Skip to content

shell: Disconnect signal handler to prevent invalid read

Marek Kašík requested to merge mkasik/evince:disconnect_job_handler_when_disposing into main

Disconnect handler of "finished" signal of EvJobAnnots in EvSidebarAnnotations' dispose method. This prevents the callback to access the EvSidebarAnnotations object after it has been disposed if the job takes a long time.

I can reproduce this quite reliably by introducing small delay in poppler's "NameToCharCode::lookup()" via "usleep(10)" inside the while loop and closing Evince as soon as it starts (I'm debugging some crashes in GlobalParams triggered by this).

Valgrind traceback:

==18726== Invalid read of size 8
==18726==    at 0x44C43C: job_finished_callback (ev-sidebar-annotations.c:359)
==18726==    by 0x494CD9F: g_closure_invoke (gclosure.c:830)
==18726==    by 0x49794B5: signal_emit_unlocked_R.isra.0 (gsignal.c:3743)
==18726==    by 0x4969A0D: g_signal_emit_valist (gsignal.c:3496)
==18726==    by 0x4969C92: g_signal_emit (gsignal.c:3553)
==18726==    by 0x4878A35: emit_finished (ev-jobs.c:189)
==18726==    by 0x49EB46A: g_idle_dispatch (gmain.c:5935)
==18726==    by 0x49EEF4E: UnknownInlinedFun (gmain.c:3417)
==18726==    by 0x49EEF4E: g_main_context_dispatch (gmain.c:4135)
==18726==    by 0x4A44167: g_main_context_iterate.constprop.0 (gmain.c:4211)
==18726==    by 0x49EC8DF: g_main_context_iteration (gmain.c:4276)
==18726==    by 0x56EE387: g_application_run (gapplication.c:2600)
==18726==    by 0x45A975: main (main.c:318)
==18726==  Address 0x9687610 is 432 bytes inside a block of size 448 free'd
==18726==    at 0x48480E4: free (vg_replace_malloc.c:872)
==18726==    by 0x49F0B2C: g_free (gmem.c:218)
==18726==    by 0x4A0BE93: g_slice_free1 (gslice.c:1183)
==18726==    by 0x496F7B3: g_type_free_instance (gtype.c:2001)
==18726==    by 0x4DD2F8F: gtk_stack_forall (gtkstack.c:1911)
==18726==    by 0x4C3775A: gtk_container_destroy.lto_priv.0 (gtkcontainer.c:1702)
==18726==    by 0x494CCD4: g_closure_invoke (gclosure.c:830)
==18726==    by 0x4979563: signal_emit_unlocked_R.isra.0 (gsignal.c:3861)
==18726==    by 0x4969A0D: g_signal_emit_valist (gsignal.c:3496)
==18726==    by 0x4969C92: g_signal_emit (gsignal.c:3553)
==18726==    by 0x4E8FA9E: gtk_widget_dispose.lto_priv.0 (gtkwidget.c:12166)
==18726==    by 0x495ADA3: g_object_run_dispose (gobject.c:1268)
==18726==    by 0x4BEB3D7: gtk_box_forall.lto_priv.0 (gtkbox.c:2678)
==18726==    by 0x4C3775A: gtk_container_destroy.lto_priv.0 (gtkcontainer.c:1702)
==18726==    by 0x494CCD4: g_closure_invoke (gclosure.c:830)
==18726==    by 0x4979563: signal_emit_unlocked_R.isra.0 (gsignal.c:3861)
==18726==    by 0x4969A0D: g_signal_emit_valist (gsignal.c:3496)
==18726==    by 0x4969C92: g_signal_emit (gsignal.c:3553)
==18726==    by 0x4E8FA9E: gtk_widget_dispose.lto_priv.0 (gtkwidget.c:12166)
==18726==    by 0x4508A2: ev_sidebar_dispose (ev-sidebar.c:88)
==18726==    by 0x495ADA3: g_object_run_dispose (gobject.c:1268)
==18726==    by 0x4D57458: gtk_paned_forall (gtkpaned.c:2320)
==18726==    by 0x4C3775A: gtk_container_destroy.lto_priv.0 (gtkcontainer.c:1702)
==18726==    by 0x494CCD4: g_closure_invoke (gclosure.c:830)
==18726==    by 0x4979563: signal_emit_unlocked_R.isra.0 (gsignal.c:3861)
==18726==    by 0x4969A0D: g_signal_emit_valist (gsignal.c:3496)
==18726==    by 0x4969C92: g_signal_emit (gsignal.c:3553)
==18726==    by 0x4E8FA9E: gtk_widget_dispose.lto_priv.0 (gtkwidget.c:12166)
==18726==    by 0x495ADA3: g_object_run_dispose (gobject.c:1268)
==18726==    by 0x4BEB3D7: gtk_box_forall.lto_priv.0 (gtkbox.c:2678)
==18726==    by 0x4C3775A: gtk_container_destroy.lto_priv.0 (gtkcontainer.c:1702)
==18726==    by 0x494CCD4: g_closure_invoke (gclosure.c:830)
==18726==    by 0x4979563: signal_emit_unlocked_R.isra.0 (gsignal.c:3861)
==18726==    by 0x4969A0D: g_signal_emit_valist (gsignal.c:3496)
==18726==    by 0x4969C92: g_signal_emit (gsignal.c:3553)
==18726==    by 0x4E8FA9E: gtk_widget_dispose.lto_priv.0 (gtkwidget.c:12166)
==18726==    by 0x495ADA3: g_object_run_dispose (gobject.c:1268)
==18726==    by 0x585FC5A: ??? (in /usr/lib64/libhandy-1.so.0)
==18726==    by 0x4C3775A: gtk_container_destroy.lto_priv.0 (gtkcontainer.c:1702)
==18726==    by 0x494CCD4: g_closure_invoke (gclosure.c:830)
==18726==    by 0x4979563: signal_emit_unlocked_R.isra.0 (gsignal.c:3861)
==18726==    by 0x4969A0D: g_signal_emit_valist (gsignal.c:3496)
==18726==    by 0x4969C92: g_signal_emit (gsignal.c:3553)
==18726==    by 0x4E8FA9E: gtk_widget_dispose.lto_priv.0 (gtkwidget.c:12166)
==18726==    by 0x495AC43: UnknownInlinedFun (gobject.c:3636)
==18726==    by 0x495AC43: g_object_unref (gobject.c:3553)
==18726==    by 0x4BDE0F9: gtk_bin_remove (gtkbin.c:151)
==18726==    by 0x585A958: ??? (in /usr/lib64/libhandy-1.so.0)
==18726==    by 0x494CD9F: g_closure_invoke (gclosure.c:830)
==18726==    by 0x4979563: signal_emit_unlocked_R.isra.0 (gsignal.c:3861)
==18726==    by 0x4969A0D: g_signal_emit_valist (gsignal.c:3496)
==18726==    by 0x4969C92: g_signal_emit (gsignal.c:3553)
==18726==    by 0x4E8FA9E: gtk_widget_dispose.lto_priv.0 (gtkwidget.c:12166)
==18726==    by 0x4EA0989: gtk_window_dispose.lto_priv.0 (gtkwindow.c:3167)
==18726==    by 0x4BD7295: gtk_application_window_dispose (gtkapplicationwindow.c:804)
==18726==    by 0x446593: ev_window_dispose (ev-window.c:6268)
==18726==    by 0x495ADA3: g_object_run_dispose (gobject.c:1268)
==18726==    by 0x4412D3: ev_window_cmd_file_close_window (ev-window.c:4144)
==18726==    by 0x494CD9F: g_closure_invoke (gclosure.c:830)
==18726==    by 0x49794B5: signal_emit_unlocked_R.isra.0 (gsignal.c:3743)
==18726==    by 0x4969A0D: g_signal_emit_valist (gsignal.c:3496)
==18726==    by 0x4969C92: g_signal_emit (gsignal.c:3553)
==18726==    by 0x56F39D4: g_simple_action_activate (gsimpleaction.c:225)
==18726==    by 0x4EAC96D: UnknownInlinedFun (gtkapplicationaccels.c:448)
==18726==    by 0x4EAC96D: gtk_window_activate_key (gtkwindow.c:12078)
==18726==    by 0x44674E: ev_window_key_press_event (ev-window.c:6316)
==18726==    by 0x4BB17F7: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:130)
==18726==    by 0x4969B58: UnknownInlinedFun (gclosure.c:893)
==18726==    by 0x4969B58: g_signal_emit_valist (gsignal.c:3406)
==18726==    by 0x4969C92: g_signal_emit (gsignal.c:3553)
==18726==    by 0x4E97663: gtk_widget_event_internal.part.0.lto_priv.0 (gtkwidget.c:7812)
==18726==    by 0x4D22FBE: propagate_event.lto_priv.0 (gtkmain.c:2681)
==18726==    by 0x4D23CE9: UnknownInlinedFun (gtkmain.c:1921)
==18726==    by 0x4D23CE9: gtk_main_do_event (gtkmain.c:1691)
==18726==    by 0x536E522: UnknownInlinedFun (gdkevents.c:73)
==18726==    by 0x536E522: _gdk_event_emit (gdkevents.c:67)
==18726==    by 0x53A0DB5: gdk_event_source_dispatch (gdkeventsource.c:124)
==18726==    by 0x49EEF4E: UnknownInlinedFun (gmain.c:3417)
==18726==    by 0x49EEF4E: g_main_context_dispatch (gmain.c:4135)
==18726==    by 0x4A44167: g_main_context_iterate.constprop.0 (gmain.c:4211)
==18726==    by 0x49EC8DF: g_main_context_iteration (gmain.c:4276)
==18726==    by 0x56EE27C: g_application_run (gapplication.c:2569)
==18726==    by 0x45A975: main (main.c:318)
==18726==  Block was alloc'd at
==18726==    at 0x484586F: malloc (vg_replace_malloc.c:381)
==18726==    by 0x49F4218: g_malloc (gmem.c:125)
==18726==    by 0x4A0CA25: g_slice_alloc (gslice.c:1072)
==18726==    by 0x4A0EA4C: g_slice_alloc0 (gslice.c:1098)
==18726==    by 0x4974FF6: g_type_create_instance (gtype.c:1901)
==18726==    by 0x495CE17: g_object_new_internal (gobject.c:2011)
==18726==    by 0x495E5C4: g_object_new_valist (gobject.c:2355)
==18726==    by 0x495EADC: g_object_new (gobject.c:1824)
==18726==    by 0x44C04E: ev_sidebar_annotations_new (ev-sidebar-annotations.c:224)
==18726==    by 0x449C87: ev_window_init (ev-window.c:7709)
==18726==    by 0x4974FB8: g_type_create_instance (gtype.c:1929)
==18726==    by 0x495CE17: g_object_new_internal (gobject.c:2011)
==18726==    by 0x495E5C4: g_object_new_valist (gobject.c:2355)
==18726==    by 0x495EADC: g_object_new (gobject.c:1824)
==18726==    by 0x44AB03: ev_window_new (ev-window.c:7999)
==18726==    by 0x42A0A0: _ev_application_open_uri_at_dest (ev-application.c:604)
==18726==    by 0x429839: on_register_uri_cb (ev-application.c:372)
==18726==    by 0x56BFCA9: g_task_return_now (gtask.c:1230)
==18726==    by 0x56BFEB2: UnknownInlinedFun (gtask.c:1300)
==18726==    by 0x56BFEB2: g_task_return (gtask.c:1256)
==18726==    by 0x5720701: g_dbus_connection_call_done (gdbusconnection.c:5895)
==18726==    by 0x56BFCA9: g_task_return_now (gtask.c:1230)
==18726==    by 0x56BFCEC: complete_in_idle_cb (gtask.c:1244)
==18726==    by 0x49EB46A: g_idle_dispatch (gmain.c:5935)
==18726==    by 0x49EEF4E: UnknownInlinedFun (gmain.c:3417)
==18726==    by 0x49EEF4E: g_main_context_dispatch (gmain.c:4135)
==18726==    by 0x4A44167: g_main_context_iterate.constprop.0 (gmain.c:4211)
==18726==    by 0x49EC8DF: g_main_context_iteration (gmain.c:4276)
==18726==    by 0x56EE27C: g_application_run (gapplication.c:2569)
==18726==    by 0x45A975: main (main.c:318)

Merge request reports