gtk issueshttps://gitlab.gnome.org/GNOME/gtk/-/issues2022-02-16T01:26:19Zhttps://gitlab.gnome.org/GNOME/gtk/-/issues/4567Crashed on windows 10 under MSYS22022-02-16T01:26:19ZTAO ZUHONGCrashed on windows 10 under MSYS2## Steps to reproduce
1. Create an GtkSourceView / GtkTextView
2. Insert lines quickly
3. then crashed
## Current behavior
Crashed while open text view with text
The main break point seems like:
iter_init_from_char_offset
gtk_text_l...## Steps to reproduce
1. Create an GtkSourceView / GtkTextView
2. Insert lines quickly
3. then crashed
## Current behavior
Crashed while open text view with text
The main break point seems like:
iter_init_from_char_offset
gtk_text_layout_invalidate
## Expected outcome
work normally like GTK3
## Version information
GTK 4.5.1<br/>
GLib 2.70.2<br/>
Pango: 1.50.3<br/>
GtkSourceView: 5.2.0
Windows: Windows 10 21H1(19043.1415)<br/>
## Additional information
```text
Gtk-CRITICAL **: 10:44:02.996: gtk_widget_measure: assertion 'for_size >= minimum opposite size' failed: 122 >= 638
Gtk-CRITICAL **: 10:44:04.617: gtk_widget_measure: assertion 'for_size >= minimum opposite size' failed: 512 >= 1168
GLib-WARNING **: 10:46:17.510: Accessing a sequence while it is being sorted or searched is not allowed
GLib-WARNING **: 10:46:17.667: corrupted double-linked list detected
Gtk-CRITICAL **: 10:44:06.722: gtk_text_layout_invalidate: assertion 'layout->wrap_loop_count == 0' failed
.......<many lines>
Gtk-CRITICAL **: 10:44:07.324: gtk_text_layout_invalidate: assertion 'layout->wrap_loop_count == 0' failed
(kangaroo.exe:2400): GLib-WARNING **: 10:47:15.178: Accessing a sequence while it is being sorted or searched is not allowed
Gtk-WARNING **: 10:47:15.180: Invalid text buffer iterator: either the iterator is uninitialized, or the characters/paintables/widgets in the buffer have been modified since the iterator was created.
You must use marks, character numbers, or line numbers to preserve a position across buffer modifications.
You can apply tags and insert marks without invalidating your iterators,
but any mutation that affects 'indexable' buffer contents (contents that can be referred to by character offset)
will invalidate all outstanding iterators
Gtk-WARNING **: 10:47:15.180: Invalid text buffer iterator: either the iterator is uninitialized, or the characters/paintables/widgets in the buffer have been modified since the iterator was created.
You must use marks, character numbers, or line numbers to preserve a position across buffer modifications.
You can apply tags and insert marks without invalidating your iterators,
but any mutation that affects 'indexable' buffer contents (contents that can be referred to by character offset)
will invalidate all outstanding iterators
Thread 1 received signal SIGTRAP, Trace/breakpoint trap.
0x00007ffb2c2144e8 in ?? () from C:\msys\mingw64\bin\libglib-2.0-0.dll
(gdb) bt
#0 0x00007ffb2c2144e8 in ?? () from C:\msys\mingw64\bin\libglib-2.0-0.dll
#1 0x00007ffb2c212876 in ?? () from C:\msys\mingw64\bin\libglib-2.0-0.dll
#2 0x00007ffb2c213a52 in ?? () from C:\msys\mingw64\bin\libglib-2.0-0.dll
#3 0x00007ffb0e21bcd2 in ?? () from C:\msys\mingw64\bin\libgtk-4-1.dll
#4 0x00007ffb0e21eece in ?? () from C:\msys\mingw64\bin\libgtk-4-1.dll
#5 0x00007ffb0e21a3cf in ?? () from C:\msys\mingw64\bin\libgtk-4-1.dll
#6 0x00007ffb0e307c44 in ?? () from C:\msys\mingw64\bin\libgtk-4-1.dll
#7 0x00007ffb0e307e06 in ?? () from C:\msys\mingw64\bin\libgtk-4-1.dll
#8 0x00007ffb0e30b1f9 in ?? () from C:\msys\mingw64\bin\libgtk-4-1.dll
#9 0x00007ffb0e21a313 in ?? () from C:\msys\mingw64\bin\libgtk-4-1.dll
#10 0x00007ffb0e22e749 in ?? () from C:\msys\mingw64\bin\libgtk-4-1.dll
#11 0x00007ffb2c208d47 in ?? () from C:\msys\mingw64\bin\libglib-2.0-0.dll
#12 0x00007ffb2c20bede in ?? () from C:\msys\mingw64\bin\libglib-2.0-0.dll
#13 0x00007ffb2c20c201 in ?? () from C:\msys\mingw64\bin\libglib-2.0-0.dll
#14 0x00007ffb1ef9db7d in ?? () from C:\msys\mingw64\bin\libgio-2.0-0.dll
#15 0x00007ff6bd9015ea in _vala_main (args=0x18fff52db10, args_length1=1)
at ../src/main.vala:22
#16 0x00007ff6bd90162d in main (argc=1, argv=0x18fff52db10)
at ../src/main.vala:13
```
![image](/uploads/2261a0ac87cac0b54efe60fc8f72dce4/image.png)https://gitlab.gnome.org/GNOME/gtk/-/issues/4302Segfault in tree_node_get_position2021-09-30T07:24:25ZTad FisherSegfault in tree_node_get_position<!--
Please, read the CONTRIBUTING.md guide on how to file a new issue.
https://gitlab.gnome.org/GNOME/gtk/-/blob/master/CONTRIBUTING.md
-->
## Steps to reproduce
<!--
Please, explain the sequence of actions necessary to reproduc...<!--
Please, read the CONTRIBUTING.md guide on how to file a new issue.
https://gitlab.gnome.org/GNOME/gtk/-/blob/master/CONTRIBUTING.md
-->
## Steps to reproduce
<!--
Please, explain the sequence of actions necessary to reproduce the
crash
-->
I'm not sure if the root cause is in GJS, but somehow I am causing TreeListModel to segfault when removing items from a child model inside a `Settings::changed` signal handler.
1. Set up a ListBox with a TreeListModel, with the parent model being a set of GSettings keys corresponding to string-array values and the child models holding those values in a ListStore. The ListBox rows update `TreeListRow.expanded` when activated, causing the child model to load and populate itself with values.
2. Set up `Settings::changed` to update the child ListStore when updating the corresponding GSettings key.
3. Strange bit: Updating a Settings value works as expected, including adding/removing/changing child items in response. It is only after collapsing the parent row and expanding again (running through `TreeListModel.create_func`) that updating the Settings value and modifying the child model results in a segfault.
<!--
You should try and reproduce with the demos applications available
under the `demos` directory, or the test programs in the `tests` directory.
Alternatively, please attach a *small and self-contained* example that
exhibits the issue.
-->
## Version information
<!--
- Which version of GTK you are using
- What operating system and version
- for Linux, which distribution
- If you built GTK yourself, the list of options used to configure the build
-->
- GTK 4.2.1
- NixOS 21.11 (Porcupine)
## Warnings
<!--
- If the application generates warning messages before crashing please
report them here
-->
## Backtrace
<!--
- Attaching a stack trace obtained using GDB is appreciated; follow the
instructions on the wiki:
https://wiki.gnome.org/Community/GettingInTouch/Bugzilla/GettingTraces
-->
[treelistmodel.trace](/uploads/c06f46921775dce3e25a9558592de387/treelistmodel.trace)https://gitlab.gnome.org/GNOME/gtk/-/issues/4019Crash on ListBoxRow.get_index2021-06-10T19:12:48ZBilal Elmoussaouibil.elmoussaoui@gmail.comCrash on ListBoxRow.get_indexWe received an issue in the gtk4 rust bindings where `get_index` of Gtk.ListBoxRow causes a crash
Upstream issue: https://github.com/gtk-rs/gtk4-rs/issues/447
I managed to reproduce it with Python
```python
from gi import require_versi...We received an issue in the gtk4 rust bindings where `get_index` of Gtk.ListBoxRow causes a crash
Upstream issue: https://github.com/gtk-rs/gtk4-rs/issues/447
I managed to reproduce it with Python
```python
from gi import require_version
require_version("Gtk", "4.0")
from gi.repository import Gtk
class App(Gtk.Application):
def __init__(self):
super().__init__()
def do_activate(self):
window = Gtk.ApplicationWindow.new(self)
vbox = Gtk.Box.new(Gtk.Orientation.VERTICAL, 0)
self.listbox = Gtk.ListBox.new()
self.listbox.append(Gtk.Label.new("Crash"))
button = Gtk.Button.new_with_label("Click me")
button.connect("clicked", self.on_clicked)
vbox.append(self.listbox)
vbox.append(button)
window.set_child(vbox)
window.show()
def on_clicked(self, button):
row = self.listbox.get_selected_row()
self.listbox.remove(row)
print(row.get_index())
def main():
app = App()
app.run()
main()
```
The crash only happens from time to time whenever you click on the button. Normally, if the row isn't part of the listbox anymore, it should return an index of -1 instead of crashing.
The backtrace doesn't contain anything useful other than the issue happening on glib side, at `0 0x00007fffe9fc9b28 in node_get_pos () at /lib64/libglib-2.0.so.0`. I assume there's a missing `g_return_if_fail` that validates the `GSequenceIter`.https://gitlab.gnome.org/GNOME/gtk/-/issues/3933Crash when hiding menubar on fullscreen in X112021-07-13T21:50:56ZPhilip JonesCrash when hiding menubar on fullscreen in X11<!--
Please, read the CONTRIBUTING.md guide on how to file a new issue.
https://gitlab.gnome.org/GNOME/gtk/-/blob/master/CONTRIBUTING.md
-->
Motivation: I'm trying to automatically hide an application's menubar when it is fullscree...<!--
Please, read the CONTRIBUTING.md guide on how to file a new issue.
https://gitlab.gnome.org/GNOME/gtk/-/blob/master/CONTRIBUTING.md
-->
Motivation: I'm trying to automatically hide an application's menubar when it is fullscreened.
## Steps to reproduce
<!--
Please, explain the sequence of actions necessary to reproduce the
crash
-->
1. Create a `GtkApplicationWindow` with a menubar (with submenus) set to be shown.
2. Create a callback function that calls `gtk_application_window_set_show_menubar()`
3. Connect this callback to the `notify::fullscreened` signal of the window
4. Run the app, and open one of the menubar's items at least once.
5. Fullscreening the app will then cause it to crash.
Please see the attached [video](/uploads/9b070f91dd4d34c480db44f72a8cf5ee/2021-05-09_13-32-29.mkv) and [example code](/uploads/86195b6a3a3e5c3f247e73e3516a16d7/hello.c).
Note: This only happens under X11, Wayland behaves as expected.
<!--
You should try and reproduce with the demos applications available
under the `demos` directory, or the test programs in the `tests` directory.
Alternatively, please attach a *small and self-contained* example that
exhibits the issue.
-->
## Version information
<!--
- Which version of GTK you are using
- What operating system and version
- for Linux, which distribution
- If you built GTK yourself, the list of options used to configure the build
-->
GTK 4.2.1, Arch linux
## Warnings
<!--
- If the application generates warning messages before crashing please
report them here
-->
```
(hello:203502): Gdk-ERROR **: 13:32:39.551: The program 'hello' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadWindow (invalid Window parameter)'.
(Details: serial 2032 error_code 3 request_code 12 (core protocol) minor_code 0)
(Note to programmers: normally, X errors are reported asynchronously;
that is, you will receive the error a while after causing it.
To debug your program, run it with the GDK_SYNCHRONIZE environment
variable to change this behavior. You can then get a meaningful
backtrace from your debugger if you break on the gdk_x_error() function.)
Trace/breakpoint trap (core dumped)
```
## Backtrace
<!--
- Attaching a stack trace obtained using GDB is appreciated; follow the
instructions on the wiki:
https://wiki.gnome.org/Community/GettingInTouch/Bugzilla/GettingTraces
-->
[trace.log](/uploads/15a2919b5e6320e2d979af695f1d143c/trace.log)https://gitlab.gnome.org/GNOME/gtk/-/issues/3762Inspector: Crashes with SIGSEGV during GtkTreeView analysis2021-03-18T05:20:13ZcrviInspector: Crashes with SIGSEGV during GtkTreeView analysisversion: 3.24.24
Was toggling the treeview search property in nautilus listview GtkTreeView, and trying new search text was switching between nautilus search and Gtk treeview search. The GtkInspector widget properties for the listview G...version: 3.24.24
Was toggling the treeview search property in nautilus listview GtkTreeView, and trying new search text was switching between nautilus search and Gtk treeview search. The GtkInspector widget properties for the listview GtkTreeView became empty and crashed.
```
(gdb) bt
#0 g_type_check_instance (type_instance=type_instance@entry=0x557e007d2530) at ../../../gobject/gtype.c:4135
#1 0x00007f1bff4f3454 in g_signal_handlers_disconnect_matched (instance=instance@entry=0x557e007d2530, mask=mask@entry=(G_SIGNAL_MATCH_FUNC | G_SIGNAL_MATCH_DATA), signal_id=signal_id@entry=0, detail=detail@entry=0, closure=closure@entry=0x0, func=func@entry=0x7f1bffad42d0 <action_added_cb>, data=0x557e00476790) at ../../../gobject/gsignal.c:3022
#2 0x00007f1bffad3f65 in disconnect_group (key=0x557e007d2530, value=<optimized out>, data=0x557e00476790) at ../../../../gtk/inspector/actions.c:196
#3 0x00007f1c001dcfa0 in g_hash_table_foreach (hash_table=0x557e00d5fa40 = {...}, func=func@entry=0x7f1bffad3f40 <disconnect_group>, user_data=user_data@entry=0x557e00476790) at ../../../glib/ghash.c:2067
#4 0x00007f1bffad449c in gtk_inspector_actions_set_object (sl=0x557e00476790 [GtkInspectorActions], object=object@entry=0x557e00d1ff50 [GtkTreeView]) at ../../../../gtk/inspector/actions.c:207
#5 0x00007f1bffaeb4cf in set_selected_object (iw=iw@entry=0x557e0089e730 [GtkInspectorWindow], selected=selected@entry=0x557e00d1ff50 [GtkTreeView]) at ../../../../gtk/inspector/window.c:77
#6 0x00007f1bffaeb5e3 in set_selected_object (selected=0x557e00d1ff50 [GtkTreeView], iw=0x557e0089e730 [GtkInspectorWindow]) at ../../../../gtk/inspector/window.c:105
#7 on_object_activated (wt=0x557e00b02180 [GtkInspectorObjectTree], selected=0x557e00d1ff50 [GtkTreeView], name=<optimized out>, iw=0x557e0089e730 [GtkInspectorWindow]) at ../../../../gtk/inspector/window.c:96
#8 0x00007f1bfe4ecd1d in ffi_call_unix64 () at ../src/x86/unix64.S:101
#9 0x00007f1bfe4ec289 in ffi_call_int (cif=0x7ffea3840900, fn=0x7f1bffaeb5b0 <on_object_activated>, rvalue=<optimized out>, avalue=<optimized out>, closure=<optimized out>) at ../src/x86/ffi64.c:669
#14 0x00007f1bff4f4c3f in <emit signal ??? on instance 0x557e00b02180 [GtkInspectorObjectTree]> (instance=instance@entry=0x557e00b02180, signal_id=<optimized out>, detail=detail@entry=0) at ../../../gobject/gsignal.c:3551
#10 0x00007f1bff4dc8fc in g_cclosure_marshal_generic (closure=closure@entry=0x557e0153b950, return_gvalue=return_gvalue@entry=0x0, n_param_values=n_param_values@entry=3, param_values=param_values@entry=0x7ffea3840b00, invocation_hint=invocation_hint@entry=0x7ffea3840a80, marshal_data=marshal_data@entry=0x0) at ../../../gobject/gclosure.c:1500
#11 0x00007f1bff4dc0a2 in g_closure_invoke (closure=0x557e0153b950, return_value=return_value@entry=0x0, n_param_values=3, param_values=param_values@entry=0x7ffea3840b00, invocation_hint=invocation_hint@entry=0x7ffea3840a80) at ../../../gobject/gclosure.c:810
#12 0x00007f1bff4ee413 in signal_emit_unlocked_R (node=node@entry=0x557e00a07550, detail=detail@entry=0, instance=instance@entry=0x557e00b02180, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffea3840b00) at ../../../gobject/gsignal.c:3739
#13 0x00007f1bff4f46cf in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffea3840cb0) at ../../../gobject/gsignal.c:3495
#15 0x00007f1bffadddc6 in on_row_activated (tree=tree@entry=0x557e005babd0 [GtkTreeView], path=path@entry=0x557e015f6c90, col=col@entry=0x0, wt=0x557e00b02180 [GtkInspectorObjectTree]) at ../../../../gtk/inspector/object-tree.c:575
#16 0x00007f1bffddd635 in _gtk_marshal_VOID__BOXED_OBJECTv (closure=0x557e0099e470, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x557e00090500) at gtkmarshalers.c:3425
#17 0x00007f1bff4dc2ee in _g_closure_invoke_va (closure=closure@entry=0x557e0099e470, return_value=return_value@entry=0x0, instance=instance@entry=0x557e005babd0, args=args@entry=0x7ffea3841060, n_params=2, param_types=0x557e00090500) at ../../../gobject/gclosure.c:873
#18 0x00007f1bff4f4a48 in g_signal_emit_valist (instance=0x557e005babd0, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffea3841060) at ../../../gobject/gsignal.c:3404
#19 0x00007f1bff4f4c3f in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at ../../../gobject/gsignal.c:3551
#20 0x00007f1bffadf5fc in select_object_internal (wt=0x557e00b02180 [GtkInspectorObjectTree], object=0x18, object@entry=0x557e00d1ff50 [GtkTreeView], activate=1) at ../../../../gtk/inspector/object-tree.c:1181
#21 0x00007f1bffadf6ba in gtk_inspector_object_tree_select_object (wt=wt@entry=0x557e00b02180 [GtkInspectorObjectTree], object=object@entry=0x557e00d1ff50 [GtkTreeView]) at ../../../../gtk/inspector/object-tree.c:1194
#22 0x00007f1bffadb02b in select_widget (widget=0x557e00d1ff50 [GtkTreeView], iw=0x557e0089e730 [GtkInspectorWindow]) at ../../../../gtk/inspector/inspect-button.c:223
#23 on_inspect_widget (button=0x557e00b02180 [GtkInspectorObjectTree], iw=0x557e0089e730 [GtkInspectorWindow], event=0x557e00e9b340) at ../../../../gtk/inspector/inspect-button.c:241
#24 property_query_event (widget=widget@entry=0x557e00e16d30 [GtkInvisible], event=event@entry=0x557e00e9b340, data=0x557e0089e730) at ../../../../gtk/inspector/inspect-button.c:328
#25 0x00007f1bffdd8998 in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x557e011dd850, return_value=0x7ffea3841340, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x557dfffc7df0) at gtkmarshalers.c:129
#26 0x00007f1bff4dc2ee in _g_closure_invoke_va (closure=closure@entry=0x557e011dd850, return_value=return_value@entry=0x7ffea3841340, instance=instance@entry=0x557e00e16d30, args=args@entry=0x7ffea3841410, n_params=1, param_types=0x557dfffc7df0) at ../../../gobject/gclosure.c:873
#27 0x00007f1bff4f3df9 in g_signal_emit_valist (instance=0x557e00e16d30, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffea3841410) at ../../../gobject/gsignal.c:3404
#28 0x00007f1bff4f4c3f in g_signal_emit (instance=instance@entry=0x557e00e16d30, signal_id=<optimized out>, detail=detail@entry=0) at ../../../gobject/gsignal.c:3551
#29 0x00007f1bffd82b47 in gtk_widget_event_internal (widget=widget@entry=0x557e00e16d30 [GtkInvisible], event=event@entry=0x557e00e9b340) at ../../../../gtk/gtkwidget.c:7695
#30 0x00007f1bffd84ed2 in gtk_widget_event_internal (event=0x557e00e9b340, widget=0x557e00e16d30 [GtkInvisible]) at ../../../../gtk/gtkwidget.c:7379
#31 0x00007f1bffc35de0 in propagate_event_up (topmost=<optimized out>, event=<optimized out>, widget=0x557e00e16d30 [GtkInvisible]) at ../../../../gtk/gtkmain.c:2597
#32 propagate_event (widget=widget@entry=0x557e00e16d30 [GtkInvisible], event=event@entry=0x557e00e9b340, captured=captured@entry=0, topmost=topmost@entry=0x0) at ../../../../gtk/gtkmain.c:2700
#33 0x00007f1bffc3713f in gtk_propagate_event (widget=widget@entry=0x557e00e16d30 [GtkInvisible], event=event@entry=0x557e00e9b340) at ../../../../gtk/gtkmain.c:2734
#34 0x00007f1bffc37a43 in gtk_main_do_event (event=0x557e00e9b340) at ../../../../gtk/gtkmain.c:1920
#35 gtk_main_do_event (event=<optimized out>) at ../../../../gtk/gtkmain.c:1690
#36 0x00007f1bff920775 in _gdk_event_emit (event=event@entry=0x557e00d99660) at ../../../../gdk/gdkevents.c:73
#37 0x00007f1bff954282 in gdk_event_source_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ../../../../../gdk/x11/gdkeventsource.c:367
#38 0x00007f1c001eee6b in g_main_dispatch (context=0x557dff549620) at ../../../glib/gmain.c:3325
#39 g_main_context_dispatch (context=0x557dff549620) at ../../../glib/gmain.c:4043
#40 0x00007f1c001ef118 in g_main_context_iterate (context=context@entry=0x557dff549620, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4119
#41 0x00007f1c001ef1cf in g_main_context_iteration (context=context@entry=0x557dff549620, may_block=may_block@entry=1) at ../../../glib/gmain.c:4184
#42 0x00007f1bff601545 in g_application_run (application=0x557dff534210 [NautilusApplication], argc=-1551624412, argc@entry=2, argv=argv@entry=0x7ffea3841898) at ../../../gio/gapplication.c:2559
#43 0x0000557dfd6425b7 in main (argc=2, argv=0x7ffea3841898) at ../src/nautilus-main.c:81
```https://gitlab.gnome.org/GNOME/gtk/-/issues/3184Application crashes when presenting popover menus2023-09-18T14:54:12ZMohammed SadiqApplication crashes when presenting popover menusThe file chooser dialog may crash if right click pressed after scrolling. This is on X11.
How to reproduce:
1. Open `gtk4-widget-factory` -> file chooser dialog
1. Move to some directory with lots of files
1. Scroll to the end of list
1...The file chooser dialog may crash if right click pressed after scrolling. This is on X11.
How to reproduce:
1. Open `gtk4-widget-factory` -> file chooser dialog
1. Move to some directory with lots of files
1. Scroll to the end of list
1. Right click on some file at the bottom
Result: The application crashes as it dereference a NULL pointer
![file-chooser-right-click-crash](/uploads/a152e8abd440baf399ad8ad0aa4e6c3c/file-chooser-right-click-crash.webm)
asan output:
```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==14118==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x7ff894718e2e bp 0x7fffb9f5fba0 sp 0x7fffb9f5fb70 T0)
==14118==The signal is caused by a READ memory access.
==14118==Hint: address points to the zero page.
#0 0x7ff894718e2e in gdk_x11_monitor_get_workarea ../../../../jhbuild/checkout/gtk+/gdk/x11/gdkmonitor-x11.c:79
#1 0x7ff8946fb133 in gdk_x11_surface_layout_popup ../../../../jhbuild/checkout/gtk+/gdk/x11/gdksurface-x11.c:1565
#2 0x7ff8946fb133 in gdk_x11_surface_present_popup ../../../../jhbuild/checkout/gtk+/gdk/x11/gdksurface-x11.c:1618
#3 0x7ff8946fb133 in gdk_x11_popup_present ../../../../jhbuild/checkout/gtk+/gdk/x11/gdksurface-x11.c:4658
#4 0x7ff8944b5658 in present_popup ../../../../jhbuild/checkout/gtk+/gtk/gtkpopover.c:573
#5 0x7ff8944b7ab6 in gtk_popover_show ../../../../jhbuild/checkout/gtk+/gtk/gtkpopover.c:941
#6 0x7ff894142288 in _g_closure_invoke_va ../../../../jhbuild/checkout/glib/gobject/gclosure.c:873
#7 0x7ff89415a8b6 in g_signal_emit_valist ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3403
#8 0x7ff89415aa8c in g_signal_emit ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3550
#9 0x7ff8945a9e90 in gtk_widget_show ../../../../jhbuild/checkout/gtk+/gtk/gtkwidget.c:2551
#10 0x7ff8944100ae in file_list_show_popover ../../../../jhbuild/checkout/gtk+/gtk/gtkfilechooserwidget.c:1963
#11 0x7ff894419c19 in list_popup_menu_cb ../../../../jhbuild/checkout/gtk+/gtk/gtkfilechooserwidget.c:1978
#12 0x7ff894357c71 in _gtk_marshal_VOID__INT_DOUBLE_DOUBLEv gtk/gtkmarshalers.c:5445
#13 0x7ff894142288 in _g_closure_invoke_va ../../../../jhbuild/checkout/glib/gobject/gclosure.c:873
#14 0x7ff89415a8b6 in g_signal_emit_valist ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3403
#15 0x7ff89415aa8c in g_signal_emit ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3550
#16 0x7ff89443791b in gtk_gesture_click_begin ../../../../jhbuild/checkout/gtk+/gtk/gtkgestureclick.c:231
#17 0x7ff894144f93 in g_cclosure_marshal_VOID__BOXEDv ../../../../jhbuild/checkout/glib/gobject/gmarshal.c:1686
#18 0x7ff894142288 in _g_closure_invoke_va ../../../../jhbuild/checkout/glib/gobject/gclosure.c:873
#19 0x7ff89415a8b6 in g_signal_emit_valist ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3403
#20 0x7ff89415aa8c in g_signal_emit ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3550
#21 0x7ff894434155 in _gtk_gesture_set_recognized ../../../../jhbuild/checkout/gtk+/gtk/gtkgesture.c:333
#22 0x7ff894434155 in _gtk_gesture_set_recognized ../../../../jhbuild/checkout/gtk+/gtk/gtkgesture.c:319
#23 0x7ff894434155 in _gtk_gesture_check_recognized ../../../../jhbuild/checkout/gtk+/gtk/gtkgesture.c:379
#24 0x7ff894435782 in gtk_gesture_handle_event ../../../../jhbuild/checkout/gtk+/gtk/gtkgesture.c:638
#25 0x7ff894438ce4 in gtk_gesture_single_handle_event ../../../../jhbuild/checkout/gtk+/gtk/gtkgesturesingle.c:227
#26 0x7ff8943feb15 in gtk_event_controller_handle_event ../../../../jhbuild/checkout/gtk+/gtk/gtkeventcontroller.c:358
#27 0x7ff8945aa590 in gtk_widget_run_controllers ../../../../jhbuild/checkout/gtk+/gtk/gtkwidget.c:4320
#28 0x7ff8945b1d9c in gtk_widget_event ../../../../jhbuild/checkout/gtk+/gtk/gtkwidget.c:4520
#29 0x7ff8944853f1 in gtk_propagate_event_internal ../../../../jhbuild/checkout/gtk+/gtk/gtkmain.c:1933
#30 0x7ff894485a5a in gtk_main_do_event ../../../../jhbuild/checkout/gtk+/gtk/gtkmain.c:1675
#31 0x7ff8945bea8b in surface_event ../../../../jhbuild/checkout/gtk+/gtk/gtkwindow.c:4779
#32 0x7ff89469a5f5 in _gdk_marshal_BOOLEAN__POINTER gdk/gdkmarshalers.c:258
#33 0x7ff8946c1edf in gdk_surface_event_marshaller ../../../../jhbuild/checkout/gtk+/gdk/gdksurface.c:419
#34 0x7ff894142041 in g_closure_invoke ../../../../jhbuild/checkout/glib/gobject/gclosure.c:810
#35 0x7ff89415429a in signal_emit_unlocked_R ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3738
#36 0x7ff89415a0b8 in g_signal_emit_valist ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3504
#37 0x7ff89415aa8c in g_signal_emit ../../../../jhbuild/checkout/glib/gobject/gsignal.c:3550
#38 0x7ff8946c56fa in gdk_surface_handle_event ../../../../jhbuild/checkout/gtk+/gdk/gdksurface.c:2852
#39 0x7ff894707ca2 in gdk_event_source_dispatch ../../../../jhbuild/checkout/gtk+/gdk/x11/gdkeventsource.c:424
#40 0x7ff8941d86fc in g_main_dispatch ../../../../jhbuild/checkout/glib/glib/gmain.c:3325
#41 0x7ff8941d86fc in g_main_context_dispatch ../../../../jhbuild/checkout/glib/glib/gmain.c:4016
#42 0x7ff8941d8987 in g_main_context_iterate ../../../../jhbuild/checkout/glib/glib/gmain.c:4092
#43 0x7ff8941d8a2f in g_main_context_iteration ../../../../jhbuild/checkout/glib/glib/gmain.c:4157
#44 0x7ff894040574 in g_application_run ../../../../jhbuild/checkout/glib/gio/gapplication.c:2559
#45 0x55684a69c71e in main ../demos/widget-factory/widget-factory.c:2423
#46 0x7ff893d49cc9 in __libc_start_main ../csu/libc-start.c:308
#47 0x55684a69c789 in _start (/media/sadiq/temp/jhbuild/checkout/gtk+/build/demos/widget-factory/gtk4-widget-factory+0x11789)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../../../../jhbuild/checkout/gtk+/gdk/x11/gdkmonitor-x11.c:79 in gdk_x11_monitor_get_workarea
==14118==ABORTING
```https://gitlab.gnome.org/GNOME/gtk/-/issues/2934tree-view: SIGSEGV after call to `set_drag_dest_row`2020-07-14T19:29:30Zhenry wilkestree-view: SIGSEGV after call to `set_drag_dest_row`If neither `gtk_tree_view_enable_model_drag_dest` nor `gtk_tree_view_enable_model_drag_source` have been called, then calling `gtk_tree_view_set_drag_dest_row` will lead to a SIGSEGV in the next snapshot.
In particular, the `di` at http...If neither `gtk_tree_view_enable_model_drag_dest` nor `gtk_tree_view_enable_model_drag_source` have been called, then calling `gtk_tree_view_set_drag_dest_row` will lead to a SIGSEGV in the next snapshot.
In particular, the `di` at https://gitlab.gnome.org/GNOME/gtk/-/blob/master/gtk/gtktreeview.c#L4845 will be `NULL` (there is no `"gtk-tree-view-drag-info"` data) so `di->cssnode` in the next `switch` statement will cause a memory access problem.
I noticed this when I was using `GtkDragGesture` for custom reordering of a tree view. I just wanted the insert line to show up on the tree.https://gitlab.gnome.org/GNOME/gtk/-/issues/2789Focusing an entry in a popover via a touch event causes segfault2023-06-21T19:44:41ZSlatianFocusing an entry in a popover via a touch event causes segfaultBasically most of the time you use a touchscreen or touch emulation and focus an (empty) Gtk Entry, that is inside a Gtk Popover you get a segfault.
To reproduce:
- Use a touchscreen or enable the Gtk inspector
- Open a gtk application...Basically most of the time you use a touchscreen or touch emulation and focus an (empty) Gtk Entry, that is inside a Gtk Popover you get a segfault.
To reproduce:
- Use a touchscreen or enable the Gtk inspector
- Open a gtk application, that has a Gtk Entry inside a popover
(That includes the popover demo, gnome-calendar or anything with an emoji chooser)
- Turn on touch emulation, if you are not using a touchscreen
- Open a popover with a Gtk Entry
- If the entry autofocused tap/click on another widget* in the popover to unfocus it
- Tap/Click on the entry to focus it
- => Segfault
*for some reason it does not crash when this other widget is a Gtk TextView
(automatically switching the focus using the grab_focus() signal will not prevent it from crashing)
I have originally noticed this on a pinephone running a community build of the (debian based) pureOS and managed to reproduce it on a machine running an up to date manjaro with Gtk 3.24.20
Below are the last word of gnome-calendar, the gtk3 popover demo and the gtk widget factory:
Gnome Calendar crashed with the entry in the New Event popover
```
(gnome-calendar:131412): Gtk-CRITICAL **: 14:34:31.375: _gtk_widget_get_preferred_size_and_baseline: assertion 'GTK_IS_WIDGET (widget)' failed
[1] 131412 segmentation fault (core dumped) gnome-calendar
```
Gnome Calendar when tapping on the entry in the main menu under "Weather"
```
[1] 482735 segmentation fault (core dumped) gnome-calendar
```
gtk3-demo crashed using the popover demo (also works, when using the demo from the gtk-3-24 branch)
```
(gtk3-demo:133126): Gtk-CRITICAL **: 15:03:08.290: _gtk_widget_get_preferred_size_and_baseline: assertion 'GTK_IS_WIDGET (widget)' failed
(gtk3-demo:133126): Gtk-CRITICAL **: 15:03:08.291: gtk_widget_get_vexpand: assertion 'GTK_IS_WIDGET (widget)' failed
(gtk3-demo:133126): Gtk-CRITICAL **: 15:03:08.291: gtk_widget_get_direction: assertion 'GTK_IS_WIDGET (widget)' failed
[1] 133126 segmentation fault (core dumped) gtk3-demo
```
The gtkwidget factory using the emoji picker on the third page
```
(gtk3-widget-factory:482326): Gtk-CRITICAL **: 17:02:21.567: _gtk_widget_get_preferred_size_and_baseline: assertion 'GTK_IS_WIDGET (widget)' failed
(gtk3-widget-factory:482326): Gtk-CRITICAL **: 17:02:21.567: gtk_widget_get_vexpand: assertion 'GTK_IS_WIDGET (widget)' failed
(gtk3-widget-factory:482326): Gtk-CRITICAL **: 17:02:21.567: gtk_widget_get_direction: assertion 'GTK_IS_WIDGET (widget)' failed
(gtk3-widget-factory:482326): Gtk-CRITICAL **: 17:02:21.567: gtk_widget_get_hexpand: assertion 'GTK_IS_WIDGET (widget)' failed
[1] 482326 segmentation fault (core dumped) gtk3-widget-factory
```
A backtrace of the gtk3-demo (popover demo) built from the gtk-3-24 branch:
[backtrace.txt](/uploads/e4f644dcbed9f5099680763caca6033f/backtrace.txt)https://gitlab.gnome.org/GNOME/gtk/-/issues/2744GtkTreeModelSorted row-deleted causes SEGV2020-05-15T11:16:15ZKian KarasGtkTreeModelSorted row-deleted causes SEGV## Steps to reproduce
1. Connect a callback to the "row-deleted" signal of a GtkTreeModelSort.
2. Remove the last row in the model.
3. Loop over all rows in the GtkTreeModelSort inside the callback using gtk_tree_model_get_iter_f...## Steps to reproduce
1. Connect a callback to the "row-deleted" signal of a GtkTreeModelSort.
2. Remove the last row in the model.
3. Loop over all rows in the GtkTreeModelSort inside the callback using gtk_tree_model_get_iter_first() and gtk_tree_model_iter_next(). Call gtk_tree_model_get() on each.
As far as I can tell, there are two errors:
1. gtk_tree_model_get_iter_first() should have returned FALSE in the "row-deleted" callback when it is the last row being removed.
2. I would have expected gtk_tree_model_get_valist() to handle the invalid iterator gracefully and not caused a SEGV.
The following code reproduces the errors:
```
#include <gtk/gtk.h>
static void sorted_row_deleted(GtkTreeModel *model, GtkTreePath *path,
gpointer data)
{
GtkTreeIter iter;
// Call should fail - but doesn't
if (gtk_tree_model_get_iter_first(model, &iter)) {
do {
gint val = -1;
// Results in SEGV in call to G_VALUE_COPY() from gtk_tree_model_get_valist()
gtk_tree_model_get(model, &iter,
0, &val,
-1);
} while (gtk_tree_model_iter_next(model, &iter));
}
}
int main(int argc, char *argv[])
{
if (!gtk_parse_args(&argc, &argv) ||
!gtk_init_check(&argc, &argv))
{
return 1;
}
GtkListStore *store = gtk_list_store_new(1, G_TYPE_INT);
GtkTreeModel *sorted =
gtk_tree_model_sort_new_with_model(GTK_TREE_MODEL(store));
g_signal_connect_after(G_OBJECT(sorted), "row-deleted",
G_CALLBACK(sorted_row_deleted), NULL);
GtkTreeIter iter;
gtk_list_store_insert_with_values(store, &iter, -1,
0, 123,
-1);
gtk_list_store_remove(store, &iter);
// We do not reach this point
return 0;
}
```
## Version information
libgtk-3-0/bionic-updates,now 3.22.30-1ubuntu4 amd64
## Warnings
```
(sandbox:26506): Gtk-CRITICAL **: 16:44:06.055: gtk_list_store_get_value: assertion 'iter_is_valid (iter, list_store)' failed
(sandbox:26506): GLib-GObject-WARNING **: 16:44:06.055: ../../../../gobject/gtype.c:4265: type id '0' is invalid
(sandbox:26506): GLib-GObject-WARNING **: 16:44:06.055: can't peek value table for type '<invalid>' which is not currently referenced
Segmentation fault (core dumped)
```
## Backtrace
```
gdb ./sandbox
GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./sandbox...done.
(gdb) run
Starting program: /home/kian/repo/lxsw/modules/app/gui/sandbox/src/sandbox
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffedba3700 (LWP 26616)]
[New Thread 0x7fffed3a2700 (LWP 26617)]
(sandbox:26610): Gtk-CRITICAL **: 16:46:12.426: gtk_list_store_get_value: assertion 'iter_is_valid (iter, list_store)' failed
(sandbox:26610): GLib-GObject-WARNING **: 16:46:12.426: ../../../../gobject/gtype.c:4265: type id '0' is invalid
(sandbox:26610): GLib-GObject-WARNING **: 16:46:12.426: can't peek value table for type '<invalid>' which is not currently referenced
Thread 1 "sandbox" received signal SIGSEGV, Segmentation fault.
0x00007ffff780d54d in gtk_tree_model_get_valist (tree_model=tree_model@entry=0x5555557f5940, iter=iter@entry=0x7fffffffd400, var_args=var_args@entry=0x7fffffffd2e0) at ../../../../gtk/gtktreemodel.c:1800
1800 ../../../../gtk/gtktreemodel.c: No such file or directory.
(gdb) bt full
#0 0x00007ffff780d54d in gtk_tree_model_get_valist (tree_model=tree_model@entry=0x5555557f5940, iter=iter@entry=0x7fffffffd400, var_args=var_args@entry=0x7fffffffd2e0) at ../../../../gtk/gtktreemodel.c:1800
_value = 0x7fffffffd230
_flags = 0
_value_type = <optimized out>
_vtable = 0x0
_cvalues =
{{v_int = -10704, v_long = 140737488344624, v_int64 = 140737488344624, v_double = 6.9533558073061565e-310, v_pointer = 0x7fffffffd630}, {v_int = -142523088, v_long = 140737345832240, v_int64 = 140737345832240, v_double = 6.9533487662588523e-310, v_pointer = 0x7ffff7814530 <gtk_tree_model_sort_offset_compare_func>}, {v_int = 1435260448, v_long = 93824995841568, v_int64 = 93824995841568, v_double = 4.6355707166516565e-310, v_pointer = 0x5555558c5620}, {v_int = 1434817568, v_long = 93824995398688, v_int64 = 93824995398688, v_double = 4.6355706947704772e-310, v_pointer = 0x555555859420}, {v_int = 1, v_long = 93823560581121, v_int64 = 93823560581121, v_double = 4.6354998053636868e-310, v_pointer = 0x555500000001}, {v_int = -141506440, v_long = 140737346848888, v_int64 = 140737346848888, v_double = 6.9533488164879374e-310, v_pointer = 0x7ffff790c878}, {v_int = -11104, v_long = 140737488344224, v_int64 = 140737488344224, v_double = 6.9533558072863938e-310, v_pointer = 0x7fffffffd4a0}, {v_int = -196729833, v_long = 140737291625495, v_int64 = 140737291625495, v_double = 6.9533460880898046e-310, v_pointer = 0x7ffff4462417 <g_datalist_get_data+119>}}
_lcopy_format = <optimized out>
_n_values = <optimized out>
value = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
error = 0x0
column = 0
__func__ = "gtk_tree_model_get_valist"
#1 0x00007ffff780d83d in gtk_tree_model_get (tree_model=0x5555557f5940, iter=0x7fffffffd400) at ../../../../gtk/gtktreemodel.c:1762
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fffffffd3d0, reg_save_area = 0x7fffffffd300}}
__func__ = "gtk_tree_model_get"
#2 0x0000555555554be2 in sorted_row_deleted (model=0x5555557f5940, path=0x5555558d6db0, data=0x0) at sandbox.c:14
val = -1
iter = {stamp = 713771869, user_data = 0x5555558cb420, user_data2 = 0x5555559dfe00, user_data3 = 0x0}
#3 0x00007ffff728910d in g_closure_invoke () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#4 0x00007ffff729bbf1 in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#5 0x00007ffff72a4715 in g_signal_emit_valist () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#6 0x00007ffff72a512f in g_signal_emit () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#7 0x00007ffff78174cb in gtk_tree_model_sort_row_deleted (s_model=<optimized out>, s_path=<optimized out>, data=0x5555557f5940) at ../../../../gtk/gtktreemodelsort.c:1060
tree_model_sort = 0x5555557f5940
path = 0x5555558d6db0
elt = 0x5555559dfe00
level = 0x5555558cb420
iter = {stamp = 713771868, user_data = 0x5555558cb420, user_data2 = 0x5555559dfe00, user_data3 = 0x0}
offset = 0
__func__ = "gtk_tree_model_sort_row_deleted"
#8 0x00007ffff728910d in g_closure_invoke () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#9 0x00007ffff729c05e in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#10 0x00007ffff72a4715 in g_signal_emit_valist () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#11 0x00007ffff72a512f in g_signal_emit () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#12 0x00007ffff76f9309 in gtk_list_store_remove (list_store=0x5555559dccf0, iter=0x7fffffffde00) at ../../../../gtk/gtkliststore.c:1217
priv = 0x5555559dcca0
path = 0x55555587cc50
ptr = 0x7fffe0010e30
next = 0x7fffe0010e60
__func__ = "gtk_list_store_remove"
#13 0x0000555555554d1d in main (argc=1, argv=0x7fffffffdf18) at sandbox.c:47
store = 0x5555559dccf0
sorted = 0x5555557f5940
iter = {stamp = 588212640, user_data = 0x7fffe0010e30, user_data2 = 0x555555554d40 <__libc_csu_init>, user_data3 = 0x555555554a70 <_start>}
(gdb)
```https://gitlab.gnome.org/GNOME/gtk/-/issues/1915SEGV in _gtk_widget_get_toplevel()2023-12-09T20:05:06ZFredy PaquetSEGV in _gtk_widget_get_toplevel()## Steps to reproduce
1. This crash can be reproduced in our ERP application CASYMIR (OPG Bug-ID 228735).
It occurs after destroying and creating a whole bunch of GtkWidgets.
It cannot be reproduced with the supplied demos or t...## Steps to reproduce
1. This crash can be reproduced in our ERP application CASYMIR (OPG Bug-ID 228735).
It occurs after destroying and creating a whole bunch of GtkWidgets.
It cannot be reproduced with the supplied demos or test programs.
<!--
You should try and reproduce with the demos applications available
under the `demos` directory, or the test programs in the `tests` directory.
Alternatively, please attach a *small and self-contained* example that
exhibits the issue.
-->
## Analysis
We found out that the blink_cb() in gtkentry.c is being called on a GtkEntry which
is not yet fully realized. (widget->priv->realized == 0).
## Version information
* gtk+-3.24.4
* glib-2.54.3
* pango-1.41.0
* cairo-1.16.0
* tested operating systems: CentOS 7.6, Win10/32Bit, Win10/64Bit
Compilation options on CentOS 7.6:
./configure --enable-debug=yes --disable-largefile --disable-tests --enable-broadway-backend --enable-x11-backend --prefix=/opt/casy/gtk3/.Linux.3.x86_64 AWK=/usr/bin/gawk
Cross-compilation options on Win10/32Bit:
./configure --host=i686-w64-mingw32 --build=x86_64-pc-linux-gnu --enable-debug=yes --disable-largefile --disable-cups --disable-introspection --prefix=/home/fredy/.wine/drive_c/Casymir3_32
Cross-compilation options on Win10/64Bit:
./configure --host=x86_64-w64-mingw32 --build=x86_64-pc-linux-gnu --enable-debug=yes --disable-largefile --disable-cups --disable-introspection --prefix=/home/fredy/.wine/drive_c/Casymir3_64
<!--
- Which version of GTK you are using
- What operating system and version
- for Linux, which distribution
- If you built GTK yourself, the list of options used to configure the build
-->
## Warnings
No warnings, just SEGV
<!--
- If the application generates warning messages before crashing please
report them here
-->
## Backtrace
<!--
- Attaching a stack trace obtained using GDB is appreciated; follow the
instructions on the wiki:
https://wiki.gnome.org/Community/GettingInTouch/Bugzilla/GettingTraces
-->
```
(gdb) bt
#0 0x00007ffff6edefff in _gtk_widget_get_toplevel (widget=widget@entry=0x2057710)
at gtkwidgetprivate.h:382
#1 gtk_widget_get_screen_unchecked (widget=widget@entry=0x2b44590) at gtkwidget.c:10794
#2 0x00007ffff6ee5f88 in gtk_widget_get_screen (widget=0x2b44590) at gtkwidget.c:10831
#3 0x00007ffff6ee6f78 in gtk_widget_get_settings (widget=0x2b44590) at gtkwidget.c:11681
#4 0x00007ffff6cef033 in get_cursor_blink_timeout (entry=0x2b44590) at gtkentry.c:10221
#5 blink_cb (data=<optimized out>) at gtkentry.c:10287
#6 0x00007ffff687ff18 in gdk_threads_dispatch (data=0x21940e0,
data@entry=<error reading variable: value has been optimized out>) at gdk.c:768
#7 0x00007ffff51f6fa3 in g_timeout_dispatch (source=0x24c46a0, callback=<optimized out>,
user_data=<optimized out>) at gmain.c:4638
#8 0x00007ffff51f6575 in g_main_dispatch (context=0x7c6b00) at gmain.c:3165
#9 g_main_context_dispatch (context=context@entry=0x7c6b00) at gmain.c:3818
#10 0x00007ffff51f68e8 in g_main_context_iterate (context=0x7c6b00, block=block@entry=1,
dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3891
#11 0x00007ffff51f6baa in g_main_loop_run (loop=0x1365500) at gmain.c:4087
#12 0x00007ffff6d8a725 in gtk_main () at gtkmain.c:1323
#13 0x000000000041a345 in opg_run_ui ()
#14 0x000000000041a464 in main ()
```
---
Valgrind output
```
==19594== Invalid read of size 8
==19594== at 0x5B18FFB: _gtk_widget_get_toplevel (gtkwidgetprivate.h:382)
==19594== by 0x5B18FFB: gtk_widget_get_screen_unchecked (gtkwidget.c:10794)
==19594== by 0x5B1FF87: gtk_widget_get_screen (gtkwidget.c:10831)
==19594== by 0x5B20F77: gtk_widget_get_settings (gtkwidget.c:11681)
==19594== by 0x5929032: get_cursor_blink_timeout (gtkentry.c:10221)
==19594== by 0x5929032: blink_cb (gtkentry.c:10287)
==19594== by 0x610BF17: gdk_threads_dispatch (gdk.c:768)
==19594== by 0x779CFA2: g_timeout_dispatch (gmain.c:4638)
==19594== by 0x779C574: g_main_dispatch (gmain.c:3165)
==19594== by 0x779C574: g_main_context_dispatch (gmain.c:3818)
==19594== by 0x779C8E7: g_main_context_iterate.isra.25 (gmain.c:3891)
==19594== by 0x779CBA9: g_main_loop_run (gmain.c:4087)
==19594== by 0x59C4724: gtk_main (gtkmain.c:1323)
==19594== by 0x41A344: opg_run_ui (in /home/contrib/opg/opg3/.Linux.3.x86_64/opg)
==19594== by 0x41A463: main (in /home/contrib/opg/opg3/.Linux.3.x86_64/opg)
```https://gitlab.gnome.org/GNOME/gtk/-/issues/1462gtkstyle: fix segfault in gtk_css_node_update_layout_attributes2018-11-19T13:08:22ZKristian Fiskerstrandgtkstyle: fix segfault in gtk_css_node_update_layout_attributes```
On branch gtk-3-24
Your branch is up to date with 'origin/gtk-3-24'.
```
Add validation that we're really working with a style object, if not
return FALSE.
--
This issue was originally detected due to a segfault in xfce4-terminal
a...```
On branch gtk-3-24
Your branch is up to date with 'origin/gtk-3-24'.
```
Add validation that we're really working with a style object, if not
return FALSE.
--
This issue was originally detected due to a segfault in xfce4-terminal
as described in https://bugs.gentoo.org/671202
Attachment:
[0001-gtkstyle-fix-segfault-in-gtk_css_node_update_layout_.patch](/uploads/34da45535181f3a96d2b934152ee3db8/0001-gtkstyle-fix-segfault-in-gtk_css_node_update_layout_.patch)https://gitlab.gnome.org/GNOME/gtk/-/issues/1382Insertion of an emoji in a GtkCellRendererText produces the crash2018-10-07T17:40:04ZMar VolInsertion of an emoji in a GtkCellRendererText produces the crash## Steps to reproduce
1. Open gtk3-demo.exe
2. Run Tree view -> editable cells
3. Double click on a text cell
4. Right click on the text cell
5. Select insert emoji
## Version information
Windows 10 1803
Gtk 3.22.21.0 from msys2
G...## Steps to reproduce
1. Open gtk3-demo.exe
2. Run Tree view -> editable cells
3. Double click on a text cell
4. Right click on the text cell
5. Select insert emoji
## Version information
Windows 10 1803
Gtk 3.22.21.0 from msys2
Glib 2.54.0
## Warnings
(gtk3-demo.exe:2940): Pango-WARNING **: couldn't load font "emoji Not-Rotated 21.599609375", falling back to "Sans Not-Rotated 21.599609375", expect ugly output.
(gtk3-demo.exe:2940): GLib-GObject-WARNING **: invalid (NULL) pointer instance
(gtk3-demo.exe:2940): GLib-GObject-CRITICAL **: g_signal_connect_data: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed
(gtk3-demo.exe:2940): GLib-GObject-WARNING **: invalid (NULL) pointer instance
(gtk3-demo.exe:2940): GLib-GObject-CRITICAL **: g_signal_connect_data: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed
(gtk3-demo.exe:2940): GLib-GObject-WARNING **: invalid (NULL) pointer instance
(gtk3-demo.exe:2940): GLib-GObject-CRITICAL **: g_signal_connect_data: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed
(gtk3-demo.exe:2940): Gtk-CRITICAL **: gtk_widget_get_settings: assertion 'GTK_IS_WIDGET (widget)' failed
## Backtrace
Sorry, i don't have a debug version
Thread 1 received signal SIGSEGV, Segmentation fault.
0x66908ae7 in ?? () from C:\MySandbox\devtools\msys2\mingw32\bin\libgtk-3-0.dllhttps://gitlab.gnome.org/GNOME/gtk/-/issues/1332Label with very long text causes segfault on Wayland2024-02-05T14:33:02ZEric WilliamsLabel with very long text causes segfault on Wayland## Steps to reproduce
1. Compile the attached snippet.
2. Run program.
3. Click the "Hello" button, observe that the application crashes.
## Version information
3.22.30
## Warnings
Gdk-CRITICAL **: 16:14:05.351: gdkdisplay-wayland...## Steps to reproduce
1. Compile the attached snippet.
2. Run program.
3. Click the "Hello" button, observe that the application crashes.
## Version information
3.22.30
## Warnings
Gdk-CRITICAL **: 16:14:05.351: gdkdisplay-wayland.c:1398: Unable to create Cairo image surface: invalid value (typically too big) for the size of the input (surface, pattern, etc.)
Segmentation fault (core dumped)
Now, I know it's likely unreasonable to have a GtkLabel with 6600+ characters, however would it be possible to handle this Cairo error more gracefully? For example an error message instead of a segfault.
[simple_label_app.c](/uploads/50962587ff019c248e8ee111feffadf7/simple_label_app.c)https://gitlab.gnome.org/GNOME/gtk/-/issues/1143Crashes/OoM errors from wide TextView inside Box inside ScrolledWindow2018-12-18T21:21:15ZGhost UserCrashes/OoM errors from wide TextView inside Box inside ScrolledWindowI've been getting this for months and sometimes it catches it and sometimes it locks up X and I have to hold the power button down.
At first it seemed to only occur with very narrow GtkTextView s, so something like a text view that was ...I've been getting this for months and sometimes it catches it and sometimes it locks up X and I have to hold the power button down.
At first it seemed to only occur with very narrow GtkTextView s, so something like a text view that was 2000 lines and each line had 10 characters, and then I would get this. But
gtk_widget_set_size_request((GtkWidget *)textview, width * 5, lines * 10);
seemed to stop it from crashing for a month even. And then I started to get it in other text views and again, added this line.
Now I'm getting it all over the place and I just... I'm tired.
The only warning is these "How does the code know the size to allocate" things which seem really serious, but I have no idea how to fix that and I've searched around. I assume it's something to do with the allocation hints and that I'm resizing stuff or doing stuff that it doesn't like. Should I be calling this gtk_widget_set_size_request every time I create any widget that might be changing sizes? Is there any way to fix those gtk_widget_get_preferred_width warnings?
Thanks.
Edit: I'm sorry, it doesn't like my copy and paste and I'm too tired tonight to fix it. The highlights:
```
XShmCreatePixmap () from /usr/lib64/libXext.so.6
cairo_surface_create_similar_image () from /usr/lib64/libcairo.so.2
cairo_surface_create_similar () from /usr/lib64/libcairo.so.2
gdk_window_create_similar_surface () from /usr/lib64/libgdk-3.so.0
gtk_container_propagate_draw () from /usr/lib64/libgtk-3.so.0
```
And I just updated gtk to 3.22.29 from maybe 3.22.17 just in case it would fix it.
Thanks
```
(lulu:3003): Gtk-WARNING **: Allocating size to GtkScrolledWindow 0x8fc7b0 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?
(lulu:3003): Gdk-ERROR **: The program 'lulu' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
(Details: serial 12082 error_code 11 request_code 130 (MIT-SHM) minor_code 5)
(Note to programmers: normally, X errors are reported asynchronously;
that is, you will receive the error a while after causing it.
To debug your program, run it with the GDK_SYNCHRONIZE environment
variable to change this behavior. You can then get a meaningful
backtrace from your debugger if you break on the gdk_x_error() function.)
Thread 1 "lulu" received signal SIGTRAP, Trace/breakpoint trap.
#0 0x00007ffff588a101 in ?? () from /usr/lib64/libglib-2.0.so.0
#1 0x00007ffff588c7b2 in g_log_writer_default () from /usr/lib64/libglib-2.0.so.0
#2 0x00007ffff588ac6c in g_log_structured_array () from /usr/lib64/libglib-2.0.so.0
#3 0x00007ffff588afa1 in g_log_structured () from /usr/lib64/libglib-2.0.so.0
#4 0x00007ffff6f3a921 in ?? () from /usr/lib64/libgdk-3.so.0
#5 0x00007ffff6f47c89 in ?? () from /usr/lib64/libgdk-3.so.0
#6 0x00007ffff4d6634d in _XError () from /usr/lib64/libX11.so.6
#7 0x00007ffff4d63297 in ?? () from /usr/lib64/libX11.so.6
#8 0x00007ffff4d63355 in ?? () from /usr/lib64/libX11.so.6
#9 0x00007ffff4d64300 in _XReply () from /usr/lib64/libX11.so.6
#10 0x00007ffff4d5fbed in XSync () from /usr/lib64/libX11.so.6
#11 0x00007ffff4d5fc8b in ?? () from /usr/lib64/libX11.so.6
#12 0x00007ffff4d66c7f in ?? () from /usr/lib64/libX11.so.6
#13 0x00007ffff355d182 in XShmCreatePixmap () from /usr/lib64/libXext.so.6
#14 0x00007ffff63f96ba in ?? () from /usr/lib64/libcairo.so.2
#15 0x00007ffff63fa291 in ?? () from /usr/lib64/libcairo.so.2
#16 0x00007ffff63fa31c in ?? () from /usr/lib64/libcairo.so.2
#17 0x00007ffff63c7c24 in cairo_surface_create_similar_image () from /usr/lib64/libcairo.so.2
#18 0x00007ffff63c7e18 in cairo_surface_create_similar () from /usr/lib64/libcairo.so.2
#19 0x00007ffff6f28c28 in gdk_window_create_similar_surface () from /usr/lib64/libgdk-3.so.0
#20 0x00007ffff742ca2e in ?? () from /usr/lib64/libgtk-3.so.0
#21 0x00007ffff74c716b in ?? () from /usr/lib64/libgtk-3.so.0
#22 0x00007ffff7527468 in ?? () from /usr/lib64/libgtk-3.so.0
#23 0x00007ffff7308bca in gtk_container_propagate_draw () from /usr/lib64/libgtk-3.so.0
#24 0x00007ffff7308c82 in ?? () from /usr/lib64/libgtk-3.so.0
#25 0x00007ffff72bad84 in ?? () from /usr/lib64/libgtk-3.so.0
#26 0x00007ffff730dbed in ?? () from /usr/lib64/libgtk-3.so.0
#27 0x00007ffff731299d in ?? () from /usr/lib64/libgtk-3.so.0
#28 0x00007ffff72bd801 in ?? () from /usr/lib64/libgtk-3.so.0
#29 0x00007ffff7527468 in ?? () from /usr/lib64/libgtk-3.so.0
#30 0x00007ffff7308bca in gtk_container_propagate_draw () from /usr/lib64/libgtk-3.so.0
#31 0x00007ffff7308c82 in ?? () from /usr/lib64/libgtk-3.so.0
#32 0x00007ffff742cc72 in ?? () from /usr/lib64/libgtk-3.so.0
#33 0x00007ffff7519d50 in ?? () from /usr/lib64/libgtk-3.so.0
#34 0x00007ffff730dbed in ?? () from /usr/lib64/libgtk-3.so.0
#35 0x00007ffff731299d in ?? () from /usr/lib64/libgtk-3.so.0
#36 0x00007ffff751aa8d in ?? () from /usr/lib64/libgtk-3.so.0
#37 0x00007ffff7527468 in ?? () from /usr/lib64/libgtk-3.so.0
#38 0x00007ffff7308bca in gtk_container_propagate_draw () from /usr/lib64/libgtk-3.so.0
#39 0x00007ffff7308c82 in ?? () from /usr/lib64/libgtk-3.so.0
#40 0x00007ffff745a82b in ?? () from /usr/lib64/libgtk-3.so.0
#41 0x00007ffff730dbed in ?? () from /usr/lib64/libgtk-3.so.0
#42 0x00007ffff731299d in ?? () from /usr/lib64/libgtk-3.so.0
#43 0x00007ffff7458d41 in ?? () from /usr/lib64/libgtk-3.so.0
#44 0x00007ffff7527468 in ?? () from /usr/lib64/libgtk-3.so.0
#45 0x00007ffff7308bca in gtk_container_propagate_draw () from /usr/lib64/libgtk-3.so.0
#46 0x00007ffff740bbe0 in ?? () from /usr/lib64/libgtk-3.so.0
#47 0x00007ffff730dbed in ?? () from /usr/lib64/libgtk-3.so.0
#48 0x00007ffff731299d in ?? () from /usr/lib64/libgtk-3.so.0
#49 0x00007ffff740ba81 in ?? () from /usr/lib64/libgtk-3.so.0
#50 0x00007ffff7527468 in ?? () from /usr/lib64/libgtk-3.so.0
#51 0x00007ffff7308bca in gtk_container_propagate_draw () from /usr/lib64/libgtk-3.so.0
#52 0x00007ffff7308c82 in ?? () from /usr/lib64/libgtk-3.so.0
#53 0x00007ffff72bad84 in ?? () from /usr/lib64/libgtk-3.so.0
#54 0x00007ffff730dbed in ?? () from /usr/lib64/libgtk-3.so.0
#55 0x00007ffff731299d in ?? () from /usr/lib64/libgtk-3.so.0
#56 0x00007ffff72bd801 in ?? () from /usr/lib64/libgtk-3.so.0
#57 0x00007ffff7527468 in ?? () from /usr/lib64/libgtk-3.so.0
#58 0x00007ffff7308bca in gtk_container_propagate_draw () from /usr/lib64/libgtk-3.so.0
#59 0x00007ffff7308c82 in ?? () from /usr/lib64/libgtk-3.so.0
#60 0x00007ffff72bad84 in ?? () from /usr/lib64/libgtk-3.so.0
#61 0x00007ffff730dbed in ?? () from /usr/lib64/libgtk-3.so.0
#62 0x00007ffff731299d in ?? () from /usr/lib64/libgtk-3.so.0
---Type <return> to continue, or q <return> to quit---
#63 0x00007ffff72bd801 in ?? () from /usr/lib64/libgtk-3.so.0
#64 0x00007ffff7527468 in ?? () from /usr/lib64/libgtk-3.so.0
#65 0x00007ffff7308bca in gtk_container_propagate_draw () from /usr/lib64/libgtk-3.so.0
#66 0x00007ffff740bbe0 in ?? () from /usr/lib64/libgtk-3.so.0
#67 0x00007ffff730dbed in ?? () from /usr/lib64/libgtk-3.so.0
#68 0x00007ffff731299d in ?? () from /usr/lib64/libgtk-3.so.0
#69 0x00007ffff740ba81 in ?? () from /usr/lib64/libgtk-3.so.0
#70 0x00007ffff7527468 in ?? () from /usr/lib64/libgtk-3.so.0
#71 0x00007ffff7308bca in gtk_container_propagate_draw () from /usr/lib64/libgtk-3.so.0
#72 0x00007ffff7308c82 in ?? () from /usr/lib64/libgtk-3.so.0
#73 0x00007ffff72bad84 in ?? () from /usr/lib64/libgtk-3.so.0
#74 0x00007ffff730dbed in ?? () from /usr/lib64/libgtk-3.so.0
#75 0x00007ffff731299d in ?? () from /usr/lib64/libgtk-3.so.0
#76 0x00007ffff72bd801 in ?? () from /usr/lib64/libgtk-3.so.0
#77 0x00007ffff7527468 in ?? () from /usr/lib64/libgtk-3.so.0
#78 0x00007ffff7308bca in gtk_container_propagate_draw () from /usr/lib64/libgtk-3.so.0
#79 0x00007ffff7308c82 in ?? () from /usr/lib64/libgtk-3.so.0
#80 0x00007ffff7536bd9 in ?? () from /usr/lib64/libgtk-3.so.0
#81 0x00007ffff7527468 in ?? () from /usr/lib64/libgtk-3.so.0
#82 0x00007ffff75322bb in ?? () from /usr/lib64/libgtk-3.so.0
#83 0x00007ffff73cf9c9 in gtk_main_do_event () from /usr/lib64/libgtk-3.so.0
#84 0x00007ffff6f10c35 in ?? () from /usr/lib64/libgdk-3.so.0
#85 0x00007ffff6f212d8 in ?? () from /usr/lib64/libgdk-3.so.0
#86 0x00007ffff6f223b6 in ?? () from /usr/lib64/libgdk-3.so.0
#87 0x00007ffff6f225b4 in ?? () from /usr/lib64/libgdk-3.so.0
#88 0x00007ffff5b5dfd5 in g_closure_invoke () from /usr/lib64/libgobject-2.0.so.0
#89 0x00007ffff5b70361 in ?? () from /usr/lib64/libgobject-2.0.so.0
#90 0x00007ffff5b78e09 in g_signal_emit_valist () from /usr/lib64/libgobject-2.0.so.0
#91 0x00007ffff5b7906f in g_signal_emit () from /usr/lib64/libgobject-2.0.so.0
#92 0x00007ffff6f1a3a1 in ?? () from /usr/lib64/libgdk-3.so.0
#93 0x00007ffff6f05518 in ?? () from /usr/lib64/libgdk-3.so.0
#94 0x00007ffff5885003 in ?? () from /usr/lib64/libglib-2.0.so.0
#95 0x00007ffff588456d in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#96 0x00007ffff5884940 in ?? () from /usr/lib64/libglib-2.0.so.0
#97 0x00007ffff5884c62 in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0
#98 0x00007ffff73cec55 in gtk_main () from /usr/lib64/libgtk-3.so.0
#99 0x0000000000405162 in main (argc=1, argv=0x7fffffffdda8) at lulu.c:96
```https://gitlab.gnome.org/GNOME/gtk/-/issues/1131GtkTextView crashes on repeated mouse press when input preedit is active2018-06-05T17:46:22ZChangwoo RyuGtkTextView crashes on repeated mouse press when input preedit is active## Steps to reproduce
1. Open Text View -> Hypertext in gtk3-demo
2. Type some text using ibus. Choose a language which uses preedit. (I have reproduced it with ibus-hangul and ibus-anthy.)
3. While the preedit is active, repeat to ...## Steps to reproduce
1. Open Text View -> Hypertext in gtk3-demo
2. Type some text using ibus. Choose a language which uses preedit. (I have reproduced it with ibus-hangul and ibus-anthy.)
3. While the preedit is active, repeat to press different positions in the Text View
<!--
You should try and reproduce with the demos applications available
under the `demos` directory, or the test programs in the `tests` directory.
Alternatively, please attach a *small and self-contained* example that
exhibits the issue.
-->
## Version information
<!--
- Which version of GTK+ you are using
- What operating system and version
- for Linux, which distribution
- If you built GTK+ yourself, the list of options used to configure the build
-->
Gtk 3.22.30 in Debian unstable.
## Warnings
<!--
- If the application generates warning messages before crashing please
report them here
-->
```
Starting program: /usr/bin/gtk3-demo
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffee0c0700 (LWP 25893)]
[New Thread 0x7fffed8bf700 (LWP 25894)]
[New Thread 0x7fffdffff700 (LWP 25895)]
[New Thread 0x7fffd7fff700 (LWP 25896)]
[New Thread 0x7fffdf7fe700 (LWP 25897)]
[Thread 0x7fffdf7fe700 (LWP 25897) exited]
[Thread 0x7fffdffff700 (LWP 25895) exited]
[Thread 0x7fffd7fff700 (LWP 25896) exited]
(gtk3-demo:25891): Gtk-CRITICAL **: 23:33:37.090: gtk_notebook_get_tab_label: assertion 'list != NULL' failed
(gtk3-demo:25891): Gtk-CRITICAL **: 23:33:37.091: gtk_notebook_get_tab_label: assertion 'list != NULL' failed
(gtk3-demo:25891): Gtk-CRITICAL **: 23:33:37.092: gtk_notebook_get_tab_label: assertion 'list != NULL' failed
[New Thread 0x7fffd7fff700 (LWP 26543)]
[New Thread 0x7fffdffff700 (LWP 26544)]
[Thread 0x7fffd7fff700 (LWP 26543) exited]
(gtk3-demo:25891): Gdk-WARNING **: 23:33:41.184: Event with type 8 not holding a GdkDevice. It is most likely synthesized outside Gdk/GTK+
(gtk3-demo:25891): Gdk-WARNING **: 23:33:41.184: Event with type 8 not holding a GdkDevice. It is most likely synthesized outside Gdk/GTK+
(gtk3-demo:25891): Gdk-WARNING **: 23:33:41.184: Event with type 8 not holding a GdkDevice. It is most likely synthesized outside Gdk/GTK+
(gtk3-demo:25891): Gdk-WARNING **: 23:33:41.188: Event with type 8 not holding a GdkDevice. It is most likely synthesized outside Gdk/GTK+
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:45.793: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:45.794: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:46.929: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:46.930: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:47.121: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:47.161: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:47.162: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:47.297: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:47.313: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:47.314: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:50.169: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:50.170: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.505: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.506: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.559: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.560: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.593: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.595: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
[Thread 0x7fffdffff700 (LWP 26544) exited]
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.769: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.770: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.910: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.961: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.963: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.963: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.969: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:52.969: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:53.610: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:53.611: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:55.569: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:55.570: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:55.649: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:58.969: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:58.970: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:59.033: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:59.034: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
(gtk3-demo:25891): Pango-CRITICAL **: 23:33:59.506: pango_layout_get_cursor_pos: assertion 'index >= 0 && index <= layout->length' failed
**
Gtk:ERROR:../../../../gtk/gtktextsegment.c:195:_gtk_char_segment_new: assertion failed: (gtk_text_byte_begins_utf8_char (text))
Thread 1 "gtk3-demo" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: 그런 파일이나 디렉터리가 없습니다.
```
## Backtrace
<!--
- Attaching a stack trace obtained using GDB is appreciated; follow the
instructions on the wiki:
https://wiki.gnome.org/Community/GettingInTouch/Bugzilla/GettingTraces
-->
```
(gdb)
(gdb) bt
#0 0x00007ffff24f5e7b in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff24f7231 in __GI_abort () at abort.c:79
#2 0x00007ffff321afa5 in g_assertion_message () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3 0x00007ffff321b00a in g_assertion_message_expr () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4 0x00007ffff77e03ee in _gtk_char_segment_new (text=0x555555ca008f "\202\230", len=2) at ../../../../gtk/gtktextsegment.c:195
#5 0x00007ffff77e04d4 in char_segment_split_func (seg=0x555555ca0070, index=7) at ../../../../gtk/gtktextsegment.c:283
#6 0x00007ffff77e0355 in gtk_text_line_segment_split (iter=iter@entry=0x7fffffffc810) at ../../../../gtk/gtktextsegment.c:127
#7 0x00007ffff77c0d03 in gtk_text_btree_link_segment (iter=0x7fffffffc810, seg=0x555555c42780) at ../../../../gtk/gtktextbtree.c:6545
#8 0x00007ffff77c0d03 in real_set_mark (tree=tree@entry=0x555555f6ac00, existing_mark=<optimized out>, name=name@entry=0x7ffff789903f "insert", left_gravity=left_gravity@entry=0, where=where@entry=0x7fffffffc9f0, should_exist=should_exist@entry=1, redraw_selections=0)
at ../../../../gtk/gtktextbtree.c:2817
#9 0x00007ffff77c12f3 in _gtk_text_btree_select_range (tree=0x555555f6ac00, ins=ins@entry=0x7fffffffc9f0, bound=bound@entry=0x7fffffffca40) at ../../../../gtk/gtktextbtree.c:2920
#10 0x00007ffff77c44a5 in gtk_text_buffer_select_range (buffer=buffer@entry=0x555555c4cd00, ins=ins@entry=0x7fffffffcb40, bound=bound@entry=0x7fffffffcb90) at ../../../../gtk/gtktextbuffer.c:2463
#11 0x00007ffff77ebcc4 in gtk_text_view_start_selection_drag (text_view=text_view@entry=0x555555aa52f0, iter=iter@entry=0x7fffffffce40, granularity=granularity@entry=SELECT_CHARACTERS, extend=extend@entry=0) at ../../../../gtk/gtktextview.c:7899
#12 0x00007ffff77f1115 in gtk_text_view_multipress_gesture_pressed (gesture=0x555555bcde70, n_press=1, x=<optimized out>, y=<optimized out>, text_view=0x555555aa52f0) at ../../../../gtk/gtktextview.c:5747
#13 0x00007ffff0d3bfce in ffi_call_unix64 () at /usr/lib/x86_64-linux-gnu/libffi.so.6
#14 0x00007ffff0d3b93f in ffi_call () at /usr/lib/x86_64-linux-gnu/libffi.so.6
#15 0x00007ffff34ceb4d in g_cclosure_marshal_generic_va () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#16 0x00007ffff34ce1a6 in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#17 0x00007ffff34e96df in g_signal_emit_valist () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#18 0x00007ffff34e9e0f in g_signal_emit () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#19 0x00007ffff76ba49c in gtk_gesture_multi_press_begin (gesture=0x555555bcde70, sequence=<optimized out>)
at ../../../../gtk/gtkgesturemultipress.c:241
#20 0x00007ffff34d0e68 in g_cclosure_marshal_VOID__BOXEDv () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#21 0x00007ffff34ce1a6 in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#22 0x00007ffff34e96df in g_signal_emit_valist () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#23 0x00007ffff34e9e0f in g_signal_emit () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#24 0x00007ffff76b742e in _gtk_gesture_set_recognized (sequence=0x0, recognized=1, gesture=0x555555bcde70)
at ../../../../gtk/gtkgesture.c:343
#25 0x00007ffff76b742e in _gtk_gesture_check_recognized (gesture=gesture@entry=0x555555bcde70, sequence=sequence@entry=0x0)
at ../../../../gtk/gtkgesture.c:389
#26 0x00007ffff76b897b in gtk_gesture_handle_event (controller=0x555555bcde70, event=0x7fffd8002e60)
at ../../../../gtk/gtkgesture.c:747
#27 0x00007ffff76bb63e in gtk_gesture_single_handle_event (controller=0x555555bcde70, event=0x7fffd8002e60)
at ../../../../gtk/gtkgesturesingle.c:222
#28 0x00007ffff7688e81 in gtk_event_controller_handle_event (controller=0x555555bcde70, event=event@entry=0x7fffd8002e60)
at ../../../../gtk/gtkeventcontroller.c:230
---Type <return> to continue, or q <return> to quit---
#29 0x00007ffff7847c2b in _gtk_widget_run_controllers (widget=0x555555aa52f0, event=0x7fffd8002e60, phase=GTK_PHASE_BUBBLE)
at ../../../../gtk/gtkwidget.c:7379
#30 0x00007ffff7702d57 in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x5555559989a0, return_value=0x7fffffffdbe0, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x5555559989d0)
at ../../../../gtk/gtkmarshalers.c:129
#31 0x00007ffff34ce1a6 in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#32 0x00007ffff34e90ad in g_signal_emit_valist () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#33 0x00007ffff34e9e0f in g_signal_emit () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#34 0x00007ffff7849ed4 in gtk_widget_event_internal (widget=widget@entry=0x555555aa52f0, event=event@entry=0x7fffd8002e60)
at ../../../../gtk/gtkwidget.c:7744
#35 0x00007ffff784bf4a in gtk_widget_event (widget=widget@entry=0x555555aa52f0, event=event@entry=0x7fffd8002e60)
at ../../../../gtk/gtkwidget.c:7314
#36 0x00007ffff76ffcce in propagate_event_up (topmost=<optimized out>, event=<optimized out>, widget=0x555555aa52f0)
at ../../../../gtk/gtkmain.c:2592
#37 0x00007ffff76ffcce in propagate_event (widget=<optimized out>, event=0x7fffd8002e60, captured=<optimized out>, topmost=0x0)
at ../../../../gtk/gtkmain.c:2694
#38 0x00007ffff7701da8 in gtk_main_do_event (event=<optimized out>) at ../../../../gtk/gtkmain.c:1915
#39 0x00007ffff7213785 in _gdk_event_emit (event=event@entry=0x7fffd8002e60) at ../../../../gdk/gdkevents.c:73
#40 0x00007ffff7243fa2 in gdk_event_source_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>)
at ../../../../../gdk/x11/gdkeventsource.c:367
#41 0x00007ffff31f4287 in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#42 0x00007ffff31f44c0 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#43 0x00007ffff31f454c in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#44 0x00007ffff644ecdd in g_application_run () at /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#45 0x00005555555731ee in main ()
```https://gitlab.gnome.org/GNOME/gtk/-/issues/180Editing keyboard shortcuts in gnome-terminal and mate-terminal creates use-af...2019-05-06T09:23:10ZGhost UserEditing keyboard shortcuts in gnome-terminal and mate-terminal creates use-after-free on grab object## Reported in Ubuntu Launchpad:
Main ubuntu bug for the problem:
https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1438014
Reposting some results from
https://bugs.launchpad.net/ubuntu/+source/mate-terminal/+bug/1667227 and
https...## Reported in Ubuntu Launchpad:
Main ubuntu bug for the problem:
https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1438014
Reposting some results from
https://bugs.launchpad.net/ubuntu/+source/mate-terminal/+bug/1667227 and
https://bugs.launchpad.net/ubuntu/+source/gnome-terminal/+bug/1667232
## Steps to reproduce
1. Open mate-terminal or gnome-terminal
2. Select menu "Edit" -> "Keyboard Shortcuts"
3. Change some shortcuts several times, for example find "Help"->"Contents", click on default shortcut key "F1" to change it. Sometimes bug is triggered by pressing "Fn" key with some of Alt/Ctrl/Shift, sometimes by selecting Ctrl-Shift-W / Crtl-Shift-Alt-W
## Current behavior
Crashes inside `window_group_cleanup_grabs`
```
g_type_check_instance_is_a (type_instance=type_instance@entry=0x2580c30, iface_type=<optimized out>) at /build/buildd/glib2.0-2.43.92/./gobject/gtype.c:4016
gtk_widget_get_toplevel (widget=0x2580c30) at /build/buildd/gtk+3.0-3.14.9/./gtk/gtkwidget.c:11382
window_group_cleanup_grabs (group=<optimized out>, window=window@entry=0x252a230) at /build/buildd/gtk+3.0-3.14.9/./gtk/gtkwindowgroup.c:110
gtk_window_group_add_window (window_group=0x27e5c40, window=0x252a230) at /build/buildd/gtk+3.0-3.14.9/./gtk/gtkwindowgroup.c:169
gtk_window_set_transient_for (window=0x252a230, parent=0x23ac7d0) at /build/buildd/gtk+3.0-3.14.9/./gtk/gtkwindow.c:3134
```
Warnings in console like
`(mate-terminal:14703): Gtk-CRITICAL **: gtk_widget_get_toplevel: assertion 'GTK_IS_WIDGET (widget)' failed`
Valgrind can detect "Invalid read of size 8" .. Address ...is 344 bytes inside a block of size 416 free'd
## Expected outcome
Changed keyboard shortcut without crashes.
## Version information
```
Ubuntu-MATE 17.04 "Zesty Zapus" - amd64
mate-terminal: 1.17.0-0ubuntu1
gnome-terminal: 3.20.2-1ubuntu5
gtk+ versions tested 3.16.7, 3.18.9, 3.20.9, 3.22.8
```
## Additional information
This is use-after-free due to incorrect grab deregistration (`gtk_grab_remove` tries to remove the grab not from the same window_group where it was added by `gtk_grab_add`)
I think that this gnome-terminal grab use-after-free after editing keyboard shortcuts may be not related to the ubuntu/debian patch "debian/patches/016_no_offscreen_widgets_grabbing.patch". That patch only helps to report Critical to the log:
```(mate-terminal:14703): Gtk-CRITICAL **: gtk_widget_get_toplevel: assertion 'GTK_IS_WIDGET (widget)' failed```
Both `gtk_grab_add` and `gtk_grab_remove` calls `gtk_main_get_window_group` function, but it returns different results for these two calls (more details at https://bugs.launchpad.net/ubuntu/+source/mate-terminal/+bug/1667227/comments/8)
```
static GtkWindowGroup *
gtk_main_get_window_group (GtkWidget *widget)
...
if (GTK_IS_WINDOW (toplevel))
return gtk_window_get_group (GTK_WINDOW (toplevel));
else
return gtk_window_get_group (NULL);
```
At the time of `gtk_grab_add` (called from `gtk_cell_renderer_accel_start_editing` which is called from `gtk_cell_renderer_start_editing`) this widget had `window = 0x0` and `parent = 0x0`
And at time of `gtk_grab_remove` (called from `gtk_cell_editable_event_box_key_press_event`) same widget had `window = 0x555555e507e0` (`parent = 0x555555e183f0`) which leads to incorrect deregistration of the grab (it was not deregistered; and the object was freed; stale pointer kept in another window group and accessed from `window_group_cleanup_grabs`).
Parent of the widget was changed after `gtk_grab_add` by `gtk_tree_view_multipress_gesture_pressed` -> .. -> `gtk_cell_area_activate_cell` -> `gtk_cell_area_add_editable` -> ..signal.. -> `gtk_tree_view_column_add_editable_callback` -> `_gtk_tree_view_add_editable` -> `gtk_tree_view_put` -> `gtk_widget_set_parent`
So, `gtk_cell_area_activate_cell` of gtk+3 (3.22.7) has some kind of incorrect ordering of actions which broke `gtk_grab_add` / `gtk_grab_remove` pair by calling `gtk_grab_add` before setting correct window/widget parent
https://github.com/GNOME/gtk/blob/6cc08d60efeb02afc0d67982c3dc205dfd16d7cd/gtk/gtkcellarea.c#L3388
```
3428 gtk_cell_renderer_start_editing (renderer,
...
3444 gtk_cell_area_add_editable (area, priv->focus_cell, editable_widget, cell_area);
```
I was able to disable the crash with this quick (and incorrect) fix in with forcing of grab removal from `gtk_window_get_group (NULL)`
https://launchpadlibrarian.net/308873213/lp1667227_quick_fix_gtk_grab_remove.gtk+3.22.8.patchhttps://gitlab.gnome.org/GNOME/gtk/-/issues/124Stalled wayland connection causes exit, contrary to Client API documentation2023-10-05T14:30:46ZJan Alexander SteffensStalled wayland connection causes exit, contrary to Client API documentationI've had apps crash on me when the shell was momentarily blocked. Apparently an `EAGAIN` from `wl_display_flush` isn't handled correctly.
The [Wayland Client API docs](https://people.freedesktop.org/~whot/wayland-doxygen/wayland/Client/...I've had apps crash on me when the shell was momentarily blocked. Apparently an `EAGAIN` from `wl_display_flush` isn't handled correctly.
The [Wayland Client API docs](https://people.freedesktop.org/~whot/wayland-doxygen/wayland/Client/classwl__display.html#a8463b6e5f4cf9a2a3ad2d543aedcf429) mention:
> if all data could not be written, errno will be set to EAGAIN and -1 returned. In that case, use poll on the display file descriptor to wait for it to become writable again.
However, the [current implementation](https://gitlab.gnome.org/GNOME/gtk/blob/dbaaa701ad0aa2b244347ac54fd5c68cd3dce999/gdk/wayland/gdkeventsource.c#L65-69) exits the application in this case.
## Version information
- Arch Linux
- GTK+ 3.22.29-4-gb485cf91b5
- GNOME Shell 3.28.0
## Additional information
```
gnome-terminal-[13903]: Error flushing display: Resource temporarily unavailable
systemd[13194]: gnome-terminal-server.service: Main process exited, code=exited, status=1/FAILURE
```https://gitlab.gnome.org/GNOME/gtk/-/issues/117_gtk_widget_emulate_press segfaults if event is for a destroyed window2022-01-07T17:53:20ZDaniel Colascione_gtk_widget_emulate_press segfaults if event is for a destroyed window_gtk_widget_emulate_press attempts to emulate a button press in case no event controller handles an event sequence that began with a swallowed real button press. If we unmap the window between gesture start and gesture end, _gtk_widget_e..._gtk_widget_emulate_press attempts to emulate a button press in case no event controller handles an event sequence that began with a swallowed real button press. If we unmap the window between gesture start and gesture end, _gtk_widget_emulate_press can end up being called with an event object corresponding to a window that's been destroyed. In this case, gtk_get_event_target will fail, return NULL, and cause _gtk_widget_get_parent to segfault later in the function.