Unity

Segfault in LauncherIcon::TextureFromSpecificGtkTheme

Bug #1180790 reported by Sam Spilsbury on 2013-05-16

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Unity	Fix Released	Critical	Marco Trevisan (Treviño)	Unity 7.1.0
unity (Ubuntu)	Fix Released	Undecided	Unassigned
Raring	Won't Fix	Undecided	Unassigned

Bug Description

==29781== Invalid read of size 1
==29781== at 0x8056C47: g_type_check_instance_cast (gtype.c:4033)
==29781== by 0x16DFC154: unity::launcher::LauncherIcon::TextureFromSpecificGtkTheme(_GtkIconTheme*, std::string const&, int, bool, bool) (LauncherIcon.cpp:432)
==29781== by 0x16DFC450: unity::launcher::LauncherIcon::TextureFromGtkTheme(std::string, int, bool) (LauncherIcon.cpp:379)
==29781== by 0x16E12998: unity::launcher::SimpleLauncherIcon::GetTextureForSize(int) (SimpleLauncherIcon.cpp:108)
==29781== by 0x16F0568F: unity::ui::IconRenderer::RenderIcon(nux::GraphicsEngine&, unity::ui::RenderArg const&, nux::Rect const&, nux::Rect const&) (IconRenderer.cpp:446)
==29781== by 0x16DD9D89: unity::launcher::Launcher::DrawContent(nux::GraphicsEngine&, bool) (Launcher.cpp:1871)
==29781== by 0x18754831: nux::View::ProcessDraw(nux::GraphicsEngine&, bool) (View.cpp:253)
==29781== by 0x1873820C: nux::Layout::ProcessDraw(nux::GraphicsEngine&, bool) (Layout.cpp:581)
==29781== by 0x18713BB7: nux::BaseWindow::DrawContent(nux::GraphicsEngine&, bool) (BaseWindow.cpp:142)
==29781== by 0x18754831: nux::View::ProcessDraw(nux::GraphicsEngine&, bool) (View.cpp:253)
==29781== by 0x18758386: nux::WindowCompositor::RenderTopViewContent(nux::BaseWindow*, bool) (WindowCompositor.cpp:1553)
==29781== by 0x1875F8EE: nux::WindowCompositor::RenderTopViews(bool, std::list<nux::ObjectWeakPtr<nux::BaseWindow>, std::allocator<nux::ObjectWeakPtr<nux::BaseWindow> > >&, bool) (WindowCompositor.cpp:1654)
==29781== Address 0x6168732f72737542 is not stack'd, malloc'd or (recently) free'd
==29781==
==29781==
==29781== Process terminating with default action of signal 11 (SIGSEGV)
==29781== General Protection Fault
==29781== at 0x8056C47: g_type_check_instance_cast (gtype.c:4033)
==29781== by 0x16DFC154: unity::launcher::LauncherIcon::TextureFromSpecificGtkTheme(_GtkIconTheme*, std::string const&, int, bool, bool) (LauncherIcon.cpp:432)
==29781== by 0x16DFC450: unity::launcher::LauncherIcon::TextureFromGtkTheme(std::string, int, bool) (LauncherIcon.cpp:379)
==29781== by 0x16E12998: unity::launcher::SimpleLauncherIcon::GetTextureForSize(int) (SimpleLauncherIcon.cpp:108)
==29781== by 0x16F0568F: unity::ui::IconRenderer::RenderIcon(nux::GraphicsEngine&, unity::ui::RenderArg const&, nux::Rect const&, nux::Rect const&) (IconRenderer.cpp:446)
==29781== by 0x16DD9D89: unity::launcher::Launcher::DrawContent(nux::GraphicsEngine&, bool) (Launcher.cpp:1871)
==29781== by 0x18754831: nux::View::ProcessDraw(nux::GraphicsEngine&, bool) (View.cpp:253)
==29781== by 0x1873820C: nux::Layout::ProcessDraw(nux::GraphicsEngine&, bool) (Layout.cpp:581)
==29781== by 0x18713BB7: nux::BaseWindow::DrawContent(nux::GraphicsEngine&, bool) (BaseWindow.cpp:142)
==29781== by 0x18754831: nux::View::ProcessDraw(nux::GraphicsEngine&, bool) (View.cpp:253)
==29781== by 0x18758386: nux::WindowCompositor::RenderTopViewContent(nux::BaseWindow*, bool) (WindowCompositor.cpp:1553)
==29781== by 0x1875F8EE: nux::WindowCompositor::RenderTopViews(bool, std::list<nux::ObjectWeakPtr<nux::BaseWindow>, std::allocator<nux::ObjectWeakPtr<nux::BaseWindow> > >&, bool) (WindowCompositor.cpp:1654)

GtkIconInfo * is released with g_object_unref, but its not actually a GObject. It should be released with gtk_icon_info_free

See original description

Related branches

lp:~smspillaz/unity/unity.fix_1180970

Superseded for merging into lp:unity

PS Jenkins bot (community): Approve (continuous-integration) on 2013-05-17

Sam Spilsbury: Pending requested 2013-05-17

Ted Gould: Pending requested 2013-05-17

lp:~ted/unity/null-icon-info

Rejected for merging into lp:unity

Andrea Azzarone (community): Needs Fixing on 2013-05-16

PS Jenkins bot (community): Approve (continuous-integration) on 2013-05-16

lp:~3v1n0/unity/gtk-wrapper-icon-info

Merged into lp:unity at revision 3329

PS Jenkins bot (community): Approve (continuous-integration) on 2013-05-19

Sam Spilsbury (community): Approve on 2013-05-19

Ted Gould (community): Approve on 2013-05-17

Andrea Azzarone (community): Approve on 2013-05-17

Sam Spilsbury (smspillaz) on 2013-05-16

description:

updated

Sam Spilsbury (smspillaz) on 2013-05-16

Changed in unity:
status:	New → Incomplete
status:	Incomplete → Confirmed
assignee:	nobody → Sam Spilsbury (smspillaz)

Andrea Azzarone (azzar1) on 2013-05-16

Changed in unity:
importance:	Undecided → Critical

Revision history for this message

Sam Spilsbury (smspillaz) wrote on 2013-05-16:

g_object_clear / g_object_unref is broken on < 3.8 and gtk_icon_info_free is deprecated on >= 3.8. I like it when libraries do this. We'll have to ifdef it.

Marco Trevisan (Treviño) (3v1n0) on 2013-05-17

Changed in unity:
milestone:	none → 7.1.0
status:	Confirmed → In Progress
assignee:	Sam Spilsbury (smspillaz) → Marco Trevisan (Treviño) (3v1n0)

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2013-05-19:

Fix committed into lp:unity at revision None, scheduled for release in unity, milestone 7.1.0

Changed in unity:
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-06-07:

Download full text (12.1 KiB)

This bug was fixed in the package unity - 7.0.0daily13.06.07-0ubuntu1

---------------
unity (7.0.0daily13.06.07-0ubuntu1) saucy; urgency=low

  [ Ted Gould ]
  * gtk_icon_info_free() is deprecated for g_object_unref().
  * Upstart event for when the indicators are loaded by the panel
    service.
  * Add an upstart job to unity-common.
  * Manage Unity Panel Service's lifecycle with Upstart.

  [ Didier Roche ]
  * add dep on autopilot-desktop.
  * Revert the panel on upstart from ted, it doesn't respawn as expected
    when another service try to communicate with the panel service and
    the consequence is a lot of tests failing

  [ Nick Dedekind ]
  * Uses a gobject weak ref to test for object deletion in the
    GLibObject tests. Previously was checking with G_IS_OBJECT on an
    invalid pointer, which was causing a segfault

  [ Manuel de la Pena ]
  * Adds support for payment previews that will allow users to buy music
    from within the dash. .

[ Mathieu Trudel-Lapierre ]
* Increase timeouts for hud functional and search tests.

[ Francis Ginther ]
* Handle StateNotFoundError when querying the label of a hud button.

  [ Łukasz 'sil2100' Zemczak ]
  * Now that we're using the new HUD, there have been some changes that
    typically cause test_hud tests to fail. Fix the tests to fit the new
    model. The first one is that generally we do not have indicator
    entries visible in the HUD anymore. Only application menu entries
    are in it now. The second one - the way the results are displayed is
    different. Now, instead of "Menu > Entry" we have "Entry (Menu)"
    etc.
  * Fix two HUD failures related to HUD slow action activation.
  * Fix some autopilot test failures, some related to test_shortcut_hint
    and some to test_scroll in launcher.
  * Modify all the hud_query_check lambdas to be more smart and error-
    checking. Same for the selected_hud_button method in the HUD
    emulator. Also, get rid of the troublesome test_gedit_undo and
    change it into test_gedit_save, which is easier to test and anyway
    tests what we want. Besides that we also now try to handle the
    StateNotFoundError exception in the HUD emulator, another cause of
    some AP failures.
  * Add a flag for -Wno-error=unused-local-typedefs, since this causes a
    FTBFS on ARM

[ Michal Hruby ]
* Don't activate a result twice after pressing Enter. (LP: #1188191)

  [ Sebastien Bacher ]
  * Use '%s:' string for preview hints, rather than just appending ':'.
    (LP: #1074038)

  [ Marco Trevisan (Treviño) ]
  * IconRenderer: preprocess an icon if its emblem has been shown/hidden
    In that way we can update its transformation. (LP: #1171476,
    #1171663)
  * UnityWindow: don't draw the panel shadow above a fullscreen window.
    (LP: #1171934)
  * UnityCore: add GtkWrapper to handle GtkIconInfo correctly for
    different GTK versions Fix a memory leak in LauncherIcon. (LP:
    #1180790)
  * SwitcherController: use proper long long types for
    WindowActiveNumber Otherwise an overflow can cause bad window
    selection after long uptime.
  * Unity: "s/unsigned long long/uint64_t/g".

[ Chris Townsend ]
* Fixes issue where minimiz...

This bug was fixed in the package unity - 7.0.0daily13.06.07-0ubuntu1

---------------
unity (7.0.0daily13.06.07-0ubuntu1) saucy; urgency=low

[ Nick Dedekind ]
  * Uses a gobject weak ref to test for object deletion in the
    GLibObject tests. Previously was checking with G_IS_OBJECT on an
    invalid pointer, which was causing a segfault

[ Manuel de la Pena ]
  * Adds support for payment previews that will allow users to buy music
    from within the dash. .

[ Mathieu Trudel-Lapierre ]
  * Increase timeouts for hud functional and search tests.

[ Francis Ginther ]
  * Handle StateNotFoundError when querying the label of a hud button.

[ Michal Hruby ]
  * Don't activate a result twice after pressing Enter. (LP: #1188191)

[ Sebastien Bacher ]
  * Use '%s:' string for preview hints, rather than just appending ':'.
    (LP: #1074038)

[ Chris Townsend ]
  * Fixes issue where minimizing a full screen window would not draw the
    Launcher and Panel after minimization. (LP: #1064155)
  * Fixes issue where source files for test-gestures would always be
    compiled even if the original source files did not change. (LP:
    #1039367)
  * Fixes the issue where the filling in of the progress bar over
    Launcher icons does not scale when using smaller or larger icon
    sizes than the default size of 48. (LP: #968680)

[ Sam Spilsbury ]
  * LauncherDragWindow: defer icon paint until DrawContent rather than
    doing so immediately (LP: #1180174). (LP: #1180174)
  * Add a pkg-config dependency on xpathselect>=1.2 Technically we
    depend on xpathselect>=1.3 in debian/control, however the latest -
    dev package in the distro claims the version is 1.2 and it builds
    just fine with that. (LP: #1185226). (LP: #1185226)

[ Leo Arias ]
  * Fixed the execute_action_by_id on the dash emulator. (LP: #1181677)

[ Christopher Lee ]
  * Attempt to fix sporadic failure of TestGLibSource.Running for arm
    builds.
  * Updating Unity autopilot tests to work with the new version of
    autopilot (1.3).
  * Update unity autopilot tests depends.
  * Missed a package depends for unity-autopilot.
  * Updating the dbus introspection to use the new xpathselect
    1.3.libxpathselect-dev.

[ Pawel Stolowski ]
  * Add ModelIterator-inl.h to the list of installed headers (as it's
    included by ModelIterator.h).
  * Fixes for two autopilot tests.
  * Bumped required version of libunity.

[ Andrea Azzarone ]
  * Disable detail view for webapp icons. (LP: #1169340)
  * Don't build CoverflowResultView.cpp.
  * Fix crashing tests. (LP: #1182585)
  * Remove AbstractSeparator.cpp (it does not make sense :).
  * Allow alt-tabbing during a dnd operation. (LP: #111939)
  * Reference BamfApplication in GetRunningApplications. (LP: #1181717)

[ Thomi Richards ]
  * Updating the dbus introspection to use the new xpathselect
    1.3.libxpathselect-dev.
  * Update the unity autopilot test suite to be compatible with the new
    autopilot API for custom emulators.

[ Ubuntu daily release ]
  * Automatic snapshot from revision 3365

unity (7.0.0daily13.06.03ubuntu.unity.next-0ubuntu1) raring; urgency=low

[ Chris Townsend ]
  * Fixes the issue where the filling in of the progress bar over
    Launcher icons does not scale when using smaller or larger icon
    sizes than the default size of 48. (LP: #968680)

[ Andrea Azzarone ]
  * Reference BamfApplication in GetRunningApplications. (LP: #1181717)

[ Ubuntu daily release ]
  * Automatic snapshot from revision 3355 (ubuntu-unity/next)

unity (7.0.0daily13.05.31ubuntu.unity.next-0ubuntu1) raring; urgency=low

[ Nick Dedekind ]
  * Keyboard focus lost if trying to navigate while search is ongoing
    (LP: #1170709)
  * Occasional loss of focus in the input text field (LP: #1174488)

[ Andrea Azzarone ]
  * Search Plugins previews in the apps lens should not display any
    ‘review stars’ (LP: #1170715)
  * [alt-tab] Disable detail view for webapp icons. (LP: #1169340)
  * 'There is no content...' message is missing if there no results when
    opening some lenses (LP: #1170728)

[ Nick Dedekind ]
  * Nautilus incorrectly highlighted as valid target DND target for lots
    of results (LP: #1170721)

[ Brandon Schaefer ]
  * Bump libnux to new version

[ Łukasz 'sil2100' Zemczak ]
  * Re-bumped libnux to 4.0.2

[ Ted Gould ]
  * gtk_icon_info_free() is deprecated for g_object_unref().
  * Upstart event for when the indicators are loaded by the panel
    service.

[ Marco Trevisan (Treviño) ]
  * UnityCore: add GtkWrapper to handle GtkIconInfo correctly for
    different GTK versions Fix a memory leak in LauncherIcon. (LP:
    #1180790)
  * SwitcherController: use proper long long types for
    WindowActiveNumber Otherwise an overflow can cause bad window
    selection after long uptime.
  * Unity: "s/unsigned long long/uint64_t/g".

[ Francis Ginther ]
  * Handle StateNotFoundError when querying the label of a hud button.

[ Didier Roche ]
  * add dep on autopilot-desktop.

[ Leo Arias ]
  * Fixed the execute_action_by_id on the dash emulator. (LP: #1181677)

[ Christopher Lee ]
  * Updating Unity autopilot tests to work with the new version of
    autopilot (1.3).
  * Update unity autopilot tests depends.
  * Missed a package depends for unity-autopilot.
  * Updating the dbus introspection to use the new xpathselect
    1.3.libxpathselect-dev.

[ Pawel Stolowski ]
  * Add ModelIterator-inl.h to the list of installed headers (as it's
    included by ModelIterator.h).
  * Fixes for two autopilot tests.

[ Mathieu Trudel-Lapierre ]
  * Increase timeouts for hud functional and search tests.

[ Andrea Azzarone ]
  * Don't build CoverflowResultView.cpp.
  * Fix crashing tests. (LP: #1182585)
  * Remove AbstractSeparator.cpp (it does not make sense :).
  * Allow alt-tabbing during a dnd operation. (LP: #111939)

[ Sam Spilsbury ]
  * LauncherDragWindow: defer icon paint until DrawContent rather than
    doing so immediately (LP: #1180174). (LP: #1180174)

[ Łukasz 'sil2100' Zemczak ]
  * Fix two HUD failures related to HUD slow action activation.
  * Fix some autopilot test failures, some related to test_shortcut_hint
    and some to test_scroll in launcher.
  * Modify all the hud_query_check lambdas to be more smart and error-
    checking. Same for the selected_hud_button method in the HUD
    emulator. Also, get rid of the troublesome test_gedit_undo and
    change it into test_gedit_save, which is easier to test and anyway
    tests what we want. Besides that we also now try to handle the
    StateNotFoundError exception in the HUD emulator, another cause of
    some AP failures.

[ Ubuntu daily release ]
  * Automatic snapshot from revision 3352 (ubuntu-unity/next)

unity (7.0.0daily13.05.08ubuntu.unity.next-0ubuntu1) raring; urgency=low

* Automatic snapshot from revision 3317 (ubuntu-unity/next)

unity (7.0.0daily13.05.01.1ubuntu.unity.next-0ubuntu1) raring; urgency=low

[ Sebastien Bacher ]
  * Some untranslatable and wrong strings in the previews (LP: #1074038)

[ Andrea Azzarone ]
  * [alt-tab] Disable detail view for webapp icons. (LP: #1169340)

[ Marco Trevisan (Treviño) ]
  * Launcher - count label pops out in auto-hide mode (LP: #1171476)
  * Panel shadow is drawn above full-screen windows when notifications
    are shown (LP: #1171934)
  * [regression] Icon count is not shown if the icon is not transformed
    (LP: #1171663)

[ Ubuntu daily release ]
  * Automatic snapshot from revision 3315 (ubuntu-unity/next)

unity (7.0.0daily13.04.23ubuntu.unity.experimental.certified-0ubuntu1) raring; urgency=low

[ Michal Hruby ]
  * HORIZONTAL_TILE results aren't displaying "comment" (LP: #1158840)

[ Brandon Schaefer ]
  * Command lens does not close when pressing Alt+F2 (LP: #1167466)

[ Nick Dedekind ]
  * Filters are disappearing and impacting already displayed results
    (LP: #1159814)

[ Marco Trevisan (Treviño) ]
  * Adding Lens results is more expensive than needed (LP: #1168569)
  * Top Bar, window managment - top bar shadow not falling on restored
    windows that are partially off the top edge of the screen (LP:
    #871758)
  * Opening new-window from quicklist static action does not focus the
    newly opened window (LP: #1164483)
  * Unity makes unneeded copies of Nux DrawList (LP: #1167605)
  * Unityshell uses much of his CPU time only to get tray XIDs from
    PanelController (LP: #1167894)
  * Unity wastes some memory by allocating multiple times the same
    texture (LP: #1166532)
  * Launcher pre-processes icons also when the icons have not been
    changed since last draw cycle (LP: #1168556)
  * Unity is creating multiple instances of DBusIndicators per each
    monitor (LP: #1166550)

[ Andrea Azzarone ]
  * Dash should only close when a icon is dragged outside of the
    Dash/Launcher area (LP: #1170720)
  * Launcher icons automatically placed in the launcher by USC (or apps
    lens) fail to have running 'pips'. (LP: #1165097)
  * dash preview animation is slow on high resolution screens (also
    fullscreen mode) (LP: #1055126)

[ Michi Henning ]
  * ResultIterator.h defines functions that return const values (LP:
    #1163705)

[ Matthieu James ]
  * [UIFe] BFB icon swirl should run clockwise not anti-clockwise (LP:
    #1169238)

[ Ubuntu daily release ]
  * Automatic snapshot from revision 3121 (ubuntu-unity/experimental-
    certified)
 -- Ubuntu daily release <ps-jenkins@lists.canonical.com>   Fri, 07 Jun 2013 06:43:22 +0000

Changed in unity (Ubuntu):
status:	New → Fix Released

Revision history for this message

Stephen M. Webb (bregma) wrote on 2013-07-26:

Fix Released in Unity Unity 7.1.0.

Changed in unity:
status:	Fix Committed → Fix Released

Revision history for this message

Rolf Leggewie (r0lf) wrote on 2014-12-05:

raring has seen the end of its life and is no longer receiving any updates. Marking the raring task for this ticket as "Won't Fix".

Changed in unity (Ubuntu Raring):
status:	New → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.