crashes when using the small theme

Bug #131564 reported by C.Kontros on 2007-08-10
48
Affects Status Importance Assigned to Milestone
clearlooks (Baltix)
Undecided
Unassigned
murrine (Ubuntu)
Medium
Steve Langasek
ubuntulooks (Ubuntu)
Medium
Steve Langasek

Bug Description

UPDATE: It looks as though this issue has come down to the use of the "small theme" in GIMP. Also looks to be the same bug in Bug #135650.

Binary package hint: gimp

I get the same behavior on 2 up-to-date Gutsy machines. Hopefully its not a GTK issue. After picking the text tool, then trying to edit it's options I get:

user@pc:~$ gimp
This is a development version of GIMP. Debug messages may appear here.

*** glibc detected *** gimp: double free or corruption (out): 0x093039d0 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7650d75]
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7654810]
/usr/lib/libglib-2.0.so.0(g_free+0x31)[0xb7780961]
/usr/lib/gtk-2.0/2.10.0/engines/libubuntulooks.so(option_menu_get_props+0xe6)[0xb5242bc6]
/usr/lib/gtk-2.0/2.10.0/engines/libubuntulooks.so[0xb5240b0e]
/usr/lib/libgtk-x11-2.0.so.0(gtk_paint_box+0xaa)[0xb7c26d0a]
/usr/lib/libgtk-x11-2.0.so.0[0xb7bc9028]
/usr/lib/libgtk-x11-2.0.so.0[0xb7b9fb62]
/usr/lib/libgobject-2.0.so.0[0xb78acfc9]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x20c)[0xb78ae89c]
/usr/lib/libgobject-2.0.so.0[0xb78c0d63]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x6d6)[0xb78c1a36]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0xb78c1e29]
/usr/lib/libgtk-x11-2.0.so.0[0xb7cd9118]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_propagate_expose+0x204)[0xb7aedc64]
/usr/lib/libgtk-x11-2.0.so.0[0xb7aedcb6]
/usr/lib/libgtk-x11-2.0.so.0[0xb7c303ca]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_forall+0x6b)[0xb7aee89b]
/usr/lib/libgtk-x11-2.0.so.0[0xb7aee9a3]
/usr/lib/libgtk-x11-2.0.so.0[0xb7b9fb62]
/usr/lib/libgobject-2.0.so.0[0xb78acfc9]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x20c)[0xb78ae89c]
/usr/lib/libgobject-2.0.so.0[0xb78c0d63]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x6d6)[0xb78c1a36]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0xb78c1e29]
/usr/lib/libgtk-x11-2.0.so.0[0xb7cd9118]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_propagate_expose+0x204)[0xb7aedc64]
/usr/lib/libgtk-x11-2.0.so.0[0xb7aedcb6]
/usr/lib/libgtk-x11-2.0.so.0[0xb7c303ca]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_forall+0x6b)[0xb7aee89b]
/usr/lib/libgtk-x11-2.0.so.0[0xb7aee9a3]
/usr/lib/libgtk-x11-2.0.so.0[0xb7b9fb62]
/usr/lib/libgobject-2.0.so.0[0xb78acfc9]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x20c)[0xb78ae89c]
/usr/lib/libgobject-2.0.so.0[0xb78c0d63]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x6d6)[0xb78c1a36]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0xb78c1e29]
/usr/lib/libgtk-x11-2.0.so.0[0xb7cd9118]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_propagate_expose+0x204)[0xb7aedc64]
/usr/lib/libgtk-x11-2.0.so.0[0xb7aedcb6]
/usr/lib/libgtk-x11-2.0.so.0[0xb7aa3ca0]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_forall+0x6b)[0xb7aee89b]
/usr/lib/libgtk-x11-2.0.so.0[0xb7aee9a3]
/usr/lib/libgtk-x11-2.0.so.0[0xb7b9fb62]
/usr/lib/libgobject-2.0.so.0[0xb78acfc9]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x20c)[0xb78ae89c]
/usr/lib/libgobject-2.0.so.0[0xb78c0d63]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x6d6)[0xb78c1a36]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0xb78c1e29]
/usr/lib/libgtk-x11-2.0.so.0[0xb7cd9118]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_propagate_expose+0x204)[0xb7aedc64]
/usr/lib/libgtk-x11-2.0.so.0[0xb7aedcb6]
/usr/lib/libgtk-x11-2.0.so.0[0xb7aa3ca0]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_forall+0x6b)[0xb7aee89b]
/usr/lib/libgtk-x11-2.0.so.0[0xb7aee9a3]
/usr/lib/libgtk-x11-2.0.so.0[0xb7b9fb62]
/usr/lib/libgobject-2.0.so.0[0xb78acfc9]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x20c)[0xb78ae89c]
/usr/lib/libgobject-2.0.so.0[0xb78c0d63]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x6d6)[0xb78c1a36]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0xb78c1e29]
/usr/lib/libgtk-x11-2.0.so.0[0xb7cd9118]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_propagate_expose+0x204)[0xb7aedc64]
======= Memory map: ========
08048000-083b8000 r-xp 00000000 08:02 1772959 /usr/bin/gimp-2.3
083b8000-083cc000 rw-p 0036f000 08:02 1772959 /usr/bin/gimp-2.3
083cc000-09313000 rw-p 083cc000 00:00 0 [heap]
b3e77000-b3e81000 r-xp 00000000 08:02 425173 /lib/libgcc_s.so.1
b3e81000-b3e82000 rw-p 0000a000 08:02 425173 /lib/libgcc_s.so.1
b3e82000-b3ea2000 rw-p b3e82000 00:00 0
b3eb3000-b3edf000 rw-p b3eb3000 00:00 0
b3edf000-b4608000 r--p 00000000 08:02 1865747 /usr/share/icons/gnome/icon-theme.cache
b4608000-b4691000 r--p 00000000 08:02 2028621 /usr/share/icons/Tangerine/icon-theme.cache
b4691000-b46be000 r-xp 00000000 08:02 1766466 /usr/lib/liblcms.so.1.0.16
b46be000-b46c0000 rw-p 0002c000 08:02 1766466 /usr/lib/liblcms.so.1.0.16
b46c0000-b46c2000 rw-p b46c0000 00:00 0
b46c3000-b46c8000 rw-p b46c5000 00:00 0
b46c8000-b46cf000 rw-p b46c8000 00:00 0
b46cf000-b46d1000 r-xp 00000000 08:02 2341780 /usr/lib/gimp/2.0/modules/libcolorsel_cmyk.so
b46d1000-b46d2000 rw-p 00002000 08:02 2341780 /usr/lib/gimp/2.0/modules/libcolorsel_cmyk.so
b46d2000-b46e3000 rw-p b46d2000 00:00 0
b46e3000-b4720000 r--p 00000000 08:02 2177621 /usr/share/fonts/truetype/freefont/FreeSansOblique.ttf
b4720000-b4726000 rw-p b4732000 00:00 0
b4726000-b472b000 rw-p b4732000 00:00 0
b472b000-b4732000 rw-p b4731000 00:00 0
b4732000-b4735000 r-xp 00000000 08:02 2341782 /usr/lib/gimp/2.0/modules/libcolorsel_triangle.so
b4735000-b4736000 rw-p 00002000 08:02 2341782 /usr/lib/gimp/2.0/modules/libcolorsel_triangle.so
b4736000-b4e85000 rw-p b4736000 00:00 0
b4e85000-b4ee5000 rw-s 00000000 00:09 2818071 /SYSV00000000 (deleted)
b4ee5000-b4f45000 rw-s 00000000 00:09 2785302 /SYSV00000000 (deleted)
b4f45000-b4f56000 rw-p b4f45000 00:00 0
b4f56000-b4fc7000 r--p 00000000 08:02 2177618 /usr/share/fonts/truetype/freefont/FreeSans.ttf
b4fc7000-b5030000 rw-p b4fc7000 00:00 0
b5030000-b5032000 r-xp 00000000 08:02 1835513 /usr/lib/pango/1.6.0/modules/pango-basic-fc.so
b5032000-b5033000 rw-p 00001000 08:02 1835513 /usr/lib/pango/1.6.0/modules/pango-basic-fc.so
b5033000-b5058000 r--p 00000000 08:02 2177619 /usr/share/fonts/truetype/freefont/FreeSansBold.ttf
b5058000-b505e000 r--s 00000000 08:02 1309371 /var/cache/fontconfig/945677eb7aeaf62f1d50efc3fb3ec7d8-x86.cache-2
b505e000-b505f000 r--s 00000000 08:02 1309369 /var/cache/fontconfig/fd9505950c048a77dc4b710eb6a628ed-x86.cache-2
b505f000-b5062000 r--s 00000000 08:02 1309368 /var/cache/fontconfig/ddc79d3ea06a7c6ffa86ede85f3bb5df-x86.cache-2
b5062000-b5063000 r--s 00000000 08:02 1309367 /var/cache/fontconfig/e7071f4a29fa870f4323321c154eba04-x86.cache-2
b5063000-b5064000 r--s 00000000 08:02 1309366 /var/cache/fontconfig/a2ab74764b07279e7c36ddb1d302cf26-x86.cache-2
b5064000-b5068000 r--s 00000000 08:02 1309365 /var/cache/fontconfig/921a30a17f0be15c70ac14043cb7a739-x86.cache-2
b5068000-b5069000 r--s 00000000 08:02 1309364 /var/cache/fontconfig/c69f04ab05004e31a6d5e715764f16d8-x86.cache-2
b5069000-b506a000 r--s 00000000 08:02 1309363 /var/cache/fontconfig/4c73fe0c47614734b17d736dbde7580a-x86.cache-2
b506a000-b506c000 r--s 00000000 08:02 1309362 /var/cache/fontconfig/646addb8444faa74ee138aa00ab0b6a0-x86.cache-2
b506c000-b506e000 r--s 00000000 08:02 1309361 /var/cache/fontconfig/20bd79ad97094406f7d1b9654bfbd926-x86.cache-2
b506e000-b506f000 r--s 00000000 08:02 1309360 /var/cache/fontconfig/75a2cd575a62cgimp: terminated: Aborted

C.Kontros (coryisatm) on 2007-08-10
description: updated
Jeff Fortin Tam (kiddo) wrote :

I confirm this bug on gutsy's gimp 2.4 RC (happened to me today).

C.Kontros (coryisatm) wrote :

Are you using the "small" theme in GIMP?

Yes! I just tried switching to the "normal" icon size theme in the gimp, and
it doesn't crash anymore. What a strange situation. I guess we know the
culprit now :)

Yes! I just tried switching to the "normal" icon size theme in the gimp, and it doesn't crash anymore. What a strange situation. I guess we know the culprit now :)

C.Kontros (coryisatm) on 2007-09-20
description: updated
Changed in gimp:
importance: Undecided → Medium
status: New → Confirmed
Alex (flying-sad) wrote :

confirm on 2.4 rc3.
occurs only on small theme.

Flavio Carreira (carreirabr) wrote :

After commiting theses lines from small theme gtkrc, I had no more crashes:

# GtkOptionMenu::indicator_size = { 5, 11 }
# GtkOptionMenu::indicator_spacing = { 4, 3, 1, 1 }

The default theme don't have any of these.

Steve Langasek (vorlon) wrote :

This is a bug in the ubuntulooks theme engine, as identified in bug #135650 (marked as duplicate of this bug). This looks like a bug inherited from an earlier version of the clearlooks theme engine and is fixed in the current version; g_free() is used to free memory that was allocated with a type-specific allocator function, which explains why debugging with G_SLICE=always-malloc isn't too productive.

A short patch to use the per-type free() functions will fix this; patch to follow shortly.

Changed in gimp:
assignee: nobody → vorlon
status: Confirmed → In Progress
Steve Langasek (vorlon) wrote :

Attached patch uses the gtk-type-specific free() functions, solving this crasher bug.
sponsorable source package available at <http://people.ubuntu.com/~vorlon/ubuntulooks/>.

DarkMageZ (darkmagez) wrote :

this also affects other theme engines such as fedora's nodoka (which i'm using on ubuntu).

C.Kontros (coryisatm) wrote :

This also effects Murrine. I don't believe a issue that effects so many engines in a bug in the engine.

While the fix may be applied to the engine I think Flavio Carreira post also shows how it can be a GIMP bug.

C.Kontros (coryisatm) wrote :

This also effects Murrine. I don't believe a issue that effects so many engines is a bug in the engine.

While the fix may be applied to the engine, I think Flavio Carreira post also shows how it can be a GIMP bug.

Steve Langasek (vorlon) wrote :

It is a bug in the engine. g_free() is only supposed to be used on memory returned from g_malloc(); for nearly all gtk object types, there are type-specific allocator functions which are supposed to be used - and are used in this case where gtk is being asked to return objects of this type. This means that the type-specific deallocator functions must also be used, and the crash is a direct result of not doing so. The fact that the code doesn't crash when G_SLICE=always-malloc is used confirms this.

The fact that multiple theme engines share the same bug is largely beside the point, other than to demonstrate a common lineage of the various theme engines by way of code copy'n'paste.

C.Kontros (coryisatm) wrote :

I do understand but as this was a recent change to GIMP, and not the engines this will effect projects that rely on these engines. With no time to get fixes from upstream, at this point I would feel better patching GIMP then effecting projects who no time to fix before freeze.

C.Kontros (coryisatm) wrote :

Added Clearlooks (messed up with the Baltix choice) and Murrine to affected packages.

Steve Langasek (vorlon) wrote :

same patch for the same bug in gtk2-engines-murrine. Signed source package at <http://people.ubuntu.com/~vorlon/gtk2-engines-murrine/>.

There is no package in gutsy (source or binary) named "clearlooks", and the gtk2-engines package which provides the clearlooks engine in gutsy has no theme named "Baltix" that I can see.

Regardless of whether a workaround in gimp would be suitable, these crashers in the gtk engines should still be fixed since they can be triggered by any arbitrary app theme or user gtkrc that sets GtkOptionMenu::indicator_spacing.

Steve Langasek (vorlon) on 2007-10-05
Changed in murrine:
assignee: nobody → vorlon
importance: Undecided → Medium
status: New → In Progress
Sebastien Bacher (seb128) wrote :

Thank you for the patch Steve, I've sponsored the upload now

Changed in ubuntulooks:
status: In Progress → Fix Committed
Steve Langasek (vorlon) wrote :

ubuntulooks (0.9.12-8) gutsy; urgency=low

  * Use gtk_requisition_free() and gtk_border_free() where appropriate
    instead of the generic g_free(), fixing a crash when using gimp's "small"
    theme in conjunction with ubuntulooks. LP: #131564.

 -- Steve Langasek <email address hidden> Thu, 04 Oct 2007 18:10:04 -0700

Changed in ubuntulooks:
status: Fix Committed → Fix Released
Daniel Holbach (dholbach) wrote :

Fixed AFAICS.

Changed in murrine:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers