GNOME Bugzilla – Bug 327164
(GtkRBNode *)node becomes NULL inside GtkTreeView
Last modified: 2006-07-01 13:17:00 UTC
While I'm using Sylpheed (2.2.0beta4 or 2.x - http://sylpheed.good-day.net/en/), it gets crashed when I select a random folder contains mails/articles. As far as I checked it's not reproducible but happens frequently. GTK+ is 2.9.0 (CVS HEAD), compiled with GLib 2.9.3 (CVS HEAD), gcc 4.0.1 (-O2 -g -W -Wall -Wformat=2 -fno-var-tracking) on IRIX 6.5.22m.
Created attachment 57455 [details] Stacktrace log from crashed Sylpheed 2.2.0beta4 Here stacktrace from Sylpheed is, if you want to check sources used in the application (summaryview.c, folderview.c), I'll upload later.
And I've noticed a similar problem at http://bugzilla.gnome.org/show_bug.cgi?id=253521
Created attachment 62510 [details] Stacktrace log from crashed Sylpheed 2.2.4 Hi, it still causes a crash against Sylpheed. Now they're GTK+ 2.9.0, GLib 2.11.0, where's the problem figured in? Does that stack trace log make sense at all? Any hints will be appreciated, thanks.
Hmm, I don't see how we can get expanded_collapsed_node to be NULL when expand_collapsed_timeout is not 0. But I wonder if we should make sure that we always set and clear the two at the same time (the current code looks as if it leaves exapnded_collapsed_node behind in some places)
Hi, I'm seeing very similar and regular crashes with Sylpheed when using the 'Smooth' GTK theme engine (version 2.6.8). Switching to a different theme fixed this long-standing issue for me.
I also don't see any case how expanded_collapsed_node can be NULL when the timeout is active. Also, this doesn't have anything to do with theme engines ... Any valgrind reports? (Please reopen from NEEDINFO if you add more information).
I have the same(or at least similar) problem. I attached a backtrace produced by gdb and a valgrind report. Both are produced in the same way: I have a folder with threaded view, I select the last mail in this folder, which must be an answer and then I click on another folder where threaded view is disabled. Hth, Enrico
Created attachment 66752 [details] Valgrind report with Sylpheed 2.2.5, GTK 2.8.17 and GLib 2.10.3
Created attachment 66753 [details] Gdb backtrace with Sylpheed 2.2.5, GTK 2.8.17 and GLib 2.10.3
I forgot to mention: this happens with Debian Sid (Unstable), GTK 2.8.17(2.8.18 also tested, same result) and GLib 2.10.3.
According to my backtrace, the segfault seems to be in line 10625 of gtktreeview.c. The mentioned line is if (node->children == NULL) So, I guess node is NULL and therefore accessing a member of node results in a segfault. The question is, why node gets NULL and what to do if so.
Oops, my last comment is a bit useless because this was already mentioned. Sorry for the spam.
I'm the author of Sylpheed, and I think at least I've found the trigger of this bug. Sylpheed uses the following hack when it clears GtkTreeStore for performance improvement (it becomes about 1.5 times faster). gtk_tree_view_set_model(treeview, NULL); gtk_tree_store_clear(store); gtk_tree_view_set_model(treeview, GTK_TREE_MODEL(store)); After removing this hack, it doesn't seem to crash anymore.
New info here, reopening
Hrm, I tried writing a test case with the new info, but couldn't reproduce the bug. After that I compiled sylpheed from SVN, but I couldn't reproduce the bug either. After a long time of code browsing, this patch could make a difference. Could you try this to see whether it fixes the issue? Index: gtktreeview.c =================================================================== RCS file: /cvs/gnome/gtk+/gtk/gtktreeview.c,v retrieving revision 1.556 diff -u -p -r1.556 gtktreeview.c --- gtktreeview.c 21 Jun 2006 15:04:44 -0000 1.556 +++ gtktreeview.c 26 Jun 2006 15:36:48 -0000 @@ -10399,6 +10399,12 @@ gtk_tree_view_set_model (GtkTreeView *t gtk_tree_view_unref_and_check_selection_tree (tree_view, tree_view->priv->tree); gtk_tree_view_stop_editing (tree_view, TRUE); + if (tree_view->priv->expand_collapse_timeout) + { + g_source_remove (tree_view->priv->expand_collapse_timeout); + tree_view->priv->expand_collapse_timeout = 0; + } + g_signal_handlers_disconnect_by_func (tree_view->priv->model, gtk_tree_view_row_changed, tree_view);
I've made workaround for the bug in svn trunk (rev. 1089), so it isn't reproducable anymore with the latest code. Try with rev. 1088 or the previous release. I'll also try your patch.
The patch looks like it does the right thing, independent of whether it fixes this bug or not...
I've tried the patch, and indeed it did fix the problem! Thanks.
Cool, thanks. Committed this on HEAD. (Will merge over to 2.8 together with some other patches later on).
*** Bug 343213 has been marked as a duplicate of this bug. ***