*** This bug is a duplicate of bug 1438014 ***
https://bugs.launchpad.net/bugs/1438014
Seems to be error in gtk_cell_area_activate_cell: it has incorrect order of
actions which broke gtk_grab_add / gtk_grab_remove pair
https://github.com/GNOME/gtk/blob/6cc08d60efeb02afc0d67982c3dc205dfd16d7cd/gtk/gtkcellarea.c#L3388
3428 gtk_cell_renderer_start_editing (renderer,
This will call gtk_grab_add to register widget in default window group
"gtk_window_get_group (NULL);"
Later,
3444 gtk_cell_area_add_editable (area, priv->focus_cell, editable_widget,
cell_area);
will change widget to other window group (by setting parent
gtk_cell_area_activate_cell -> gtk_cell_area_add_editable -> ..signal..
-> gtk_tree_view_column_add_editable_callback ->
_gtk_tree_view_add_editable -> gtk_tree_view_put ->
gtk_widget_set_parent)
And gtk_grab_remove will be unable to remove link to the widget from the wrong
window group, creating stale pointer, which will be used after free.
More details at Bug #1667227.
Bug can be detected by "Gtk-CRITICAL **: gtk_widget_get_toplevel: assertion
'GTK_IS_WIDGET (widget)' failed" messages, when mate-terminal (bug #1667227) or
gnome-terminal are started from another console (with option --disable-factory)
and keyboard shortcuts are edited.
I have such messages with gtk+3 (upstream) versions 3.16.7, 3.18.9, 3.20.9,
3.22.8; valgrind can detect invalid reads (use after free) from
window_group_cleanup_grabs -> gtk_widget_get_toplevel.
Simple, but potentially incorrect patch corrects this bug (both Gtk-CRITICAL
messages and valgrind detections/SIGSEGVs) in gnome-terminal and mate-terminal
(bug #1667227). It is tested with gtk+3 3.16.7, 3.18.9, 3.20.9, 3.22.8.
Just call _gtk_window_group_remove_grab from gtkmain.c:gtk_grab_remove twice,
additional call with default window group, to clear all possible references to
the widget from the grabs list:
diff --git a/gtk/gtkmain.c b/gtk/gtkmain.c
index 3152971256..681cb2bec9 100644
--- a/gtk/gtkmain.c
+++ b/gtk/gtkmain.c
@@ -2274,6 +2274,9 @@ gtk_grab_remove (GtkWidget *widget)
group = gtk_main_get_window_group (widget);
_gtk_window_group_remove_grab (group, widget);
+ // quick workaround for lp #1667227, lp #1667232
+ _gtk_window_group_remove_grab (gtk_window_get_group (NULL), widget);
+
new_grab_widget = gtk_window_group_get_current_grab (group);
gtk_grab_notify (group, NULL, widget, new_grab_widget, FALSE);
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-terminal in Ubuntu.
https://bugs.launchpad.net/bugs/1667232
Title:
gnome-terminal-server crashed with SIGSEGV in
g_type_check_instance_is_a() while editing shortcuts
Status in gnome-terminal package in Ubuntu:
New
Bug description:
1)
Description: Ubuntu Zesty Zapus (development branch)
Release: 17.04
2)
gnome-terminal:
Installed: 3.20.2-1ubuntu5
3)
Open gnome-terminal, open menu Edit->Preferences, open Shortcuts tab, scroll
to the end, change key for Help-Contents
Change the shortcut several times, using various combinations of Ctrl, Alt,
Shift, "Win" (Super_L" keys with letters W/E/Q... or Function keys like F1,F2
3)
Expected: changed shortcut and working gnome-terminal
4)
After several changes gnome-terminal closes with SIGSEGV and apport.
ProblemType: Crash
DistroRelease: Ubuntu 17.04
Package: gnome-terminal 3.20.2-1ubuntu5
ProcVersionSignature: Ubuntu 4.10.0-8.10-generic 4.10.0-rc8
Uname: Linux 4.10.0-8-generic x86_64
ApportVersion: 2.20.4-0ubuntu2
Architecture: amd64
CurrentDesktop: MATE
Date: Thu Feb 23 09:49:49 2017
ExecutablePath: /usr/lib/gnome-terminal/gnome-terminal-server
ExecutableTimestamp: 1475202625
InstallationDate: Installed on 2017-02-22 (1 days ago)
InstallationMedia: Ubuntu-MATE 17.04 "Zesty Zapus" - Alpha amd64 (20170125)
ProcCmdline: /usr/lib/gnome-terminal/gnome-terminal-server
ProcCwd: /home/user
RetraceOutdatedPackages:
no debug symbol package found for libepoxy0
no debug symbol package found for libwayland-cursor0
no debug symbol package found for libharfbuzz0b
Signal: 11
SourcePackage: gnome-terminal
StacktraceTop:
g_type_check_instance_is_a
(type_instance=type_instance@entry=0x5561990ab920, iface_type=<optimized out>)
at ././gobject/gtype.c:4013
gtk_widget_get_toplevel (widget=0x5561990ab920) at ././gtk/gtkwidget.c:11521
window_group_cleanup_grabs (group=<optimized out>,
window=window@entry=0x556198dfa330) at ././gtk/gtkwindowgroup.c:110
gtk_window_group_add_window (window_group=0x556198fad4d0,
window=0x556198dfa330) at ././gtk/gtkwindowgroup.c:169
gtk_window_set_transient_for (window=0x556198dfa330, parent=0x556198f8cd00)
at ././gtk/gtkwindow.c:3332
Title: gnome-terminal-server crashed with SIGSEGV in
g_type_check_instance_is_a()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-terminal/+bug/1667232/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
