crash in gtk_synthesize_crossing_events() when showing and hidding popovers in motion event
I can consistently reproduce this crash when running Evince gtk4-port branch:
- Download and open this pdf: Red_Hat_Enterprise_Linux-7-Virtualization_Deployment_and_Administration_Guide-en-US-2.pdf
- Mouse scrollwheel back and forth and move mouse pointer over the links on page 5 and 6.
- This causes many GtkPopovers to be shown and hid, which eventually (under 10 seconds) leads to a crash.
The crash happens in _gtk_widget_get_parent (w)
of this line because w
is NULL
.
Crash stacktrace:
text version stacktrace:
Thread 1 "evince" received signal SIGSEGV, Segmentation fault. gtk_synthesize_crossing_events (toplevel=<optimized out>, crossing_type=crossing_type@entry=GTK_CROSSING_POINTER, old_target=old_target@entry=0x8f7cd0, new_target=new_target@entry=0x7ba1e0, surface_x=surface_x@entry=828.37109375, surface_y=surface_y@entry=710.46875, mode=mode@entry=GDK_CROSSING_NORMAL, drop=drop@entry=0x0) at ../../../../jhbuild/checkout/gtk/gtk/gtkmain.c:1208 1208 for (w = old_target; w != ancestor; w = _gtk_widget_get_parent (w)) Missing separate debuginfos, use: dnf debuginfo-install avahi-libs-0.8-15.fc36.x86_64 bzip2-libs-1.0.8-11.fc36.x86_64 cups-libs-2.4.2-4.fc36.x86_64 cyrus-sasl-lib-2.1.27-18.fc36.x86_64 dbus-libs-1.14.0-1.fc36.x86_64 elfutils-libelf-0.187-4.fc36.x86_64 elfutils-libs-0.187-4.fc36.x86_64 expat-2.4.7-1.fc36.x86_64 fontconfig-2.14.0-1.fc36.x86_64 freetype-2.12.1-1.fc36.x86_64 fribidi-1.0.11-3.fc36.x86_64 gdk-pixbuf2-2.42.8-1.fc36.x86_64 glibc-2.35-11.fc36.x86_64 gmp-6.2.1-2.fc36.x86_64 gnutls-3.7.7-1.fc36.x86_64 graphene-1.10.6-4.fc36.x86_64 graphite2-1.3.14-9.fc36.x86_64 gstreamer1-1.20.0-1.fc36.x86_64 gstreamer1-plugins-bad-free-1.20.3-1.fc36.x86_64 gstreamer1-plugins-base-1.20.3-1.fc36.x86_64 harfbuzz-4.0.0-1.fc36.x86_64 jbigkit-libs-2.1-23.fc36.x86_64 keyutils-libs-1.6.1-4.fc36.x86_64 krb5-libs-1.19.2-11.fc36.x86_64 lcms2-2.13.1-1.fc36.x86_64 libX11-1.7.3.1-2.fc36.x86_64 libXcursor-1.2.0-7.fc36.x86_64 libXdamage-1.1.5-7.fc36.x86_64 libXext-1.3.4-8.fc36.x86_64 libXfixes-6.0.0-3.fc36.x86_64 libXi-1.8-2.fc36.x86_64 libXinerama-1.1.4-10.fc36.x86_64 libXrandr-1.5.2-8.fc36.x86_64 libXrender-0.9.10-16.fc36.x86_64 libcap-2.48-4.fc36.x86_64 libcom_err-1.46.5-2.fc36.x86_64 libdatrie-0.2.13-3.fc36.x86_64 libdrm-2.4.110-1.fc36.x86_64 libepoxy-1.5.10-1.fc36.x86_64 libevent-2.1.12-6.fc36.x86_64 libffi-3.4.2-8.fc36.x86_64 libgcc-12.1.1-1.fc36.x86_64 libgcrypt-1.10.1-3.fc36.x86_64 libglvnd-egl-1.4.0-2.fc36.x86_64 libglvnd-glx-1.4.0-2.fc36.x86_64 libgpg-error-1.45-1.fc36.x86_64 libidn2-2.3.2-4.fc36.x86_64 libjpeg-turbo-2.1.2-2.fc36.x86_64 libpng-1.6.37-12.fc36.x86_64 libpsl-0.21.1-5.fc36.x86_64 librsvg2-2.54.4-1.fc36.x86_64 libseccomp-2.5.3-2.fc36.x86_64 libsecret-0.20.5-1.fc36.x86_64 libselinux-3.3-4.fc36.x86_64 libssh-0.9.6-4.fc36.x86_64 libstdc++-12.1.1-1.fc36.x86_64 libthai-0.1.29-2.fc36.x86_64 libtiff-4.3.0-6.fc36.x86_64 libunistring-1.0-1.fc36.x86_64 libwebp-1.2.2-4.fc36.x86_64 libxcb-1.13.1-9.fc36.x86_64 libxcrypt-4.4.28-1.fc36.x86_64 libxkbcommon-1.4.0-1.fc36.x86_64 libxml2-2.9.14-1.fc36.x86_64 libzstd-1.5.2-2.fc36.x86_64 lz4-libs-1.9.3-4.fc36.x86_64 mesa-libglapi-22.0.3-1.fc36.x86_64 nettle-3.7.3-3.fc36.x86_64 nss-3.79.0-1.fc36.x86_64 openldap-2.6.2-1.fc36.x86_64 orc-0.4.31-7.fc36.x86_64 p11-kit-0.24.1-2.fc36.x86_64 pango-1.50.7-1.fc36.x86_64 pcre2-10.40-1.fc36.x86_64 systemd-libs-250.6-1.fc36.x86_64 xz-libs-5.2.5-9.fc36.x86_64 zlib-1.2.11-31.fc36.x86_64 (gdb) bt #0 gtk_synthesize_crossing_events (toplevel=<optimized out>, crossing_type=crossing_type@entry=GTK_CROSSING_POINTER, old_target=old_target@entry=0x8f7cd0, new_target=new_target@entry=0x7ba1e0, surface_x=surface_x@entry=828.37109375, surface_y=surface_y@entry=710.46875, mode=mode@entry=GDK_CROSSING_NORMAL, drop=drop@entry=0x0) at ../../../../jhbuild/checkout/gtk/gtk/gtkmain.c:1208 #1 0x00007ffff7593739 in handle_pointing_event (event=0xca4b00) at ../../../../jhbuild/checkout/gtk/gtk/gtkmain.c:1424 #2 gtk_main_do_event (event=0xca4b00) at ../../../../jhbuild/checkout/gtk/gtk/gtkmain.c:1594 #3 0x00007ffff76c29cc in surface_event (surface=<optimized out>, event=<optimized out>, widget=<optimized out>) at ../../../../jhbuild/checkout/gtk/gtk/gtkwindow.c:4706 #4 0x00007ffff77b1ce0 in _gdk_marshal_BOOLEAN__POINTERv (closure=closure@entry=0x1e91210, return_value=return_value@entry=0x7fffffffced0, instance=instance@entry=0x793940, args=args@entry=0x7fffffffcfc8, marshal_data=marshal_data@entry=0x0, n_params=n_params@entry=1, param_types=0x92afd0) at gdk/gdkmarshalers.c:302 #5 0x00007ffff77dad73 in gdk_surface_event_marshallerv (closure=0x1e91210, return_value=0x7fffffffced0, instance=0x793940, args=0x7fffffffcfc8, marshal_data=0x0, n_params=1, param_types=0x92afd0) at ../../../../jhbuild/checkout/gtk/gdk/gdksurface.c:463 #6 0x00007ffff7e8d379 in _g_closure_invoke_va (closure=closure@entry=0x1e91210, return_value=return_value@entry=0x7fffffffced0, instance=instance@entry=0x793940, args=args@entry=0x7fffffffcfc8, n_params=1, param_types=0x92afd0) at ../../../../jhbuild/checkout/glib/gobject/gclosure.c:895 #7 0x00007ffff7ea4e6a in g_signal_emit_valist (instance=0x793940, signal_id=303, detail=<optimized out>, var_args=var_args@entry=0x7fffffffcfc8) at ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3456 #8 0x00007ffff7ea5c22 in g_signal_emit (instance=instance@entry=0x793940, signal_id=<optimized out>, detail=detail@entry=0) at ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3606 #9 0x00007ffff77de3f0 in gdk_surface_handle_event (event=0xca4b00) at ../../../../jhbuild/checkout/gtk/gdk/gdksurface.c:2947 #10 0x00007ffff77c62ad in _gdk_event_queue_flush (display=0x4de0f0) at ../../../../jhbuild/checkout/gtk/gdk/gdkevents.c:858 #11 0x00007ffff77de4bc in gdk_surface_flush_events (clock=0xd161c0, data=<optimized out>) at ../../../../jhbuild/checkout/gtk/gdk/gdksurface.c:2483 #12 0x00007ffff7e8d180 in g_closure_invoke (closure=0x5c0be0, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7fffffffd2e0, invocation_hint=invocation_hint@entry=0x7fffffffd280) at ../../../../jhbuild/checkout/glib/gobject/gclosure.c:832 #13 0x00007ffff7e9f226 in signal_emit_unlocked_R (node=node@entry=0x8f6eb0, detail=detail@entry=0, instance=instance@entry=0xd161c0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fffffffd2e0) at ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3796 #14 0x00007ffff7ea5a56 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fffffffd458) at ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3549 #15 0x00007ffff7ea5c22 in g_signal_emit (instance=instance@entry=0xd161c0, signal_id=<optimized out>, detail=detail@entry=0) at ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3606 #16 0x00007ffff77cb2df in _gdk_frame_clock_emit_flush_events (frame_clock=frame_clock@entry=0xd161c0) at ../../../../jhbuild/checkout/gtk/gdk/gdkframeclock.c:668 #17 0x00007ffff77cbf1b in gdk_frame_clock_flush_idle (data=0xd161c0) at ../../../../jhbuild/checkout/gtk/gdk/gdkframeclockidle.c:368 #18 0x00007ffff7d986da in g_timeout_dispatch (source=0xdfe340, callback=<optimized out>, user_data=<optimized out>) at ../../../../jhbuild/checkout/glib/glib/gmain.c:5007 #19 0x00007ffff7d97bef in g_main_dispatch (context=0x49c000) at ../../../../jhbuild/checkout/glib/glib/gmain.c:3444 #20 g_main_context_dispatch (context=0x49c000) at ../../../../jhbuild/checkout/glib/glib/gmain.c:4162 #21 0x00007ffff7d97f88 in g_main_context_iterate (context=context@entry=0x49c000, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../../jhbuild/checkout/glib/glib/gmain.c:4238 #22 0x00007ffff7d9800c in g_main_context_iteration (context=context@entry=0x49c000, may_block=may_block@entry=1) at ../../../../jhbuild/checkout/glib/glib/gmain.c:4303 #23 0x00007ffff712a30d in g_application_run (application=0x7fffdc009640, argc=argc@entry=0, argv=argv@entry=0x0) at ../../../../jhbuild/checkout/glib/gio/gapplication.c:2571 #24 0x000000000041c802 in main (argc=<optimized out>, argv=<optimized out>) at ../../../../jhbuild/checkout/evince/shell/main.c:317 (gdb) quit
Edited by Nelson Ben