GNOME Bugzilla – Bug 506769
GtkCellRendererCombo fails for 2.12.3 under Windows
Last modified: 2008-03-06 15:57:30 UTC
Steps to reproduce: The tree view/editable example in the gtk-demo program can be used to reproduce the bug. Open the example, click on any row in the Number column to open the RendererCombo. Select a number and click. Close the window: the application will crash. GTK+ 2.12.3 fails, also in mingw environment and also using the gtk-win sourceforge runtime. GTK+ 2.12.1 works correctly. I could not reproduce the bug in Linux. http://jutas.eet.bme.hu/~cirix/renderer_combo.c is a small modification of the gtk-demo example mentioned above, it was used to create the trace. The segmentation violation happens in gtk_widget_destroy(window), after clicking the quit button. Stack trace: Program received signal SIGSEGV, Segmentation fault. 0x77c378c0 in _libmsvcrt_a_iname () (gdb) bt
+ Trace 183750
Other information: gcc: Configured with: ../gcc/configure --with-gcc --with-gnu-ld --with-gnu-as --host=mingw32 --target=mingw32 --prefix=/mingw --enable-threads --disable-nls --enable-languages=c,c++,f77,ada,objc,java --disable-win32-registry --disable-shared --enable-sjlj-exceptions --enable-libgcj --disable-java-awt --without-x --enable-java-gc=boehm --disable-libgcj-debug --enable-interpreter --enable-hash-synchronization --enable-libstdcxx-debug Thread model: win32 gcc version 3.4.2 (mingw-special) gtk+: http://www.gimp.org/~tml/gimp/win32/downloads.html, 2.12.3 fails http://sourceforge.net/projects/gtk-win/ 2.12.3 fails, 2.12.1 works
Created attachment 102009 [details] The test case mentioned in the text. The source is almost the same as the editable tree view example in gtk-demo.
Cody, this seems to be caused by your code in _gdk_windowing_window_destroy(), in the loop "Remove all our transient children" the GdkWindow pointer from the transient_children list seems to point to bogus data. (Wild guess: Already freed data? Some reference counting problem? Should the GdkWindows in the transient_children list be refed when put on the list and unrefed when taken off it?) Backtrace from a not-quite-recent build of gtk-2-12:
+ Trace 183900
"The tree view/editable example in the gtk-demo program can be used to reproduce the bug. Open the example, click on any row in the Number column to open the RendererCombo. Select a number and click. Close the window: the application will crash." I downloaded Tor's build of 2.12.3 and I am unable to reproduce these steps. It works as expected. I also built the demo program and tested it, and I can't reproduce using that either. I'll look through the stack trace and see if I can figure out anything useful though.
Okay, Tor discovered that this doesn't reproduce using ms-windows theme engine, but it does otherwise.
Created attachment 102541 [details] [review] Proposed solution Ref and unref window and parent when we set transient_for.
Fixed in trunk and gtk-2-12 branch.
*** Bug 503326 has been marked as a duplicate of this bug. ***
*** Bug 515415 has been marked as a duplicate of this bug. ***
*** Bug 512707 has been marked as a duplicate of this bug. ***
*** Bug 516228 has been marked as a duplicate of this bug. ***
another easy way to reproduce this bug (in 2.12.5) is to open gtk-demo's "Entry Completion", right-click and choose (just for example) the Cyrillic input method, type a few characters, and close the dialog. And this happens also with the ms-windows theme engine.