GNOME Bugzilla – Bug 767028
GtkMenuTrcker could crash in gtk_menu_tracker_model_changed if there are no items
Last modified: 2018-04-15 00:26:23 UTC
This is something that we see quite often in Unity (https://pad.lv/1296674). For example: at /build/gtk+3.0-3sSotQ/gtk+3.0-3.10.8/./gtk/gtkmenutracker.c:339 (where src is https://github.com/GNOME/gtk/blob/gtk-3-10/gtk/gtkmenutracker.c#L339) (gdb) print section $2 = (GtkMenuTrackerSection *) 0x7f6be1bba2d0 (gdb) print section->items $3 = (GSList *) 0x0 I think it's quite sane to avoid deferencing *change_point when it's NULL.
Created attachment 328734 [details] [review] GtkMenuTracker: don't try to deference *change_point when it's NULL
First steop here would be a test case that reproduces the problem you are seeing.
(In reply to Matthias Clasen from comment #2) > First steop here would be a test case that reproduces the problem you are > seeing. Unfortunately this is quite a random issue, which happens for some years regularly in Ubuntu, but there are no known ways to reproduce this. However I believe that a null guard is always something that doesn't harm (while probably I should add some g_critical logs)
(In reply to Marco Trevisan (Treviño) from comment #3) > However I believe that a null guard is always something that doesn't harm > (while probably I should add some g_critical logs) Adding random NULL guards in places where NULL isn't supposed to go only clouds up the actual underlying issue, though: Why is change_point NULL ? The code in the caller (gtk_menu_tracker_model_changed) doesn't look to me like it expects change_point to ever be NULL.
(In reply to Matthias Clasen from comment #4) > (In reply to Marco Trevisan (Treviño) from comment #3) > > > However I believe that a null guard is always something that doesn't harm > > (while probably I should add some g_critical logs) > > Adding random NULL guards in places where NULL isn't supposed to go only > clouds up the actual underlying issue, though: Why is change_point NULL ? I agree. But unfortunately during this time I've never been able to figure out a proper test case. For some reason it seems that section->items is null sometimes, thus is *change_point. I'm not that into this codebase to give a deeper explaination, though, so I guess desrt could step in for better guessing. > The code in the caller (gtk_menu_tracker_model_changed) doesn't look to me > like it expects change_point to ever be NULL. No, in fact... That's never protected. BUt I think failing critically is still always better than crashing.
We're moving to gitlab! As part of this move, we are moving bugs to NEEDINFO if they haven't seen activity in more than a year. If this issue is still important to you and still relevant with GTK+ 3.22 or master, please reopen it and we will migrate it to gitlab.
As announced a while ago, we are migrating to gitlab, and bugs that haven't seen activity in the last year or so will be not be migrated, but closed out in bugzilla. If this bug is still relevant to you, you can open a new issue describing the symptoms and how to reproduce it with gtk 3.22.x or master in gitlab: https://gitlab.gnome.org/GNOME/gtk/issues/new