Description of problem: metacity ( => gnome-classic, not gnome-shell & mutter) segfaults in oxygen theme. If you look at the GDB trace, you see the theme engine tries to dereference a pointer in the NULL page Version-Release number of selected component (if applicable): lib64oxygen-gtk-1.2.0-2.mga2 How reproducible: always Steps to Reproduce: 1. switch Gtk+ theme to oxygen with gnome-tweak-tool 2. logout 3. login, session displays "an error happened" 4. run gdb from a console to see the trace
CC: (none) => hugo
Created attachment 1492 [details] GDB trace As you see Oxygen::QtSettings::loadKdeIcons() calls (though std::string template) strlen on a pointer that is in the first page (the NULL page) and thus segfault
Severity: normal => major
BTW you might want to look at https://bugs.mageia.org/buglist.cgi?cmdtype=runnamed&namedcmd=oxygen (also available from bugzilla>preferences>Saved Searches)
The guilty code is (in details): gchar** gtkSearchPath; int nElements(0); gtk_icon_theme_get_search_path( gtk_icon_theme_get_default(), >kSearchPath, &nElements ); for( int i=0; i<nElements; i++ ) { searchPath.insert( gtkSearchPath[i] ); } So from the gtk method call, I was expecting, by construction, gtkSearchPath[i] not to be Null (never), or else it means nElements is just not calculated right. (or do I not read c++ right ?) This to say: can be easily fixed in oxygen-gtk, but this rather looks like a Gtk bug to me. Maybe its worth reporting it there.
Side note: can't reproduce. Could you also post the gtk version ?
Created attachment 1493 [details] patch (for testing) Tentative patch. Easy enough. Could not test since I could not reproduce the crash in the first place. Please report back and I'll push the patch upstream.
(PS 2: please also report the metacity version. Mine might be too old)
gtk+2.0-2.24.9-1.mga2 metacity-2.34.1-5.mga2
thx ! I have gtk-2.24.8 and metacity-2.30.3-4.mga1 Will upgrade gtk (compiled from source) Can't guaranty metacity upgrade.
Also, I'm 32bits.
Created attachment 1494 [details] GDB trace with path applied Now it segfaults on free()
For the record, I'm running latest Mageia Cauldron.
(I'm not :)) Anyway. I think the issue is that the initial output of gtk_icon_theme_get_search_path is 0. hence the "free" issue. Will post another patch.
Created attachment 1495 [details] another patch Another tentative patch. In replacement for (and not on top of) the previous patch that did not work.
Created attachment 1496 [details] GDB trace still segfaulting...
Well, since 1/ I can't reproduce 2/ obviously gtkSearchPath is not null (from previous patch failing), but can't be freed (from previous crash report), it has to be a gtk bug (and/or meta city). Nothing I can do about it :(
PS: just updated to gtk+-2.24.9 and metacity-2.34.1
Well only oxygen-gtk segfaults like this... Default adwaita theme works just fine with metacity
Well. that doesn't prove anything, sorry to say. The other theme(s) likely don't call the guilty gtk function. Doesn't make it oxygen's fault, does it ? Anyway. after reading the documentation for gtk_icon_theme_get_search_path I'll give a shot to another patch (that uses g_strfreev() instead of g_free). Maybe that will fix the other crash.
Created attachment 1497 [details] v3
Created attachment 1499 [details] GDB trace Still segfaulting...
The last backtrace does not make much sense, sadly enough. If the crash is in "if( gtkSearchPath[i] )" it means that memory is corrupted. since the guy is direct out of a gtk call, it has to be a gtk bug. nothing I can do about it. Should rather be reported upstream.
Done: https://bugzilla.gnome.org/show_bug.cgi?id=669765
The upstream bug was closed as not a GTK bug: --- Comment #1 from Matthias Clasen <mclasen@redhat.com> 2012-02-10 01:42:56 UTC --- Taking a quick look at some of the stacktraces in the Mandriva bug: Gtk-CRITICAL **: IA__gtk_icon_theme_get_search_path: assertion `GTK_IS_ICON_THEME (icon_theme)' failed indicates that the GtkIconTheme object that gtk_icon_theme_get_search_path is called on is not valid. Anything after that critical is not really relevant...
CC: (none) => olav
https://projects.kde.org/projects/playground/artwork/oxygen-gtk/repository/revisions/3d354a9807c2fb004faab8c29223126952d40205
oops wrong link.
http://commits.kde.org/oxygen-gtk/b184eefe1c504b8c93114ae2a4bdcacf18b7f932 http://commits.kde.org/oxygen-gtk/7aa38197e9f37486b5c761fbff415bebe6cc48a3
Attachment 1493 is obsolete: 0 => 1
Attachment 1494 is obsolete: 0 => 1
Attachment 1495 is obsolete: 0 => 1
Attachment 1496 is obsolete: 0 => 1
Attachment 1497 is obsolete: 0 => 1
Attachment 1499 is obsolete: 0 => 1
I'd to rediff the patch to apply cleanly on 1.2.0 (looks like you commited one of the test patch). It definitively fix the bug one of my test machine. I'll do further testing tonight on another one. Interestingly, it doesn't happen in a chroot unless /var/run/dbus/ is binded on th chroot one. Thanks for the patch!
Keywords: (none) => PATCH, UPSTREAM
I'll put back the suggest tag on oxygen-gtk in gtk+2.0
Checked on another test machine. Works fine too. Thanks for the fix. oxygen-gtk-1.2.0-3.mga2 is being uploaded with that fix.
Status: NEW => RESOLVEDResolution: (none) => FIXED