#381 t/0601_Dialog_Scan.t crashes with glib2 2.67.3 in gtk_widget_dispose()

[Petr Písař]

You should know that t/0601_Dialog_Scan.t crashes when exiting in gtk_widget_dispose() for me after upgrading from glib2-2.67.1 to glib2-2.67.3. It spew a lot of warnings like this before:

ok 14 - selecting reverse should automatically limit the max number of pages to scan
GLib-GObject-WARNING **: instance with invalid (NULL) class pointer during global destruction.
GLib-GObject-CRITICAL **: g_signal_emit_valist: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed during global destruction.
GLib-GObject-CRITICAL **: g_object_set_qdata: assertion 'G_IS_OBJECT (object)' failed during global destruction.

Now it segfaults:

#0  0x00007ffff57fd732 in gtk_widget_dispose (object=0x555559c97880) at /usr/src/debug/gtk3-3.24.25-3.fc35.x86_64/gtk/gtkwidget.c:12156
#1  0x00007ffff74e0d84 in g_object_unref () from /lib64/libgobject-2.0.so.0
#2  0x00007ffff75484aa in XS_Glib__Object_DESTROY () from /usr/lib64/perl5/vendor_perl/auto/Glib/Glib.so
#3  0x00007ffff7d34d47 in Perl_pp_entersub () from /lib64/libperl.so.5.32
#4  0x00007ffff7ca825a in Perl_call_sv () from /lib64/libperl.so.5.32
#5  0x00007ffff7d3d230 in S_curse.lto_priv.0 () from /lib64/libperl.so.5.32
#6  0x00007ffff7d3d978 in Perl_sv_clear () from /lib64/libperl.so.5.32
#7  0x00007ffff7d3c862 in Perl_sv_free2 () from /lib64/libperl.so.5.32
#8  0x00007ffff7d368f8 in Perl_sv_clean_objs () from /lib64/libperl.so.5.32
#9  0x00007ffff7ca9722 in perl_destruct () from /lib64/libperl.so.5.32
#10 0x0000555555555324 in main ()

I have not yet reduced the reproducer, so I don't know what's the cause.

[Jeffrey Ratcliffe]

Thanks for the report.

What was the last working version of Glib?

I wonder if this is related?

https://sourceforge.net/p/gscan2pdf/support-requests/47/

Does it segfault if you run with sudo?

[Petr Písař]

I don't have sudo on that machine. But running the tests as root still crashes for me.
I wrote the last working glib was 2.67.1. More precisely it was glib2-2.67.1-4.fc34.x86_64 Fedora package. (You can obtain it from https://koji.fedoraproject.org/koji/buildinfo?buildID=1677975.) But then I tried to debug it on my Gentoo system and I could not reproduce it regardless of the glib version. Fedora probably compiles glib differently. I will have to look more closely.

I also stumbled on https://gitlab.gnome.org/GNOME/perl-gtk3/-/issues/8 which looks similar. But then bug manifested even on my Gengoo. So maybe it's a different bug.

[Jeffrey Ratcliffe]

Can you suggest a docker image or similar where I could reproduce the problem?

[Petr Písař]

I found the culprit: Fedora configures glib with meson --auto-features=enabled. That enables all explicitly nondisabled options. glib's commit 670b84ca3068eb4ec584812fad2cdcb8dc35683b (build: Add glib_debug option; introduced between 2.67.2 and 2.67.3) added a new option which enables debugging code with -DG_ENABLE_DEBUG compiler flag. As an effect, Fedora started to build glib with that debugging code which probably does not shield from abusing Glib memory management by Gtk and leads to the crash. I will report it to Fedora and glib upstream that they should exempt the new glib_debug option from --auto-features. Debugging code is not suitable for a production.

I also found that the same crash happens if the code is configured with -O0 compiler flag. (-O1, -O2, -O3, -Os are fine) regardless of glib version. Either it's because glib's meson script performs weird checks on that flag and adds -DG_DISABLE_CAST_CHECKS compiler flag based on the flag, or maybe glib relies on an undefined behaviour which yields a different code flow without optimizations.

[Jeffrey Ratcliffe]

Thanks for your work. Does this mean that you are happy for me to close this?

[Petr Písař]

Yes, you can close it.