GNOME Bugzilla – Bug 775753
Crash in error-recovery code of GtkMenu
Last modified: 2018-05-02 17:51:00 UTC
Created attachment 341539 [details] stack trace Our application dumped core with the attached stack trace. At frame #26, GTK+ is popping a menu up under the mouse pointer. The function gtk_menu_popup_for_device tries to grab the mouse pointer but, since the menu window is not realized or mapped yet, it creates a "transfer window" and grabs the mouse pointer on that instead. If the grab on the "transfer_window" fails, then GTK_MENU_SHELL (xgrab_shell)->priv->have_xgrab remains FALSE, and we enter the "if" statement and call menu_grab_transfer_window_destroy (menu). Inside menu_grab_transfer_window_destroy at frame #25 we find that the menu has a transfer_window, so we do: widget_window = gtk_widget_get_window (GTK_WIDGET (menu)); g_object_set_data (G_OBJECT (widget_window), I_("gdk-attached-grab-window"), window); But widget_window is NULL because menu is not realized yet. So g_object_set_data crashes. The bug is not systematic. Possible, the trigger for the bug is a "pointer grab failed" error reply from the X server. So it's hard to reproduce. Here is part of stack trace and proposed patch.
Created attachment 341540 [details] [review] patch to fixe clean-up code We add check before call set_data. We also change its parameter to NULL, due to windows has been already destroyed.
Thanks for reporting this and the patch! Have you checked if this is still an issue in 3.22 or git master?
Yes. I've looked at git master. The code remains the same as in gtk+ 3.14. So the bug is still here.
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gtk/issues/718.