Page MenuHomePhabricator

crash, double free, with "Controls" animation(?) and paste. probably a race condition with callbacks
Closed, ResolvedPublic


I cannot reproduce this reliably, especially not in valgrind, so i'm guessing its a race condition. efl 1.22, terminology 1.4.1 from opensuse.

sometimes when i paste something into terminology via right click, controls, terminology crashes with a double free. i'm not 100% certain, but it seems it has to do with the animation of controls, because if this happens in gdb the controls window stays half way through. i've also been able to crash it by repeatedly opening and closing controls as fast as i could.

oh, and i'm sorry, i've installed all debug packages from opensuse, but neither valgrind nor gdb seem to be able to find them. i currently don't know why. if you can't figure out from this whats going on i'll look into that further.

double free or corruption (fasttop)

Thread 1 "terminology" received signal SIGABRT, Aborted.
0x00007ffff7e09dd1 in raise () from /lib64/
(gdb) bt
#0  0x00007ffff7e09dd1 in raise () from /lib64/
#1  0x00007ffff7df3549 in abort () from /lib64/
#2  0x00007ffff7e4c61f in __libc_message () from /lib64/
#3  0x00007ffff7e52d9c in malloc_printerr () from /lib64/
#4  0x00007ffff7e54624 in _int_free () from /lib64/
#5  0x00007ffff768f308 in ?? () from /usr/lib64/
#6  0x00007ffff707c60e in ?? () from /usr/lib64/
#7  0x00007ffff7080cd0 in efl_event_callback_legacy_call () from /usr/lib64/

some messages from DBG, they appear right before the crash

ERR<379>:eo lib/eo/eo.c:1802 efl_isa() Eo ID 0x4000002cd435 is not a valid object. Current thread: main. This ID has probably been deleted or this was never a valid object ID. (domain=0, current_domain=0, local_domain=0, available_domains=[0 1    ], generation=35, id=b35, ref=1)

ERR<379>:evas_main lib/evas/canvas/evas_object_main.c:961 evas_object_del() Called evas_object_del on a non-evas object: (null)@0x4000002cd435

ERR<379>:eina_safety ../src/bin/termio.c:1094 termio_paste_selection() safety check failed: sd == NULL
## Copy & Paste the below (until EOF) into a terminal, then hit Enter{F3739566}

Related Objects

ProhtMeyhet updated the task description. (Show Details)Jul 31 2019, 1:35 AM
ProhtMeyhet updated the task description. (Show Details)

Could you please test with Terminology 1.5.0 or ask to have it on opensuse?

Could you please test with Terminology 1.5.0 or ask to have it on opensuse?

hadn't seen there was a new release. build against 1.22.2 and it's still there.

there was a warning while building

[9/74] Generating nyanology.edj with a custom command.
edje_cc: Warning. This EDC file was designed for EFL 1.18. Until 1.19, EFL used an invalid calculation mechanism for textblock parts, where the value of text min/max was not properly taken into account. You might want to consider adding "efl_version: 1 22;" in your EDC file (before the "collections" block), and then check the sizing for all textblock parts that specify text min/max values (the bool defined as description.text.{min,max}).
@:~ > /usr/local/bin/terminology --version
Version: 1.5.0
@:~ > gdb /usr/local/bin/terminology
GNU gdb (GDB; openSUSE Tumbleweed) 8.3
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-suse-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
Find the GDB manual and other documentation resources online at:

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/bin/terminology...

thyrc added a subscriber: thyrc.Aug 2 2019, 3:52 AM
billiob claimed this task.Sep 2 2019, 2:58 PM
billiob triaged this task as High priority.

I think this is fixed in EFL 1.23

billiob closed this task as Resolved.Oct 28 2019, 4:12 PM