After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 745829 - crash when double-clicking close button while popover is visible
crash when double-clicking close button while popover is visible
Status: RESOLVED FIXED
Product: gtk+
Classification: Platform
Component: Debugging
3.15.x
Other Linux
: Normal normal
: ---
Assigned To: gtk-bugs
gtk-bugs
Depends on:
Blocks:
 
 
Reported: 2015-03-08 06:37 UTC by Christian Hergert
Modified: 2015-03-16 15:27 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
widget: Take a ref during ::unmap emission (1.03 KB, patch)
2015-03-16 12:55 UTC, Carlos Garnacho
reviewed Details | Review
window: Protect against popover destruction on ::unmap (1.18 KB, patch)
2015-03-16 12:55 UTC, Carlos Garnacho
accepted-commit_now Details | Review
window: Protect against popover destruction on ::unmap (1.18 KB, patch)
2015-03-16 15:27 UTC, Carlos Garnacho
none Details | Review
widget: Take a ref during ::unrealize emission (987 bytes, patch)
2015-03-16 15:27 UTC, Carlos Garnacho
none Details | Review
widget: Take a ref during ::unmap emission (1.03 KB, patch)
2015-03-16 15:27 UTC, Carlos Garnacho
none Details | Review

Description Christian Hergert 2015-03-08 06:37:50 UTC
I was using GtkInspector to edit some textview properties. If I double click a property in the properties page and change a value, then double click the inspector window's close button, I get a crash.

I'm currently running on 3.15.10 (32c0c6fee0ddc7333991db1ae772ebd33fe7a12c)


Program received signal SIGSEGV, Segmentation fault.
0x00007ffff3b4a9fa in gtk_widget_pop_verify_invariants (widget=0x159edc0) at gtkwidget.c:10202
10202	  g_assert (widget->priv->verifying_invariants_count > 0);
(gdb) bt
  • #0 gtk_widget_pop_verify_invariants
    at gtkwidget.c line 10202
  • #1 popover_unmap
    at gtkwindow.c line 5936
  • #2 gtk_window_unmap
    at gtkwindow.c line 6122
  • #3 g_closure_invoke
    at gclosure.c line 768
  • #4 signal_emit_unlocked_R
    at gsignal.c line 3479
  • #5 g_signal_emit_valist
    at gsignal.c line 3305
  • #6 g_signal_emit
    at gsignal.c line 3361
  • #7 gtk_widget_unmap
    at gtkwidget.c line 5093
  • #8 gtk_window_hide
    at gtkwindow.c line 5924
  • #9 g_closure_invoke
    at gclosure.c line 768
  • #10 signal_emit_unlocked_R
    at gsignal.c line 3479
  • #11 g_signal_emit_valist
    at gsignal.c line 3305
  • #12 g_signal_emit
    at gsignal.c line 3361
  • #13 gtk_widget_hide
    at gtkwidget.c line 4960
  • #14 gtk_widget_hide_on_delete
    at gtkwidget.c line 5001
  • #15 _gtk_marshal_BOOLEAN__BOXEDv
    at gtkmarshalers.c line 130
  • #16 _g_closure_invoke_va
    at gclosure.c line 831
  • #17 g_signal_emit_valist
    at gsignal.c line 3214
  • #18 g_signal_emit
    at gsignal.c line 3361
  • #19 gtk_widget_event_internal
    at gtkwidget.c line 7787
  • #20 gtk_main_do_event
    at gtkmain.c line 1640
  • #21 send_delete_event
    at gtkwindow.c line 1318
  • #22 gdk_threads_dispatch
    at gdk.c line 717
  • #23 g_main_dispatch
    at gmain.c line 3122
  • #24 g_main_context_dispatch
    at gmain.c line 3737
  • #25 g_main_context_iterate
    at gmain.c line 3808
  • #26 g_main_loop_run
    at gmain.c line 4002
  • #27 gtk_main
    at gtkmain.c line 1219
  • #28 main
    at tests/test-ide-source-view.c line 584

Comment 1 Matthias Clasen 2015-03-14 22:08:18 UTC
This is caused by the popover hide animation. Disabling that makes the crash go away.
Comment 2 Carlos Garnacho 2015-03-16 12:55:02 UTC
Created attachment 299507 [details] [review]
widget: Take a ref during ::unmap emission

This ensures the widget data stays live long enough to perform invariants
check after emission if the widget happens to be destroyed on a callback.
Comment 3 Carlos Garnacho 2015-03-16 12:55:07 UTC
Created attachment 299508 [details] [review]
window: Protect against popover destruction on ::unmap

On popover_unmap(), perform the gtk_widget_unmap() call last, so the
GtkWindowPopover data is ensured to be alive throughout the function
if the popover widget is destroyed right on ::unmap.
Comment 4 Matthias Clasen 2015-03-16 13:57:14 UTC
Review of attachment 299507 [details] [review]:

makes sense, but I wonder: does gtk_widget_unrealize need a similar fix ?
Comment 5 Matthias Clasen 2015-03-16 13:58:17 UTC
Review of attachment 299508 [details] [review]:

ok
Comment 6 Carlos Garnacho 2015-03-16 15:27:07 UTC
The following fixes have been pushed:
b4b2358 window: Protect against popover destruction on ::unmap
b4e61b7 widget: Take a ref during ::unrealize emission
f5f6ad9 widget: Take a ref during ::unmap emission
Comment 7 Carlos Garnacho 2015-03-16 15:27:12 UTC
Created attachment 299521 [details] [review]
window: Protect against popover destruction on ::unmap

On popover_unmap(), perform the gtk_widget_unmap() call last, so the
GtkWindowPopover data is ensured to be alive throughout the function
if the popover widget is destroyed right on ::unmap.
Comment 8 Carlos Garnacho 2015-03-16 15:27:19 UTC
Created attachment 299522 [details] [review]
widget: Take a ref during ::unrealize emission

In order to prevent invalid memory access/crashes if the widget is
destroyed in a callback of that signal.
Comment 9 Carlos Garnacho 2015-03-16 15:27:24 UTC
Created attachment 299523 [details] [review]
widget: Take a ref during ::unmap emission

This ensures the widget data stays live long enough to perform invariants
check after emission if the widget happens to be destroyed on a callback.