[Oxygen] [Bug 338012] Eclipse crashes in debug mode and using oxygen-gtk

Matt Whitlock Fri, 31 Mar 2017 04:16:35 -0700

https://bugs.kde.org/show_bug.cgi?id=338012


Matt Whitlock <k...@mattwhitlock.name> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |k...@mattwhitlock.name

--- Comment #6 from Matt Whitlock <k...@mattwhitlock.name> ---
I have been experiencing this crash for years and am still seeing it in
Oxygen-Gtk2 1.4.6. Here is some more information.

#6  <signal handler called>
#7  0x00007f724774a012 in IA__gtk_tree_view_get_background_area
(tree_view=tree_view@entry=0x7f72b9630b50, path=0x7f72b8a2cdb0, 
    column=0x7f72b92b5840, rect=rect@entry=0x7f72be2345b0) at
../../gtk+-2.24.31/gtk/gtktreeview.c:13035
#8  0x00007f7247434af5 in Oxygen::Gtk::CellInfo::backgroundRect
(this=this@entry=0x7f72b9771320, 
    treeView=treeView@entry=0x7f72b9630b50) at
../../oxygen-gtk2-1.4.6/src/oxygengtkcellinfo.cpp:206
#9  0x00007f7247425fbd in Oxygen::TreeViewStateData::dirtyRect
(this=this@entry=0x7f72b9771278)
    at ../../oxygen-gtk2-1.4.6/src/animations/oxygentreeviewstatedata.cpp:129
#10 0x00007f7247426130 in Oxygen::TreeViewStateData::delayedUpdate
(pointer=0x7f72b9771278)
    at ../../oxygen-gtk2-1.4.6/src/animations/oxygentreeviewstatedata.cpp:176
#11 0x00007f7247425c89 in Oxygen::TreeViewStateData::updateState
(this=this@entry=0x7f72b9771278, info=..., state=<optimized out>)
    at ../../oxygen-gtk2-1.4.6/src/animations/oxygentreeviewstatedata.cpp:91
#12 0x00007f7247403f0e in Oxygen::TreeViewStateEngine::get
(this=0x7f72b83329d0, widget=<optimized out>, info=..., options=...)
    at ../../oxygen-gtk2-1.4.6/src/animations/oxygentreeviewstateengine.h:92
#13 0x00007f72474ad850 in Oxygen::draw_expander (style=<optimized out>,
window=0x7f72b9d9ba20, state=<optimized out>, 
    clipRect=0x7f72be234840, widget=0x7f72b9630b50, detail=0x7f72477e0ba6
"treeview", x=6, y=10, 
    expanderStyle=GTK_EXPANDER_COLLAPSED) at
../../oxygen-gtk2-1.4.6/src/oxygenstylewrapper.cpp:2738
#14 0x00007f724773d6fa in gtk_tree_view_draw_arrow
(tree_view=tree_view@entry=0x7f72b9630b50, tree=tree@entry=0x7f72b904d7d0, 
    node=node@entry=0x7f72b9335120, x=x@entry=0, y=y@entry=7) at
../../gtk+-2.24.31/gtk/gtktreeview.c:9576
#15 0x00007f7247743ba0 in do_prelight
(tree_view=tree_view@entry=0x7f72b9630b50, tree=0x7f72b904d7d0,
node=0x7f72b9335120, x=0, 
    y=7) at ../../gtk+-2.24.31/gtk/gtktreeview.c:3270
#16 0x00007f724774b134 in prelight_or_select
(tree_view=tree_view@entry=0x7f72b9630b50, tree=<optimized out>, 
    node=<optimized out>, x=<optimized out>, y=<optimized out>) at
../../gtk+-2.24.31/gtk/gtktreeview.c:3320
#17 0x00007f724774da25 in gtk_tree_view_enter_notify
(widget=widget@entry=0x7f72b9630b50, event=0x7f72b8f0bca0)
    at ../../gtk+-2.24.31/gtk/gtktreeview.c:5620

(gdb) frame 9
#9  0x00007f7247425fbd in Oxygen::TreeViewStateData::dirtyRect
(this=this@entry=0x7f72b9771278)
    at ../../oxygen-gtk2-1.4.6/src/animations/oxygentreeviewstatedata.cpp:129
129                 const GdkRectangle previousRect(
_previous._info.backgroundRect( treeView ) );

(gdb) frame 8
#8  0x00007f7247434af5 in Oxygen::Gtk::CellInfo::backgroundRect
(this=this@entry=0x7f72b9771320,
    treeView=treeView@entry=0x7f72b9630b50) at
../../oxygen-gtk2-1.4.6/src/oxygengtkcellinfo.cpp:206
206             { gtk_tree_view_get_background_area( treeView, _path, _column,
&out ); }

(gdb) frame 7
#7  0x00007f724774a012 in IA__gtk_tree_view_get_background_area
(tree_view=tree_view@entry=0x7f72b9630b50, path=0x7f72b8a2cdb0,
    column=0x7f72b92b5840, rect=rect@entry=0x7f72be2345b0) at
../../gtk+-2.24.31/gtk/gtktreeview.c:13035
13035     g_return_if_fail (column == NULL || GTK_IS_TREE_VIEW_COLUMN
(column));

(gdb) print *column
$1 = {parent = {parent_instance = {g_type_instance = {g_class =
0x3f0000003f000000}, ref_count = 0, qdata = 0xa}, flags = 0},
  tree_view = 0x0, button = 0x0, child = 0x7f72b8ac0180, arrow = 0x1, alignment
= 0x7f72b8f0da30, window = 0x310fe0,
  editable_widget = 0xe00, xalign = 0, property_changed_signal = 0, spacing =
-1185748944,
  column_type = (GTK_TREE_VIEW_COLUMN_FIXED | unknown: 32624), requested_width
= 28, button_request = 25, resized_width = 96,
  width = 0, fixed_width = 28, min_width = 25, max_width = -1184045376, drag_x
= 32626, drag_y = -1180018624, title = 0x0,
  cell_list = 0x0, sort_clicked_signal = 3093474752, sort_column_changed_signal
= 32626, sort_column_id = -1188131744,
  sort_order = (unknown: 32626), visible = 0, resizable = 0, clickable = 0,
dirty = 0, show_sort_indicator = 0,
  maybe_reordered = 0, reorderable = 0, use_resized_width = 0, expand = 0}

As you can see, Oxygen-Gtk is attempting to check that the
Oxygen::Gtk::CellInfo::_column data member points to a valid GtkTreeViewColumn,
but the referent of the pointer has already been freed, leaving a garbage
address in g_class, which causes the G_TYPE_CHECK_INSTANCE_TYPE in
GTK_IS_TREE_VIEW_COLUMN to segfault.

Probably Oxygen::Gtk::CellInfo should not be holding onto a pointer to a
GtkTreeViewColumn instance without incrementing its reference count.

-- 
You are receiving this mail because:
You are watching all bug changes.

[Oxygen] [Bug 338012] Eclipse crashes in debug mode and using oxygen-gtk

Reply via email to