GNOME Bugzilla – Bug 759079
GtkComboBox triggers segmentation fault in update_menu_sensitivity for single entry submenu
Last modified: 2016-01-15 10:13:40 UTC
GtkComboBox used to draw a selectable header and separator on the top of each submenu which seems to have been removed in the latest CSS styling changes for that widget, specifically commits [1] and [2]. However, the function update_menu_sensitivity still assume the header and separator to be present and will trigger a memory access violation if a submenu with a single element is used. More specifically, [3] fails as 'child->next' is null as the proper child item is actually the only child item so that even though 'child == children' is true, there is no next item which used to be the separator. [1] https://git.gnome.org/browse/gtk+/commit/gtk/gtkcombobox.c?id=d071415d56e507dec36ea39fb48590c5c09ad7c9 [2] https://git.gnome.org/browse/gtk+/commit/gtk/gtkcombobox.c?id=fcb26376dfc317f0f45ec3a5d94fb697003b64e3 [3] https://git.gnome.org/browse/gtk+/tree/gtk/gtkcombobox.c#n2105
Created attachment 316834 [details] [review] Patch removing the header and separator handling This patch removes the special handling of the header and separator in the combo box, i.e. within update_menu_sensitivity, and for me, fixes the problem without any obvious negative side effects.
Thank you for reviewing and committing this so fast! As only 3.18.x seems affected and all single entry sub menu combo boxes crashing seems like a potentially large set of affected programs, is it possible to cherry pick this for 3.18.x?