GNOME Bugzilla – Bug 693995
GkColorChooserWidget crashes in select_swatch if palettes are replaced with add_palette
Last modified: 2013-03-04 23:31:44 UTC
When custom palettes are set with add_palette, the default palettes are removed. If the selected color was on one of those, priv->current does not get unset, resulting in a dangling pointer that will cause a crash in select_swatch when gtk_widget_unset_state_flags is called to deselect the previous swatch. This seems to make it impossible to use custom palettes, as the widget tries to restore the state from dconf. If the restored color is on one of the default palettes, setting another palette on startup will already cause a crash. I think this bug is still present in HEAD. I don't have a minimal example that causes the bug, but could create one if necessary.
Reproduced with jhbuild for git HEAD.
(gdb) bt
+ Trace 231527
98 99 if (cc->priv->current == swatch) 100 return; 101 102 if (cc->priv->current != NULL) 103 gtk_widget_unset_state_flags (GTK_WIDGET (cc->priv->current), GTK_STATE_FLAG_SELECTED); 104 gtk_widget_set_state_flags (GTK_WIDGET (swatch), GTK_STATE_FLAG_SELECTED, FALSE); 105 cc->priv->current = swatch;
Created attachment 236449 [details] Minimal testcase Minimal testcase, run with: gcc colorchooserpalette.c -o colorchooserpalette -g -O0 $(pkg-config --cflags --libs gtk+-3.0) && G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind ./colorchooserpalette
Valgrind output: ==9711== Invalid read of size 8 ==9711== at 0x7E60D90: g_type_check_instance_cast (gtype.c:4022) ==9711== by 0x4F27D9A: select_swatch (gtkcolorchooserwidget.c:103) ==9711== by 0x4F28A6B: gtk_color_chooser_widget_set_rgba (gtkcolorchooserwidget.c:761) ==9711== by 0x400816: main (colorchooserpalette.c:15) ==9711== Address 0xbd7a890 is 0 bytes inside a block of size 304 free'd ==9711== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9711== by 0x7E5F96A: g_type_free_instance (gtype.c:1957) ==9711== by 0x4FAA56F: gtk_grid_forall (gtkgrid.c:502) ==9711== by 0x4F3FCDB: gtk_container_destroy (gtkcontainer.c:1377) ==9711== by 0x7E3E081: g_closure_invoke (gclosure.c:777) ==9711== by 0x7E50024: signal_emit_unlocked_R (gsignal.c:3682) ==9711== by 0x7E58A6F: g_signal_emit_valist (gsignal.c:3314) ==9711== by 0x7E58CB1: g_signal_emit (gsignal.c:3370) ==9711== by 0x513A157: gtk_widget_dispose (gtkwidget.c:10743) ==9711== by 0x7E4336C: g_object_unref (gobject.c:2987) ==9711== by 0x7E41840: g_cclosure_marshal_VOID__OBJECTv (gmarshal.c:1316) ==9711== by 0x7E3E2A9: _g_closure_invoke_va (gclosure.c:840)
Created attachment 236450 [details] [review] Deselect any swatch before removing palettes In remove_palette(...), deselects any selected swatches. But this will also deselect swatches in the custom palette...
Created attachment 236453 [details] [review] Deselect any swatch before removing palettes In remove_palette(...), deselects any selected swatch, unless it is on the custom palette
Created attachment 236455 [details] [review] GtkColorChooserWidget: deselect swatch before removing palettes When adding custom palettes, set the current swatch to NULL if the palette it is on is going to be removed.
Attachment 236455 [details] pushed as 670e532 - GtkColorChooserWidget: deselect swatch before removing palettes