Crash changing menu item type to Image and editing name (g_utf8_get_char)

Bug #214225 reported by Juan C. Villa on 2008-04-08
14
Affects Status Importance Assigned to Milestone
Glade
Expired
Critical
glade-3 (Ubuntu)
Medium
Unassigned

Bug Description

Binary package hint: glade-3

I have been through similar bug reports but they don't seem to match what I am experiencing. Step to reproduce:

- Create new window
- Add vertical box
- Add menu bar
- Open the "edit" menu bar dialog
- Delete all sub menus under edit
- Add a new submenu under edit
- Change the type of the submene to "Image"
- Change the name to "menuPreferences"
- Press TAB and it crashes

I am not very experienced a debugging precompiled applications. I would love to learn and would appreciate all the help.

Here's a valgrind dump of the application when it's crashing:

(glade-3:8631): GladeUI-CRITICAL **: glade_base_editor_treeview_cursor_changed: assertion `GTK_IS_TREE_VIEW (treeview)' failed
==8631==
==8631== Invalid read of size 1
==8631== at 0x44E158B: g_utf8_get_char (in /usr/lib/libglib-2.0.so.0.1600.3)
==8631== by 0x4058904: (within /usr/lib/libgladeui-1.so.7.0.2)
==8631== by 0x4058A21: glade_project_widget_name_changed (in /usr/lib/libgladeui-1.so.7.0.2)
==8631== by 0x4059518: (within /usr/lib/libgladeui-1.so.7.0.2)
==8631== by 0x4453169: g_cclosure_marshal_VOID__PARAM (in /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x4446758: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x445AD1C: (within /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x445C915: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x445CC58: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x444AC80: (within /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x44474CE: (within /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x444B718: g_object_notify (in /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==8631==
==8631== Process terminating with default action of signal 11 (SIGSEGV)
==8631== Access not within mapped region at address 0x0
==8631== at 0x44E158B: g_utf8_get_char (in /usr/lib/libglib-2.0.so.0.1600.3)
==8631== by 0x4058904: (within /usr/lib/libgladeui-1.so.7.0.2)
==8631== by 0x4058A21: glade_project_widget_name_changed (in /usr/lib/libgladeui-1.so.7.0.2)
==8631== by 0x4059518: (within /usr/lib/libgladeui-1.so.7.0.2)
==8631== by 0x4453169: g_cclosure_marshal_VOID__PARAM (in /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x4446758: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x445AD1C: (within /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x445C915: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x445CC58: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x444AC80: (within /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x44474CE: (within /usr/lib/libgobject-2.0.so.0.1600.3)
==8631== by 0x444B718: g_object_notify (in /usr/lib/libgobject-2.0.so.0.1600.3)
==8631==
==8631== ERROR SUMMARY: 79 errors from 25 contexts (suppressed: 215 from 2)
==8631== malloc/free: in use at exit: 11,745,381 bytes in 146,063 blocks.
==8631== malloc/free: 797,972 allocs, 651,909 frees, 134,787,313 bytes allocated.
==8631== For counts of detected errors, rerun with: -v
==8631== searching for pointers to 146,063 not-freed blocks.
==8631== checked 11,820,156 bytes.
==8631==
==8631== LEAK SUMMARY:
==8631== definitely lost: 120,253 bytes in 4,153 blocks.
==8631== possibly lost: 913,273 bytes in 972 blocks.
==8631== still reachable: 10,711,855 bytes in 140,938 blocks.
==8631== suppressed: 0 bytes in 0 blocks.
==8631== Rerun with --leak-check=full to see details of leaked memory.

ProblemType: Crash
Architecture: i386
CrashCounter: 1
Date: Tue Apr 8 17:09:17 2008
DistroRelease: Ubuntu 8.04
ExecutablePath: /usr/bin/glade-3
NonfreeKernelModules: nvidia
Package: glade-3 3.4.2-0ubuntu1
PackageArchitecture: i386
ProcCmdline: glade-3
ProcEnviron:
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_US.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: glade-3
Stacktrace:
 #0 0xb7b0958b in g_utf8_get_char () from /usr/lib/libglib-2.0.so.0
 #1 0xb7f36905 in ?? () from /usr/lib/libgladeui-1.so.7
 #2 0x00000000 in ?? ()
StacktraceTop:
 g_utf8_get_char () from /usr/lib/libglib-2.0.so.0
 ?? () from /usr/lib/libgladeui-1.so.7
 ?? ()
ThreadStacktrace:
 .
 Thread 1 (process 7844):
 #0 0xb7b0958b in g_utf8_get_char () from /usr/lib/libglib-2.0.so.0
 #1 0xb7f36905 in ?? () from /usr/lib/libgladeui-1.so.7
 #2 0x00000000 in ?? ()
Title: glade-3 crashed with SIGSEGV in g_utf8_get_char()
Uname: Linux 2.6.24-12-generic i686
UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin mythtv plugdev video
SegvAnalysis:
 Segfault happened at: 0xb7b0958b <g_utf8_get_char+11>: movzbl (%eax),%edx
 PC (0xb7b0958b) ok
 source "(%eax)" (0x00000000) not located in a known VMA region (needed readable region)!
 destination "%edx" ok
SegvReason: reading NULL VMA

Juan C. Villa (juanqui) wrote :

StacktraceTop:IA__g_utf8_get_char (p=0x0) at /build/buildd/glib2.0-2.16.2/glib/gutf8.c:271
glade_project_release_widget_name (project=0x851f5c8, glade_widget=0x89386a8, widget_name=0x0)
glade_project_widget_name_changed (project=0x851f5c8, widget=0x89386a8, old_name=0x0) at glade-project.c:1133
glade_project_on_widget_notify (widget=0x89386a8, arg=0x8666b28, project=0x851f5c8) at glade-project.c:829
IA__g_cclosure_marshal_VOID__PARAM (closure=0x89675c0, return_value=0x0, n_param_values=2,

Changed in glade-3:
importance: Undecided → Medium

After a while of debugging I have reduced the steps to reproduce to the following:

- Create menu bar
- Add menu item
- Change type
- Change name (CRASH!)

I attached a debugger to the application and compiled libgladeui with debug information. I believe the problem is happening in one of the signal handlers that get invoked when the type of menu is changed to "Image". After some tracing I realized that it would insert "imagemenuitem6" as the old_name for a widget who's REAL old_name is "menuitem5".

Sebastien Bacher (seb128) wrote :

thank you for your bug report, the crash is similar to http://bugzilla.gnome.org/show_bug.cgi?id=533471

Changed in glade-3:
status: New → Triaged
Changed in glade:
status: Unknown → New
summary: - glade-3 crashed with SIGSEGV in g_utf8_get_char()
+ Crash changing menu item type to Image and editing name
summary: Crash changing menu item type to Image and editing name
+ (g_utf8_get_char)
Kees Cook (kees) on 2009-09-16
description: updated
Javier Jardón (jjardon) on 2010-01-19
affects: glade-3 (Ubuntu) → glade (Ubuntu)
Javier Jardón (jjardon) on 2010-04-14
affects: glade (Ubuntu) → glade-3 (Ubuntu)
Javier Jardón (jjardon) on 2010-04-14
Changed in glade-2.old:
importance: Unknown → Undecided
status: New → Invalid
Changed in glade-3:
status: Unknown → New
Changed in glade-3:
importance: Unknown → Critical
Changed in glade-3:
status: New → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.