4411 – crash while switching windows and desktops

Bug 4411 - crash while switching windows and desktops

Status:	RESOLVED FIXED

Alias:	None

Product:	Openbox
Classification:	Unclassified
Component:	general
Version:	3.4.8
Hardware:	PC Linux

Importance:	P3 normal
Assignee:	Dana Jansens
QA Contact:

URL:

Depends on:
Blocks:

Reported:	2009-12-17 10:48 EST by Miroslav Lichvar
Modified:	2010-01-12 13:57:34 EST
CC List:	1 user (show)

See Also:

Attachments
possible fix (1.14 KB, patch) 2010-01-11 11:02 EST, Dana Jansens

Description Miroslav Lichvar 2009-12-17 10:48:07 EST

Openbox crashes when desktop is switched while cycling through windows with NextWindow or PreviousWindow actions. If DesktopRight is binded to W-Right and NextWindow to W-Next, holding W and pressing Next, Prior, Next will make it crash.

It seems to be caused by commit 11ecb7d2199d06b2929ba7e5d3c92c021038a0cc.

Originally reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=547107

(gdb) bt
#0  0x00007f9ccd87b6b5 in raise () from /lib64/libc.so.6
#1  0x00007f9ccd87ce95 in abort () from /lib64/libc.so.6
#2  0x0000000000438b17 in sighandler (sig=11) at openbox/mainloop.c:371
#3  <signal handler called>
#4  0x00007f9ccd8c7cd2 in __strlen_sse2 () from /lib64/libc.so.6
#5  0x00007f9ccef020e2 in g_strdup () from /lib64/libglib-2.0.so.0
#6  0x00007f9ccbf2313c in pango_layout_set_text ()
   from /usr/lib64/libpango-1.0.so.0
#7  0x00007f9ccddca1be in RrFontDraw (d=0x1c18540, t=0x1bf7a48, area=
    0x7fff01eabde0) at render/font.c:264
#8  0x00007f9ccddd23a7 in RrPaintPixmap (a=0x1bf7990, w=320, h=18)
    at render/render.c:108
#9  0x00007f9ccddd28b7 in RrPaint (a=0x1bf7990, win=6291540, w=320, h=18)
    at render/render.c:188
#10 0x000000000042e519 in popup_render (p=0x664f00, c=0x1c5a500)
    at openbox/focus_cycle_popup.c:438
#11 0x000000000042e59b in focus_cycle_popup_show (c=0x1c5a500, iconic_windows=
    1, all_desktops=0, dock_windows=0, desktop_windows=0)
    at openbox/focus_cycle_popup.c:457
#12 0x000000000042c0ce in focus_cycle (forward=1, all_desktops=0, dock_windows=
    0, desktop_windows=0, linear=0, interactive=1, showbar=1, dialog=1, done=
    0, cancel=0) at openbox/focus_cycle.c:134
#13 0x000000000040efd0 in run_func (data=0x7fff01eac0f0, options=0x1c5f370)
    at openbox/actions/cyclewindows.c:126
#14 0x0000000000414cff in actions_run_acts (acts=0x1c5eec0 = {...}, uact=
    OB_USER_ACTION_KEYBOARD_KEY, state=64, x=286, y=812, button=0, con=
    OB_FRAME_CONTEXT_NONE, client=0x1c29600) at openbox/actions.c:264
#15 0x0000000000437937 in keyboard_event (client=0x1c29600, e=0x7fff01eac390)
    at openbox/keyboard.c:258
#16 0x000000000042a836 in event_handle_user_input (client=0x0, e=
    0x7fff01eac390) at openbox/event.c:1895
#17 0x00000000004277c7 in event_process (ec=0x7fff01eac5f0, data=0x0)
    at openbox/event.c:736
#18 0x0000000000438764 in ob_main_loop_run (loop=0x1bce570)
    at openbox/mainloop.c:286
#19 0x0000000000442235 in main (argc=1, argv=0x7fff01eac8b8)
    at openbox/openbox.c:385
(gdb) up
#7  0x00007f9ccddca1be in RrFontDraw (d=0x1c18540, t=0x1bf7a48, area=
    0x7fff01eabde0) at render/font.c:264
264	    pango_layout_set_text(t->font->layout, t->string, -1);
(gdb) print *t
$1 = {font = 0x1c57140, justify = RR_JUSTIFY_LEFT, color = 0x1c04650, string = 
    0x908b480023e97f05 <Address 0x908b480023e97f05 out of bounds>, 
  shadow_offset_x = 0, shadow_offset_y = 0, shadow_color = 0x1c046d0, 
  shortcut = 0, shortcut_pos = 0, ellipsize = RR_ELLIPSIZE_MIDDLE, flow = 0, 
  maxwidth = 0, shadow_alpha = 50 '2'}

Comment 1 Mikachu 2009-12-17 10:51:33 EST

dana, possible commits of interest in my tree,
92631bb7a11742ac60719219cc9c87395d09e297
139fa1cb5caa1098deaf331398218d78eefe011f
e80f610f1fbfa8c40ad0fe1652b8e014f53107b8
maybe not this one c6be0873be364e30237cd69d3da8cb79a0cfbf4a
and this is probably what you did 85845507ac5e7e7ad149117c50c21dc7259b9bcb

Comment 2 Dana Jansens 2009-12-17 15:46:47 EST

This is fixed in commit 6b92b83c8e93a5257bfd4404965a700c46a4a8f3.  Thanks for the report!

Comment 3 Dana Jansens 2010-01-11 10:39:27 EST

(gdb) bt
#0  0x00007f8277e9f6b5 in raise () from /lib64/libc.so.6
#1  0x00007f8277ea0e95 in abort () from /lib64/libc.so.6
#2  0x000000000042e1e7 in sighandler (sig=-1) at openbox/mainloop.c:371
#3  <signal handler called>
#4  0x0000000000426e6c in popup_render (c=<value optimized out>,
   p=<value optimized out>) at openbox/focus_cycle_popup.c:436
#5  focus_cycle_popup_show (c=<value optimized out>, p=<value optimized out>)
   at openbox/focus_cycle_popup.c:458
#6  0x00000000004258da in focus_cycle (forward=1,
   all_desktops=<value optimized out>, dock_windows=<value optimized out>,
   desktop_windows=<value optimized out>, linear=<value optimized out>,
   interactive=1, showbar=<value optimized out>,
   dialog=<value optimized out>, done=<value optimized out>,
   cancel=<value optimized out>) at openbox/focus_cycle.c:133
#7  0x000000000040efa0 in run_func (data=<value optimized out>, options=
   0x2630810) at openbox/actions/cyclewindows.c:126
#8  0x0000000000413647 in actions_run_acts (acts=<value optimized out>, uact=
   OB_USER_ACTION_KEYBOARD_KEY, state=64, x=976, y=620, button=0,
   con=<value optimized out>, client=<value optimized out>)
   at openbox/actions.c:264
#9  0x000000000042d46a in keyboard_event (client=0x26ac360, e=0x7fff14327b80)
   at openbox/keyboard.c:258
#10 0x000000000042258b in event_process (ec=0x263df10,
   data=<value optimized out>) at openbox/event.c:736
#11 0x000000000042e3a3 in ob_main_loop_run (loop=<value optimized out>)
   at openbox/mainloop.c:286
#12 0x0000000000435653 in main (argc=1, argv=<value optimized out>)
   at openbox/openbox.c:385
(gdb) list
431                 RrPaint(p->a_icon, target->win, innerw, innerh);
432             }
433         }
434
435         /* draw the text */
436         p->a_text->texture[0].data.text.string = newtarget->text;
437         p->a_text->surface.parentx = textx;
438         p->a_text->surface.parenty = texty;
439         RrPaint(p->a_text, p->text, textw, texth);
440
(gdb) print newtarget
$1 = (const ObFocusCyclePopupTarget *) 0x0
(gdb) print *p
$2 = {obwin = {type = Window_Internal}, bg = 6291539, text = 6291540,
 targets = 0x26a4c00 = {0x26913b0}, n_targets = 1, last_target = 0x26913b0,
 maxtextw = 20, a_bg = 0x26459e0, a_text = 0x263df10, a_icon = 0x263e260,
 hilite_rgba = 0x273f8e0, mapped = 1}

Comment 4 Dana Jansens 2010-01-11 11:02:33 EST

Created attachment 2261 [details]
possible fix

Miroslav, could you try reproduce the crash again with this patch?

I'm not sure what steps to use to reproduce the crash you caused, but I was able to reproduce a crash (maybe the same one) by adding a new window to the focus order while cycling.  This patch should fix that case, so maybe it fixes yours too.

Comment 5 Miroslav Lichvar 2010-01-12 08:47:40 EST

I think it is the same one. It happened to me when the machine was doing heavy I/O, I probably didn't want to wait for a newly started application to appear and switched to another window.

Can you please push the patch to the 3.4 branch? Thanks.

Comment 6 Dana Jansens 2010-01-12 13:57:34 EST

Great, thanks.  Will do.

Top of page