Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Firefox crashes with some GTK+ themes whose gtkrc contains GtkOptionMenu::indicator_size and GtkOptionMenu::indicator_spacing

RESOLVED FIXED in mozilla1.9beta1

Status

Core Graveyard
GFX: Gtk
RESOLVED FIXED
10 years ago
7 years ago

People

(Reporter: Hwasung Kim, Assigned: Frederic Crozat)

Tracking

({crash, fixed1.8.0.14, fixed1.8.1.8})

unspecified
mozilla1.9beta1
x86
Linux
crash, fixed1.8.0.14, fixed1.8.1.8
Bug Flags:
blocking1.9 ?

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment, 4 obsolete attachments)

484 bytes, patch
Christian Persch (GNOME) (away; not receiving bug mail)
: review+
Details | Diff | Splinter Review
(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007072604 Minefield/3.0a7pre (Firefox 3)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007072604 Minefield/3.0a7pre (Firefox 3)

With a theme I metioned above, visiting a page contians a select element or opening the preferences window (which may contain dropdown menus) causes Firefox to crash or to be unresponsive.

I commented out two lines (GtkOptionMenu::indicator_size and GtkOptionMenu::indicator_spacing) in gtkrc after I found the problem occured in 'moz_gtk_option_menu_get_metrics' function (in /widget/src/gtk2/gtk2drawing.c). Then no more crash.

Reproducible: Always

Steps to Reproduce:
1. change the gtk+ theme to a theme such as Nova, GSM, etc.
2. launch Minefield
3. visit a page contains a select element or open the preferences window
Actual Results:  
crash or being unresponsive

Expected Results:  
display normally

Breakpad Crash Reports:
d8e41d78-3b89-11dc-a4d7-001a4bd43ed6
66f1830f-3b7d-11dc-a9e1-001a4bd43ed6
dcb123ab-3b8a-11dc-aac2-001a4bd43e5c
0d0df6cc-3b8e-11dc-8d0d-001a4bd46e84
be0473eb-3b93-11dc-bb3d-001a4bd43ed6
b9adca70-3b8f-11dc-85e4-001a4bd43ed6
6dde5bee-3b96-11dc-9143-001a4bd43ef6
de24b097-3b97-11dc-a30b-001a4bd46e84

Comment 1

10 years ago
UUID	66f1830f-3b7d-11dc-a9e1-001a4bd43ed6
Time	2007-07-26 06:37:49.840000-07:00
Build ID	2007072604
OS	Linux
OS Version	0.0.0 Linux 2.6.22-8-generic #1 SMP Thu Jul 12 15:59:45 GMT 2007 i686 GNU/Linux
CPU	x86
CPU Info	GenuineIntel family 2 model 2 stepping 4
Crash Reason	SIGABRT
Crash Address	0xffffe410
Stack of Crashing Thread

frame	signature
0	@0xffffe410
1	libc-2.6.so@0x2c1f0
2	libc-2.6.so@0x61e2b
3	libc-2.6.so@0x6d8fa
4	libglib-2.0.so.0.1307.0@0x36960
5	moz_gtk_option_menu_get_metrics
6	moz_gtk_widget_paint
7	ThemeRenderer::NativeDraw(_XDisplay*, unsigned long, Visual*, short, short, XRectangle*, unsigned int)
8	NativeRendering(void*, _XDisplay*, unsigned long, Visual*, short, short, XRectangle*, unsigned int)
9	cairo_draw_with_xlib
Severity: normal → critical
Component: General → Widget: Gtk
Keywords: crash
Product: Firefox → Core
QA Contact: general → gtk
Version: unspecified → Trunk

Updated

10 years ago
Severity: critical → normal
Component: Widget: Gtk → General
QA Contact: gtk → general
Version: Trunk → unspecified

Updated

10 years ago
Component: General → GFX: Gtk
QA Contact: general → gtk
565 GtkBorder *tmp_indicator_spacing;
566                 
567 gtk_widget_style_get(gOptionMenuWidget,
[...]
570                      "indicator_spacing", &tmp_indicator_spacing,
[...]
585 g_free(tmp_indicator_spacing);

You have to use gtk_border_free() to free a GtkBorder* obtained with gtk_widget_style_get, not g_free().
And similarly you need to use gtk_requisition_free to free the GtkRequisition* tmp_indicator_size.

Comment 4

10 years ago
Created attachment 274406 [details] [diff] [review]
like this?
Assignee: nobody → timeless
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #274406 - Flags: review?(chpe)

Comment 5

10 years ago
Created attachment 274408 [details] [diff] [review]
more like this?
Attachment #274406 - Attachment is obsolete: true
Attachment #274408 - Flags: review?(chpe)
Attachment #274406 - Flags: review?(chpe)
Comment on attachment 274408 [details] [diff] [review]
more like this?

You need to null-check, since neither they don't accept null, in contrast to g_free.
Attachment #274408 - Flags: review?(chpe) → review-

Comment 7

10 years ago
Created attachment 274410 [details] [diff] [review]
details...
Attachment #274408 - Attachment is obsolete: true
Attachment #274410 - Flags: review?(chpe)
Comment on attachment 274410 [details] [diff] [review]
details...

You mixed them up, used gtk_border_free in the if() of the GtkRequisition, and likewise for the other one too ;)
Attachment #274410 - Flags: review?(chpe) → review-

Comment 9

10 years ago
Created attachment 274430 [details] [diff] [review]
ok, patching whlie sleepy is bad?
Attachment #274410 - Attachment is obsolete: true
Attachment #274430 - Flags: review?(chpe)
Attachment #274430 - Flags: review?(chpe) → review+

Comment 10

10 years ago
Comment on attachment 274430 [details] [diff] [review]
ok, patching whlie sleepy is bad?

roc: could you please approve this for 1.9?
Attachment #274430 - Flags: superreview?(roc)
Attachment #274430 - Flags: superreview?(roc) → superreview+

Updated

10 years ago
Attachment #274430 - Flags: approval1.9?
Duplicate of this bug: 394876
I'd like to but I technically I can't.
Comment on attachment 274430 [details] [diff] [review]
ok, patching whlie sleepy is bad?

okay, now I can.
Attachment #274430 - Flags: approval1.9? → approval1.9+
(Assignee)

Comment 14

10 years ago
attachment 274430 [details] [diff] [review] is buggy :
-there is a typo in gtk_requistion_free(tmp_indicator_size); and from checking gtk code, I'm not sure there is a need to use gtk_requisition_free, since it is just a  call to g_free. Anyway, it is not needed to check for null when calling gtk_requisition_free
-gtk_requisition_free on gtk+ 2.11.x is calling g_slide_free which does accept NULL as a parameter (it just doesn't do anything). 
You're right, I read the gslice macros wrongly and thought they didn't accept NULL on free.

gtk_requisition_free is the right function to call, NOT g_free.
(Assignee)

Comment 16

10 years ago
Created attachment 279879 [details] [diff] [review]
better patch
Attachment #274430 - Attachment is obsolete: true
Flags: blocking1.9?
Comment on attachment 279879 [details] [diff] [review]
better patch

Requesting review on this patch... the patch says it's for gfx/src/gtk/gtk2drawing.c, but that file doesn't exist on trunk, as it seems it was moved to widget/src/gtk2/gtk2drawing.c.
Attachment #279879 - Flags: superreview?(roc)
Attachment #279879 - Flags: review?(chpe)
According to https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/129007, this is a top-crasher for Ubuntu.
Attachment #279879 - Flags: review?(chpe) → review+
Attachment #279879 - Flags: superreview?(roc)
Attachment #279879 - Flags: superreview+
Attachment #279879 - Flags: approval1.9+
Assignee: timeless → fcrozat
Status: ASSIGNED → NEW
Keywords: checkin-needed
Target Milestone: --- → mozilla1.9 M9
Checking in widget/src/gtk2/gtk2drawing.c;
/cvsroot/mozilla/widget/src/gtk2/gtk2drawing.c,v  <--  gtk2drawing.c
new revision: 1.32; previous revision: 1.31
done
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Attachment #279879 - Flags: approval1.8.1.8?
Attachment #279879 - Flags: approval1.8.0.14?
Comment on attachment 279879 [details] [diff] [review]
better patch

approved for 1.8.1.8 and 1.8.0.14, a=dveditz for release-drivers
Attachment #279879 - Flags: approval1.8.1.8?
Attachment #279879 - Flags: approval1.8.1.8+
Attachment #279879 - Flags: approval1.8.0.14?
Attachment #279879 - Flags: approval1.8.0.14+
MOZILLA_1_8_BRANCH:

Checking in gfx/src/gtk/gtk2drawing.c;
/cvsroot/mozilla/gfx/src/gtk/Attic/gtk2drawing.c,v  <--  gtk2drawing.c
new revision: 1.15.8.3; previous revision: 1.15.8.2
done

MOZILLA_1_8_0_BRANCH:

Checking in gfx/src/gtk/gtk2drawing.c;
/cvsroot/mozilla/gfx/src/gtk/Attic/gtk2drawing.c,v  <--  gtk2drawing.c
new revision: 1.15.8.2.4.1; previous revision: 1.15.8.2
done
Keywords: fixed1.8.0.14, fixed1.8.1.8
Product: Core → Core Graveyard

Updated

7 years ago
You need to log in before you can comment on or make changes to this bug.