Skip to content

onboard segfaults in gobject-introspection `g_callable_info_free_closure()`

While trying out other edge changes on an Atom tablet I noticed immediately that onboard segfaults right after appearing.

This is onboard-1.4.1-r5, running on x86.

Looking at the gobject-introspection ffi stuff that's going on there, maybe there is some kind of accidental ABI breakage and something needs to be rebuilt, but I can't figure out what's happening.

Backtrace:

Thread 1 "python3" received signal SIGSEGV, Segmentation fault.
0xb77b34ba in g_callable_info_free_closure () from /usr/lib/libgirepository-1.0.so.1
(gdb) bt
#0  0xb77b34ba in g_callable_info_free_closure () at /usr/lib/libgirepository-1.0.so.1
#1  0xb79244b1 in  () at /usr/lib/python3.9/site-packages/gi/_gi.cpython-39-i386-linux-musl.so
#2  0xb781c631 in g_source_callback_unref (cb_data=0xb4be4e90) at ../glib/gmain.c:1666
#3  g_source_callback_unref (cb_data=0xb4be4e90) at ../glib/gmain.c:1659
#4  0xb781ca9a in g_source_destroy_internal (source=source@entry=0xb4bfd080, context=context@entry=0xb6c2be80, have_lock=have_lock@entry=1)
    at ../glib/gmain.c:1331
#5  0xb781f33b in g_main_dispatch (context=0xb6c2be80) at ../glib/gmain.c:3411
#6  g_main_context_dispatch (context=0xb6c2be80) at ../glib/gmain.c:4099
#7  0xb781f531 in g_main_context_iterate (context=0xb6c2be80, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at ../glib/gmain.c:4175
#8  0xb781f8cc in g_main_loop_run (loop=<optimized out>) at ../glib/gmain.c:4373
#9  0xb5ccc5e7 in gtk_main () at /usr/lib/libgtk-3.so.0
[...]

The caller, which I guess is pygobject's _pygi_invoke_closure_free() https://gitlab.gnome.org/GNOME/pygobject/-/blob/pygobject-3-42/gi/pygi-closure.c#L633, seems to have a reasonable looking cif in its PyGICClosure, but not in g_callable_info_free_closure(), if we are indeed good up to the final dereference in wrapper->ffi_closure.cif->arg_types before the g_free() call where execution gets to, which I actually can't tell because the disassembly of g_callable_info_free_closure() doesn't make any sense to me given its code https://gitlab.gnome.org/GNOME/gobject-introspection/-/blob/gi-release-1-70/girepository/girffi.c#L423:

(gdb) disas
Dump of assembler code for function g_callable_info_free_closure:
   0xb77b34a3 <+0>:     push   %esi
   0xb77b34a4 <+1>:     push   %ebx
   0xb77b34a5 <+2>:     call   0xb77ab10e
   0xb77b34aa <+7>:     add    $0x286ee,%ebx
   0xb77b34b0 <+13>:    sub    $0x10,%esp
   0xb77b34b3 <+16>:    mov    0x20(%esp),%esi
   0xb77b34b7 <+20>:    mov    0x10(%esi),%eax
=> 0xb77b34ba <+23>:    push   0x8(%eax)
   0xb77b34bd <+26>:    call   0xb77aaf50 <g_free@plt>
   0xb77b34c2 <+31>:    pop    %eax
   0xb77b34c3 <+32>:    push   0x1c(%esi)
   0xb77b34c6 <+35>:    call   0xb77aad20 <ffi_closure_free@plt>
   0xb77b34cb <+40>:    add    $0x14,%esp
   0xb77b34ce <+43>:    pop    %ebx
   0xb77b34cf <+44>:    pop    %esi
   0xb77b34d0 <+45>:    ret    
End of assembler dump.
Edited by rakslice
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information