Bug 704508 – Invalid iterator in gtkcomboxbox causes crash on windows

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 704508 - Invalid iterator in gtkcomboxbox causes crash on windows


Summary:	Invalid iterator in gtkcomboxbox causes crash on windows


Status:	RESOLVED OBSOLETE

Product:	gtk+
Classification:	Platform
Component:	Widget: GtkComboBox
Version:	2.24.x
Hardware:	Other Windows

Importance:	Normal critical
Target Milestone:	---
Assigned To:	gtk-bugs
QA Contact:	gtk-bugs

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-07-18 22:12 UTC by Dov Grobgeld
Modified:	2018-04-15 00:27 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Dov Grobgeld 2013-07-18 22:12:25 UTC

I have been trying to track down a bug in gtk in windows related to the gtkfilechooser button. It seems that the bug is in the following lines in gtkcombobox.c:4131 (branch gtk-2-24-win32):

  gtk_tree_model_get_iter (priv->model, &iter, path);
  gtk_tree_path_free (path);

  gtk_combo_box_popdown (combo_box);

  if (tree_column_row_is_sensitive (combo_box, &iter))
    gtk_combo_box_set_active_iter (combo_box, &iter);

The problem seems to be that gtk_combo_box_popdown (combo_box) invalidates the iterator. I don't understand why it does so, but it can be verified by inspecting:

  ((GtkTreeModelFilter*)(priv->model))->priv->stamp

which changes after the call to gtk_combo_box_popdown (), and thus the stamp of the model and the iterator are different.

See also:

https://bugzilla.redhat.com/show_bug.cgi?id=985559

Comment 1 Dov Grobgeld 2013-07-20 20:51:02 UTC

I have verified that the following patch solves the crash. Note that the bug exists both in HEAD and in the gtk2 branches. What is the commit policy for legacy bugs?

--- gtk+-2.24.20/gtk/gtkcombobox.c.org  2013-03-12 22:25:23.000000000 +0200
+++ gtk+-2.24.20/gtk/gtkcombobox.c      2013-07-20 23:38:34.248516146 +0300
@@ -4152,11 +4152,11 @@
   if (!ret)
     return TRUE; /* clicked outside window? */
 
+  gtk_combo_box_popdown (combo_box);
+
   gtk_tree_model_get_iter (priv->model, &iter, path);
   gtk_tree_path_free (path);
 
-  gtk_combo_box_popdown (combo_box);
-
   if (tree_column_row_is_sensitive (combo_box, &iter))
     gtk_combo_box_set_active_iter (combo_box, &iter);

Comment 2 Morten Welinder 2013-08-23 02:08:03 UTC

(I'm looking at gtk3 sources, just in case there is a latent bug here)

If ((GtkTreeModelFilter*)(priv->model))->priv->stamp changes then that
would seem to be the result of gtk_tree_model_filter_set_model being
called.  I don't see anything else that calls it.

Is that the case for you?  If so, can you produce a stack trace.

Comment 3 Matthias Clasen 2018-04-15 00:27:26 UTC

As announced a while ago, we are migrating to gitlab, and bugs that haven't seen activity in the last year or so will be not be migrated, but closed out in bugzilla.

If this bug is still relevant to you, you can open a new issue describing the symptoms and how to reproduce it with gtk 3.22.x or master in gitlab:

https://gitlab.gnome.org/GNOME/gtk/issues/new