search

mate-desktop / atril

A document viewer for MATE
http://www.mate-desktop.org
GNU General Public License v2.0
205 stars 62 forks source link

New crashes and warnings #198

Closed raveit65 closed 8 years ago

raveit65 commented 8 years ago

With latest build from master atril crashes if i reload the document. My results:

f23, Mate gtk3, webkitgtk4-2.12.2-2, atril-1.14.0 unpatched, no crash

(atril:2227): Gtk-CRITICAL **: gtk_widget_get_parent: assertion 'GTK_IS_WIDGET (widget)' failed
(atril:2227): GLib-GObject-WARNING **: invalid unclassed pointer in cast to 'EvWebView'
(atril:2227): GLib-GObject-CRITICAL **: g_object_ref_sink: assertion 'G_IS_OBJECT (object)' failed
(atril:2227): GLib-GObject-CRITICAL **: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
(atril:1818): Gtk-CRITICAL **: gtk_widget_get_parent: assertion 'GTK_IS_WIDGET (widget)' failed
(atril:1818): GLib-GObject-WARNING **: invalid unclassed pointer in cast to 'EvWebView'
(atril:1818): GLib-GObject-WARNING **: invalid (NULL) pointer instance
(atril:1818): GLib-GObject-CRITICAL **: g_signal_handlers_disconnect_matched: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed
(atril:1818): GLib-GObject-WARNING **: invalid (NULL) pointer instance
(atril:1818): GLib-GObject-CRITICAL **: g_signal_handlers_disconnect_matched: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed
(atril:1818): GLib-GObject-WARNING **: invalid (NULL) pointer instance
(atril:1818): GLib-GObject-CRITICAL **: g_signal_handlers_disconnect_matched: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed
(atril:1818): GLib-GObject-CRITICAL **: g_object_ref_sink: assertion 'G_IS_OBJECT (object)' failed
(atril:1818): GLib-GObject-CRITICAL **: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
(atril:2983): AtrilView-WARNING **: Error loading data from file:///tmp/atril-2983/NASAsFirstA-ebook.epubFQKLGY/titlepage.xhtml: Load request cancelled
**cut**

After reloading the epub i can't select a page anymore with the thumbnail in sidebar. But previous and next button in toolbar are working.

f23, Mate gtk3, webkitgtk4-2.12.2-2, atril-1.14.0 + latest commit

[rave@f23-test ~]$ atril
(atril:4133): Gtk-CRITICAL **: gtk_widget_get_parent: assertion 'GTK_IS_WIDGET (widget)' failed
Segmentation fault (core dumped)

stacktrace:

(gdb) run
Starting program: /usr/bin/atril 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffdaec9700 (LWP 4873)]
[New Thread 0x7fffda6c8700 (LWP 4874)]
[New Thread 0x7fffd9ec7700 (LWP 4875)]
[New Thread 0x7fffd96c6700 (LWP 4876)]
[New Thread 0x7fffd8e0c700 (LWP 4877)]
[New Thread 0x7fff8bffd700 (LWP 4878)]
[New Thread 0x7fff8b7fc700 (LWP 4879)]
Detaching after fork from child process 4880.
Detaching after fork from child process 4882.
[New Thread 0x7fff8adee700 (LWP 4884)]
[New Thread 0x7fff89d66700 (LWP 4891)]
[New Thread 0x7fff89565700 (LWP 4892)]
[New Thread 0x7fff88d64700 (LWP 4896)]
[Thread 0x7fffd96c6700 (LWP 4876) exited]
[Thread 0x7fff88d64700 (LWP 4896) exited]
[New Thread 0x7fffd96c6700 (LWP 4905)]
[New Thread 0x7fff88d64700 (LWP 4906)]
[Thread 0x7fff89565700 (LWP 4892) exited]
Error sending IPC message: Broken pipe
Error sending IPC message: Broken pipe
Error sending IPC message: Broken pipe
Error sending IPC message: Broken pipe
Error sending IPC message: Broken pipe
Error sending IPC message: Broken pipe
[Thread 0x7fff88d64700 (LWP 4906) exited]
[Thread 0x7fffd9ec7700 (LWP 4875) exited]

(atril:4868): Gtk-CRITICAL **: gtk_widget_get_parent: assertion 'GTK_IS_WIDGET (widget)' failed

Program received signal SIGSEGV, Segmentation fault.
ev_web_view_disconnect_handlers (webview=0x0) at ev-web-view.c:865
865     g_signal_handlers_disconnect_by_func(webview->model,
(gdb) thread apply all bt full
**cut**

Thread 1 (Thread 0x7ffff7f22a80 (LWP 4868)):
#0  0x00007ffff756de54 in ev_web_view_disconnect_handlers (webview=0x0) at ev-web-view.c:865
#1  0x00005555555891da in ev_window_document_changed_cb (document=<optimized out>, ev_window=0x5555558cec50 [EvWindow]) at ev-window.c:1599
        parent = <optimized out>
#2  0x00005555555891da in ev_window_document_changed_cb (model=<optimized out>, pspec=<optimized out>, ev_window=0x5555558cec50 [EvWindow]) at ev-window.c:4857
#6  0x00007ffff0d348ff in <emit signal notify:document on instance 0x5555558b2540 [EvDocumentModel]> (instance=instance@entry=0x5555558b2540, signal_id=<optimized out>, detail=<optimized out>)
    at gsignal.c:3439
        var_args = 
            {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffffdad0, reg_save_area = 0x7fffffffda10}}
    #3  0x00007ffff0d197a5 in g_closure_invoke (closure=0x555555c64240, return_value=return_value@entry=0x0, n_param_values=2, param_values=param_values@entry=0x7fffffffd820, invocation_hint=invocation_hint@entry=0x7fffffffd7a0) at gclosure.c:801
                marshal = <optimized out>
                marshal_data = <optimized out>
                in_marshal = 0
                real_closure = 0x555555c64220
                __func__ = "g_closure_invoke"
    #4  0x00007ffff0d2b851 in signal_emit_unlocked_R (node=node@entry=0x5555557e2a90, detail=detail@entry=1270, instance=instance@entry=0x5555558b2540, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fffffffd820) at gsignal.c:3627
                tmp = <optimized out>
                handler = 0x555555c66540
                accumulator = 0x0
                emission = 
                  {next = 0x7fffffffdc70, instance = 0x5555558b2540, ihint = {signal_id = 1, detail = 1270, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
                class_closure = 0x5555557e2a00
                handler_list = 0x555555c83340
                return_accu = 0x0
                accu = 
                      {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                signal_id = 1
                max_sequential_handler_number = 5184
                return_value_altered = 1
**cut**

full stacktrace: https://dl.dropboxusercontent.com/u/49862637/Mate-desktop/Bugs/atril-stacktrace-pdf

[rave@f23-test ~]$ atril
(atril:5165): AtrilView-WARNING **: Error loading data from file:///tmp/atril-5165/NASAsFirstA-ebook.epubJF4XGY/titlepage.xhtml: Load request cancelled
**cut**
(atril:5165): Gtk-CRITICAL **: gtk_widget_grab_focus: assertion 'GTK_IS_WIDGET (widget)' failed
**cut**
(atril:5165): Gtk-CRITICAL **: gtk_widget_get_parent: assertion 'GTK_IS_WIDGET (widget)' failed
(atril:5165): Gtk-CRITICAL **: gtk_container_remove: assertion 'GTK_IS_WIDGET (widget)' failed
Segmentation fault (core dumped)
(gdb) run
Starting program: /usr/bin/atril 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffdaec9700 (LWP 5315)]
**cut**
[Thread 0x7fff88d64700 (LWP 5377) exited]
(atril:5311): Gtk-CRITICAL **: gtk_widget_grab_focus: assertion 'GTK_IS_WIDGET (widget)' failed
[New Thread 0x7fff88d64700 (LWP 5391)]
(atril:5311): AtrilView-WARNING **: Error loading data from file:///tmp/atril-5311/NASAsFirstA-ebook.epubBJT1GY/titlepage.xhtml: Load request cancelled
**cut**
[Thread 0x7fff88d64700 (LWP 5391) exited]
[New Thread 0x7fff88d64700 (LWP 5392)]
[Thread 0x7fff5b7fe700 (LWP 5372) exited]
[Thread 0x7fff88d64700 (LWP 5392) exited]
(atril:5311): Gtk-CRITICAL **: gtk_widget_get_parent: assertion 'GTK_IS_WIDGET (widget)' failed
(atril:5311): Gtk-CRITICAL **: gtk_container_remove: assertion 'GTK_IS_WIDGET (widget)' failed
Program received signal SIGSEGV, Segmentation fault.
ev_view_disconnect_handlers (view=0x0) at ev-view.c:6644
6644        g_signal_handlers_disconnect_by_func(view->model,
(gdb) thread apply all bt full
**cut**
Thread 1 (Thread 0x7ffff7f22a80 (LWP 5311)):
#0  0x00007ffff756cd64 in ev_view_disconnect_handlers (view=0x0)
    at ev-view.c:6644
#1  0x0000555555589364 in ev_window_document_changed_cb (document=<optimized out>, ev_window=0x5555558fc9e0 [EvWindow]) at ev-window.c:1590
        parent = <optimized out>
#2  0x0000555555589364 in ev_window_document_changed_cb (model=<optimized out>, pspec=<optimized out>, ev_window=0x5555558fc9e0 [EvWindow]) at ev-window.c:4857
#6  0x00007ffff0d348ff in <emit signal notify:document on instance 0x5555558b2d40 [EvDocumentModel]> (instance=instance@entry=0x5555558b2d40, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3439
        var_args = 
            {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffffdad0, reg_save_area = 0x7fffffffda10}}
    #3  0x00007ffff0d197a5 in g_closure_invoke (closure=0x555555cba4c0, return_value=return_value@entry=0x0, n_param_values=2, param_values=param_values@entry=0x7fffffffd820, invocation_hint=invocation_hint@entry=0x7fffffffd7a0)
    at gclosure.c:801
                marshal = <optimized out>
                marshal_data = <optimized out>
                in_marshal = 0
                real_closure = 0x555555cba4a0
                __func__ = "g_closure_invoke"
    #4  0x00007ffff0d2b851 in signal_emit_unlocked_R (node=node@entry=0x5555557e2a90, detail=detail@entry=1270, instance=instance@entry=0x5555558b2d40, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fffffffd820) at gsignal.c:3627
                tmp = <optimized out>
                handler = 0x555555c66540
                accumulator = 0x0
                emission = 
                  {next = 0x7fffffffdc70, instance = 0x5555558b2d40, ihint = {signal_id = 1, detail = 1270, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
                class_closure = 0x5555557e2a00
                handler_list = 0x555555c3c700
                return_accu = 0x0
                accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                signal_id = 1
                max_sequential_handler_number = 6654
                return_value_altered = 1

full stacktrace: https://dl.dropboxusercontent.com/u/49862637/Mate-desktop/Bugs/atril-stacktrace-epub

So the question is why webkit is involved with using pdf ? I looks like that both crashes happens in webkit code.

raveit65 commented 8 years ago

downstream report about. https://bugzilla.redhat.com/show_bug.cgi?id=1333811 Sam Tygier 2016-05-06 09:15:00 EDT

Description of problem: I was running a script that regenerated some PDF files, which were open atril. I'd guess atril tried to reload them at the same time that they were being writen.

hlx98007@gmail.com 2016-05-07 16:11:15 EDT

Similar problem has been detected:

Open the PDF (generated by xelatex), while still opening it, change the content of the tex and recompile the tex file to override the PDF, atril crashes.

Sam Tygier 2016-05-09 10:28:00 EDT

Reload from the menu also crashes 1.12.2-2.fc23.

If I revert to atril-1.12.2-1.fc23.x86_64 (from http://koji.fedoraproject.org/koji/buildinfo?buildID=707544 ), then I don't get the crash from either updating the PDF or reload from the menu.

raveit65 commented 8 years ago

next downstream report https://bugzilla.redhat.com/show_bug.cgi?id=1334513

raveit65 commented 8 years ago

I reverted the commit from fedora/rhel7 builds.

monsta commented 8 years ago

Dammit... :confused:

monsta commented 8 years ago

It looks like there's still something wrong in the code as I get a lot of warnings when reloading a pdf document (after reverting e9ff838f4de64653799c8a8b79610ad073e8a52c):

(atril:3292): Gtk-CRITICAL **: IA__gtk_widget_get_parent: assertion 'GTK_IS_WIDGET (widget)' failed

(atril:3292): GLib-GObject-WARNING **: invalid unclassed pointer in cast to 'EvWebView'

(atril:3292): GLib-GObject-WARNING **: invalid (NULL) pointer instance

(atril:3292): GLib-GObject-CRITICAL **: g_signal_handlers_disconnect_matched: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed

(atril:3292): GLib-GObject-WARNING **: invalid (NULL) pointer instance

(atril:3292): GLib-GObject-CRITICAL **: g_signal_handlers_disconnect_matched: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed

(atril:3292): GLib-GObject-WARNING **: invalid (NULL) pointer instance

(atril:3292): GLib-GObject-CRITICAL **: g_signal_handlers_disconnect_matched: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed

(atril:3292): GLib-GObject-CRITICAL **: g_object_ref_sink: assertion 'G_IS_OBJECT (object)' failed

(atril:3292): GLib-GObject-CRITICAL **: g_object_unref: assertion 'G_IS_OBJECT (object)' failed

@rootAvish: can you please take a look at this?

monsta commented 8 years ago

@rootAvish: I don't get it... why check for both conditions here? what's the point? :confused: 

    GtkWidget *parent= gtk_widget_get_parent(ev_window->priv->webview);
    if (document->iswebdocument == TRUE && 
              parent == NULL )
    {
        /*We have encountered a web document, replace the atril view with a web view, if the web view is not already loaded.*/
        gtk_container_remove (GTK_CONTAINER(ev_window->priv->scrolled_window),
                              ev_window->priv->view);
        ev_view_disconnect_handlers(EV_VIEW(ev_window->priv->view));
        g_object_unref(ev_window->priv->view);
        ev_window->priv->view = NULL;
        gtk_container_add (GTK_CONTAINER (ev_window->priv->scrolled_window),
                   ev_window->priv->webview);
        gtk_widget_show(ev_window->priv->webview);      
    }
    else {
        /*Since the document is not a webdocument might as well get rid of the webview now*/
        ev_web_view_disconnect_handlers(EV_WEB_VIEW(ev_window->priv->webview));
        g_object_ref_sink(ev_window->priv->webview);
        g_object_unref(ev_window->priv->webview);
    }
rootAvish commented 8 years ago

I don't remember all too well at this point, but from what I can gather the second check is to check whether a webview is already docked inside the Atril window, the first one to check whether it's an ePub.

monsta commented 8 years ago

Well, this doesn't seem right to me. If the first condition is true (it's a webdoc) but the webview has a parent, we move to else branch and try to delete the webview...

Also there's no check if we already deleted the webview, hence the bunch of warnings after you reload a PDF doc, and some occasional crashes (and a certain crash if you add e9ff838f4de64653799c8a8b79610ad073e8a52c).

I'm trying to understand the intended logic here in order to fix the mentioned issues...

raveit65 commented 8 years ago

@rootAvish To be clear without https://github.com/mate-desktop/atril/commit/e9ff838f4de64653799c8a8b79610ad073e8a52c atril can crash in this function. I have 3 bugreports about. https://bugzilla.redhat.com/show_bug.cgi?id=1303999 https://bugzilla.redhat.com/show_bug.cgi?id=1324444 https://bugzilla.redhat.com/show_bug.cgi?id=1330202

monsta commented 8 years ago

As I understand, the random crash is due to gtk_widget_get_parent trying to access the already-freed memory (the pointer isn't properly set to NULL after unref).

monsta commented 8 years ago

@raveit65: guess we can close this now since #201 is merged?