GNOME Bugzilla – Bug 170855
TreeView: Crash when closing window during editing.
Last modified: 2005-04-07 09:05:45 UTC
Steps to reproduce: 1. Run demo gtkmm-demo 2. ListView - editable cells 3. Edit cell - while cell is still in edit state, close the application Stack trace: Other information: win2k sp4 gtkmm-devel-2.6.1-1.exe
I can confirm this on linux too. It also happens in examples/book/treeview/editable_cells/ which is a simpler example.
This seems to be the relevant part of the valgrind output. It might be a null pointer dereference: (lt-example:10883): Gtk-CRITICAL **: gtk_tree_view_get_model: assertion `GTK_IS_TREE_VIEW (tree_view)' failed ==10883== ==10883== Invalid read of size 4 ==10883== at 0x1BB8EC81: Gtk::TreeModel::get_iter(Gtk::TreePath const&) (treemodel.h:198) ==10883== by 0x805298E: void Gtk::TreeView_Private::_auto_store_on_cellrenderer_text_edited_string<Glib::ustring>(Glib::ustring const&, Glib::ustring const&, int, Gtk::TreeView*) (refptr.h:155) ==10883== by 0x805433A: sigc::internal::slot_call4<sigc::pointer_functor4<Glib::ustring const&, Glib::ustring const&, int, Gtk::TreeView*, void>, void, Glib::ustring const&, Glib::ustring const&, int, Gtk::TreeView*>::call_it(sigc::internal::slot_rep*, Glib::ustring const&, Glib::ustring const&, int const&, Gtk::TreeView* const&) (ptr_fun.h:225) ==10883== by 0x8054505: _ZN4sigc8internal10slot_call2INS_12bind_functorILin1ENS2_ILin1ENS_4slotIvRKN4Glib7ustringES7_iPN3Gtk8TreeViewENS_3nilESB_SB_EESA_SB_SB_SB_SB_SB_SB_EEiSB_SB_SB_SB_SB_SB_EEvS7_S7_E7call_itEPNS0_8slot_repES7_S7_ (slot.h:758) ==10883== by 0x1BB0260F: (anonymous namespace)::CellRendererText_signal_edited_callback(_GtkCellRendererText*, char const*, char const*, void*) (slot.h:593) ==10883== by 0x1BDD2CB9: _gtk_marshal_VOID__STRING_STRING (gtkmarshalers.c:2234) ==10883== by 0x1C089DC5: IA__g_closure_invoke (gclosure.c:437) ==10883== by 0x1C09B2E9: signal_emit_unlocked_R (gsignal.c:2555) ==10883== by 0x1C09A52B: IA__g_signal_emit_valist (gsignal.c:2244) ==10883== by 0x1C09A7B5: IA__g_signal_emit (gsignal.c:2288) ==10883== by 0x1BD19DE6: gtk_cell_renderer_text_editing_done (gtkcellrenderertext.c:1620) ==10883== by 0x1BD1A01E: gtk_cell_renderer_text_focus_out_event (gtkcellrenderertext.c:1692) ==10883== by 0x1BDD057D: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:83) ==10883== by 0x1C089DC5: IA__g_closure_invoke (gclosure.c:437) ==10883== by 0x1C09B45E: signal_emit_unlocked_R (gsignal.c:2485) ==10883== by 0x1C09A31B: IA__g_signal_emit_valist (gsignal.c:2254) ==10883== by 0x1C09A7B5: IA__g_signal_emit (gsignal.c:2288) ==10883== by 0x1BEBF8E6: gtk_widget_event_internal (gtkwidget.c:3631) ==10883== by 0x1BECC616: do_focus_change (gtkwindow.c:4541) ==10883== by 0x1BECCADD: gtk_window_real_set_focus (gtkwindow.c:4727) ==10883== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==10883== ==10883== Process terminating with default action of signal 11 (SIGSEGV) ==10883== Access not within mapped region at address 0x0 ==10883== at 0x1BB8EC81: Gtk::TreeModel::get_iter(Gtk::TreePath const&) (treemodel.h:198) ==10883== by 0x805298E: void Gtk::TreeView_Private::_auto_store_on_cellrenderer_text_edited_string<Glib::ustring>(Glib::ustring const&, Glib::ustring const&, int, Gtk::TreeView*) (refptr.h:155) ==10883== by 0x805433A: sigc::internal::slot_call4<sigc::pointer_functor4<Glib::ustring const&, Glib::ustring const&, int, Gtk::TreeView*, void>, void, Glib::ustring const&, Glib::ustring const&, int, Gtk::TreeView*>::call_it(sigc::internal::slot_rep*, Glib::ustring const&, Glib::ustring const&, int const&, Gtk::TreeView* const&) (ptr_fun.h:225) ==10883== by 0x8054505: _ZN4sigc8internal10slot_call2INS_12bind_functorILin1ENS2_ILin1ENS_4slotIvRKN4Glib7ustringES7_iPN3Gtk8TreeViewENS_3nilESB_SB_EESA_SB_SB_SB_SB_SB_SB_EEiSB_SB_SB_SB_SB_SB_EEvS7_S7_E7call_itEPNS0_8slot_repES7_S7_ (slot.h:758) ==10883== by 0x1BB0260F: (anonymous namespace)::CellRendererText_signal_edited_callback(_GtkCellRendererText*, char const*, char const*, void*) (slot.h:593) ==10883== by 0x1BDD2CB9: _gtk_marshal_VOID__STRING_STRING (gtkmarshalers.c:2234) ==10883== by 0x1C089DC5: IA__g_closure_invoke (gclosure.c:437) ==10883== by 0x1C09B2E9: signal_emit_unlocked_R (gsignal.c:2555) ==10883== by 0x1C09A52B: IA__g_signal_emit_valist (gsignal.c:2244) ==10883== by 0x1C09A7B5: IA__g_signal_emit (gsignal.c:2288) ==10883== by 0x1BD19DE6: gtk_cell_renderer_text_editing_done (gtkcellrenderertext.c:1620) ==10883== by 0x1BD1A01E: gtk_cell_renderer_text_focus_out_event (gtkcellrenderertext.c:1692) ==10883== by 0x1BDD057D: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:83) ==10883== by 0x1C089DC5: IA__g_closure_invoke (gclosure.c:437) ==10883== by 0x1C09B45E: signal_emit_unlocked_R (gsignal.c:2485) ==10883== by 0x1C09A31B: IA__g_signal_emit_valist (gsignal.c:2254) ==10883== by 0x1C09A7B5: IA__g_signal_emit (gsignal.c:2288) ==10883== by 0x1BEBF8E6: gtk_widget_event_internal (gtkwidget.c:3631) ==10883== by 0x1BECC616: do_focus_change (gtkwindow.c:4541) ==10883== by 0x1BECCADD: gtk_window_real_set_focus (gtkwindow.c:4727)
In cvs, I have added a check for the null TreeModel refptr. This stops the crash for me, but leaves the critical GTK+ warning. We need to deal with this completely.
This is fixed in cvs, by passing the model to the handler, instead of the treeview (which dies before the model). It is only in HEAD, until I can investigate the impact of the changes to the private API. Many thanks for the useful bug report.
This is now in the gtkmm-2-6 branch too.