After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 771812 - Crash when reparenting a popover with a non-null parent_scrollable
Crash when reparenting a popover with a non-null parent_scrollable
Status: RESOLVED FIXED
Product: gtk+
Classification: Platform
Component: Widget: GtkPopover
3.20.x
Other Linux
: Normal major
: ---
Assigned To: gtk-bugs
gtk-bugs
Depends on:
Blocks:
 
 
Reported: 2016-09-22 07:44 UTC by Michael Gratton
Modified: 2016-09-29 10:49 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Minimal test case (1.80 KB, text/plain)
2016-09-22 07:46 UTC, Michael Gratton 		  Details
popover: Add helper functions around setting up an scrollable (4.23 KB, patch)
2016-09-28 18:02 UTC, Carlos Garnacho 		committed Details | Review
popover: Update scrollable on relative-to hierarchy changes (1.20 KB, patch)
2016-09-28 18:02 UTC, Carlos Garnacho 		committed Details | Review

Description Michael Gratton 2016-09-22 07:44:45 UTC 
GtkPopover is causing a crash after adding it to a widget hierarchy as a descendant of a GtkScrollable, then moving it to a different widget hierarchy such that it isn't a descendant of a GtkScrollable, and the parent of the GtkScrollable is subsequently destroyed.

The result of all this is in _gtk_popover_update_child_visible() after the line:

> parent = gtk_widget_get_parent (GTK_WIDGET (priv->parent_scrollable));

`parent` is null, which is then passed as the second arg to gtk_widget_translate_coordinates(), which causes a segfault.

The latter probably shouldn't segfault, but the former probably should be checking that the parent is not null. Also, the popover might want to use a better method to determine when its parent_scrollable is no longer valid.

This is currently occurring in Geary, where we have an in-conversation email composer widget with a GtkMenuButton using a popover, and the user detaches the composer. This causes the composer+popover to be removed from the scrollable conversation hierarchy and added to a new top level window.

Minimal test case to follow.
Comment 1 Michael Gratton 2016-09-22 07:46:34 UTC 
Created attachment 336056 [details]
Minimal test case

Compile with: 

> gcc -g `pkg-config --cflags gtk+-3.0` gtk_menu_button_popover_crash.c -o gtk_menu_button_popover_crash `pkg-config --libs gtk+-3.0`

It will crash as soon as you run it with an indicative stack trace.
Comment 2 Carlos Garnacho 2016-09-28 18:02:45 UTC 
Created attachment 336466 [details] [review]
popover: Add helper functions around setting up an scrollable

gtk_popover_set_scrollable_full() takes care of the signal connected
on the scrollable itself, in addition to the adjustment signals the
popover listens to.

gtk_popover_update_scrollable() looks up the current relative-to
widget hierarchy and updates the current scrollable.

The places where the scrollable is being maintained have been updated
to use these functions.
Comment 3 Carlos Garnacho 2016-09-28 18:02:52 UTC 
Created attachment 336467 [details] [review]
popover: Update scrollable on relative-to hierarchy changes

The relative-to widget may be reparented itself into/out of a
scrollable. In this cases make the hierachy-changed handler to
unset the parent scrollable when unparented, and look up again
the parent scrollable after it's reparented.
Comment 4 Matthias Clasen 2016-09-28 18:15:15 UTC 
Review of attachment 336466 [details] [review]:

sure
Comment 5 Matthias Clasen 2016-09-28 18:15:49 UTC 
Review of attachment 336467 [details] [review]:

ok
Comment 6 Carlos Garnacho 2016-09-29 10:49:19 UTC 
Attachment 336466 [details] pushed as 588a1dc - popover: Add helper functions around setting up an scrollable
Attachment 336467 [details] pushed as 769ee11 - popover: Update scrollable on relative-to hierarchy changes