [review] is buggy : -there is a typo in gtk_requistion_free(tmp_indicator_size); and from checking gtk code, I'm not sure there is a need to use gtk_requisition_free, since it is just a call to g_free. Anyway, it is not needed to check for null when calling gtk_requisition_free -gtk_requisition_free on gtk+ 2.11.x is calling g_slide_free which does accept NULL as a parameter (it just doesn't do anything).
You're right, I read the gslice macros wrongly and thought they didn't accept NULL on free. gtk_requisition_free is the right function to call, NOT g_free.
Attached patch better patchSplinter Review
Attachment #274430 - Attachment is obsolete: true
Flags: blocking1.9?
Comment on attachment 279879 [details] [diff] [review] better patch Requesting review on this patch... the patch says it's for gfx/src/gtk/gtk2drawing.c, but that file doesn't exist on trunk, as it seems it was moved to widget/src/gtk2/gtk2drawing.c.
Attachment #279879 - Flags: superreview?(roc)
Attachment #279879 - Flags: review?(chpe)
According to https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/129007, this is a top-crasher for Ubuntu.
Attachment #279879 - Flags: review?(chpe) → review+
Attachment #279879 - Flags: superreview?(roc)
Attachment #279879 - Flags: superreview+
Attachment #279879 - Flags: approval1.9+
Assignee: timeless → fcrozat
Status: ASSIGNED → NEW
Keywords: checkin-needed
Target Milestone: --- → mozilla1.9 M9
Checking in widget/src/gtk2/gtk2drawing.c; /cvsroot/mozilla/widget/src/gtk2/gtk2drawing.c,v <-- gtk2drawing.c new revision: 1.32; previous revision: 1.31 done
Status: NEW → RESOLVED
Closed: 18 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Attachment #279879 - Flags: approval1.8.1.8?
Attachment #279879 - Flags: approval1.8.0.14?
Comment on attachment 279879 [details] [diff] [review] better patch approved for 1.8.1.8 and 1.8.0.14, a=dveditz for release-drivers
Attachment #279879 - Flags: approval1.8.1.8?
Attachment #279879 - Flags: approval1.8.1.8+
Attachment #279879 - Flags: approval1.8.0.14?
Attachment #279879 - Flags: approval1.8.0.14+
MOZILLA_1_8_BRANCH: Checking in gfx/src/gtk/gtk2drawing.c; /cvsroot/mozilla/gfx/src/gtk/Attic/gtk2drawing.c,v <-- gtk2drawing.c new revision: 1.15.8.3; previous revision: 1.15.8.2 done MOZILLA_1_8_0_BRANCH: Checking in gfx/src/gtk/gtk2drawing.c; /cvsroot/mozilla/gfx/src/gtk/Attic/gtk2drawing.c,v <-- gtk2drawing.c new revision: 1.15.8.2.4.1; previous revision: 1.15.8.2 done
Keywords: fixed1.8.0.14, fixed1.8.1.8
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: