Skip to content
GitLab
Open
Issue created by Simeon Andreev@simeon.andreev

SIGSEGV in _gtk_tree_path_new_from_rbtree

See attached video:

gtktreeview_crash

We observe the following crashes in Eclipse:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=563393 https://bugs.eclipse.org/bugs/show_bug.cgi?id=553073

To reproduce, run the following snippet and alternate clicking on the button, scrolling in the tree and clicking in the tree (in that order, it can take a while for the SIGSEGV to occur).

#include <gtk/gtk.h>

enum
{
  COL_URI = 0,
  NUM_COLS
} ;

int n = 20;
GtkWidget *tree;
GtkTreeStore *treestore;

int
reset_tree_elements ()
{
  gtk_tree_view_set_model(GTK_TREE_VIEW(tree), NULL);
  gtk_tree_store_clear(treestore);
  gtk_tree_view_set_model(GTK_TREE_VIEW(tree), GTK_TREE_MODEL(treestore));

  GtkTreeIter iter;
  for (int i = 0; i < n; ++i) {
    gtk_tree_store_append(treestore, &iter, NULL);
    gtk_tree_store_set(treestore, &iter, 
                           COL_URI, "item1", -1);
  }

  return FALSE;
}

void
create_view_and_model (void)
{
  GtkTreeViewColumn   *col1, *col2;
  GtkCellRenderer     *renderer;

  treestore = gtk_tree_store_new(NUM_COLS, G_TYPE_STRING);
  tree = gtk_tree_view_new_with_model(GTK_TREE_MODEL(treestore));

  col1 = gtk_tree_view_column_new();

  renderer = gtk_cell_renderer_text_new();

  gtk_tree_view_column_set_title(col1, "column");
  gtk_tree_view_append_column(GTK_TREE_VIEW(tree), col1);
  gtk_tree_view_column_pack_start(col1, renderer, TRUE);
  gtk_tree_view_column_add_attribute(col1, renderer, "text", COL_URI);
  gtk_tree_view_column_set_fixed_width(col1, 150);

  reset_tree_elements();
}

GtkWidget *
create_button (void)
{
  GtkWidget *button;
  button = gtk_button_new_with_label("click");
  return button;
}

// gcc -g tree_crash.cpp  `pkg-config --cflags --libs gtk+-3.0`  -o TreeCrash

int
main (int argc, char **argv)
{
  GtkWidget *window, *scrolled_window, *box, *button;
  
  gtk_init(&argc, &argv);

  window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
  g_signal_connect(window, "delete_event", gtk_main_quit, NULL);
  gtk_window_set_default_size(GTK_WINDOW(window), 200, 200);

  scrolled_window = gtk_scrolled_window_new (NULL, NULL);
  gtk_container_add (GTK_CONTAINER (window), scrolled_window);

  box = gtk_box_new(GTK_ORIENTATION_VERTICAL, 0);
  gtk_container_add(GTK_CONTAINER(scrolled_window), box);

  button = create_button();
  create_view_and_model();

  g_signal_connect(button, "focus-out-event", G_CALLBACK (reset_tree_elements), NULL);

  gtk_box_pack_start(GTK_BOX(box), button, TRUE, TRUE, 0);
  gtk_box_pack_start(GTK_BOX(box), tree, TRUE, TRUE, 0);

  gtk_widget_show_all(window);

  gtk_main();

  return 0;
}
Stack: [0x00007ffff7ecd000,0x00007ffff7fce000],  sp=0x00007ffff7fc5e10,  free space=995k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  [libgtk-3.so.0+0x4a9048]  _gtk_tree_path_new_from_rbtree+0xf1
C  [libgtk-3.so.0+0xb572d]  cell_info_get_path+0x27
C  [libgtk-3.so.0+0xb5da9]  set_cell_data+0xc2
C  [libgtk-3.so.0+0xb8a1a]  _gtk_tree_view_accessible_changed+0xa0
C  [libgtk-3.so.0+0x4a753a]  gtk_tree_view_row_changed+0x180
C  [libgobject-2.0.so.0+0xf988]  g_closure_invoke+0x138
Edited by Andre Klapper