https://bugzilla.novell.com/show_bug.cgi?id=786650 https://bugzilla.novell.com/show_bug.cgi?id=786650#c1 --- Comment #1 from Yasuhiko Kamata <belphegor@belbel.or.jp> 2013-03-28 10:55:09 UTC --- Created an attachment (id=532424) --> (http://bugzilla.novell.com/attachment.cgi?id=532424) Valgrind logs and patches In my analysis, I think that it is wrong that YGPackageSelector::Impl::resolveProblems::inner::cursor_changed_cb is called while destroying treeview. Please see the following valgrind log ("G_SLICE=always-malloc" was added to simplify debugging): (from valgrind.12.3.log; valgrind.12.2.log has same type of issue) ==4187== Thread 2: ==4187== Invalid read of size 4 ==4187== at 0x7FE8F7E: g_type_check_instance_cast (gtype.c:3992) ==4187== by 0xF3C2FB4: YGPackageSelector::Impl::resolveProblems(std::list<Ypp::Problem*, std::allocator<Ypp::Problem*> > const&)::inner::cursor_changed_cb(_GtkTreeView*, _GtkTreeModel*) (YGPackageSelector.cc:296) ==4187== by 0x7FC6E9E: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==4187== by 0x7FC5125: g_closure_invoke (gclosure.c:777) ==4187== by 0x7FD6F24: signal_emit_unlocked_R (gsignal.c:3551) ==4187== by 0x7FDF12D: g_signal_emit_valist (gsignal.c:3300) ==4187== by 0x7FDF2A2: g_signal_emit (gsignal.c:3356) ==4187== by 0x931EB68: gtk_tree_view_real_set_cursor (gtktreeview.c:13239) ==4187== by 0x93217C7: gtk_tree_view_set_model (gtktreeview.c:11487) ==4187== by 0x9321AF2: gtk_tree_view_destroy (gtktreeview.c:2099) ==4187== by 0x7FC6E9E: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==4187== by 0x7FC3F9C: g_type_class_meta_marshal (gclosure.c:970) ==4187== Address 0x7a8d718 is 0 bytes inside a block of size 64 free'd ==4187== at 0x402A6F3: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==4187== by 0x98079FA: standard_free (gmem.c:98) ==4187== by 0x9807B6F: g_free (gmem.c:252) ==4187== by 0x981E41A: g_slice_free1 (gslice.c:1111) ==4187== by 0x7FE7A3D: g_type_free_instance (gtype.c:1935) ==4187== by 0x7FC9DAF: g_object_unref (gobject.c:3037) ==4187== by 0x93215F9: gtk_tree_view_set_model (gtktreeview.c:11413) ==4187== by 0x9321AF2: gtk_tree_view_destroy (gtktreeview.c:2099) ==4187== by 0x7FC6E9E: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==4187== by 0x7FC3F9C: g_type_class_meta_marshal (gclosure.c:970) ==4187== by 0x7FC5071: g_closure_invoke (gclosure.c:777) ==4187== by 0x7FD7354: signal_emit_unlocked_R (gsignal.c:3667) It seems to access the data of treeview, but this treeview was destroying at this time (= already freed). So I think that the following fix is needed: * do not call cursor_changed_cb() while destroying treeview. The attached patches (libyui-gtk-pkg.disconnect_handlers.patch is for openSUSE 12.3, yast2-gtk.disconnect_handlers.patch is for openSUSE 12.2) fixes this problem by disconnecting signals before destroying. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.