GtkScale crash in gtkgesture.c
Steps to reproduce
- Have a GtkScale in a window (e.g., gtk3-demo Scale demo)
- Press successively left-click and right-click on the scale handle until crash
Version information
- GTK 3.24.28, built using Meson, no gintrospection
- Windows 10: Built on WinSDK 10.0.17763.0, MSVC 19.7
- macOS 10.15.7, Xcode 12.4 (clang-1200.0.32.29), macOS SDK 10.15
Warnings
Warnings on macOS (10.15.7):
(<unknown>:78472): Gtk-CRITICAL **: 13:04:07.425: gtk_range_add_step_timer: assertion 'priv->timer == NULL' failed
(<unknown>:78472): Gtk-CRITICAL **: 13:04:07.662: gtk_range_add_step_timer: assertion 'priv->timer == NULL' failed
Backtrace
Windows 10:
gtk-3-vs16.dll!_gtk_gesture_get_pointer_emulating_sequence(_GtkGesture * gesture, _GdkEventSequence * * sequence) Line 1825 (gtk\gtkgesture.c:1825)
gtk-3-vs16.dll!_gtk_widget_get_emulating_sequence(_GtkWidget * widget, _GdkEventSequence * sequence, _GdkEventSequence * * sequence_out) Line 4231 (gtk\gtkwidget.c:4231)
gtk-3-vs16.dll!_gtk_widget_set_sequence_state_internal(_GtkWidget * widget, _GdkEventSequence * sequence, GtkEventSequenceState state, _GtkGesture * emitter) Line 4293 (gtk\gtkwidget.c:4293)
gtk-3-vs16.dll!event_controller_sequence_state_changed(_GtkGesture * gesture, _GdkEventSequence * sequence, GtkEventSequenceState state, _GtkWidget * widget) Line 17394 (gtk\gtkwidget.c:17394)
gtk-3-vs16.dll!_gtk_marshal_VOID__BOXED_ENUM(_GClosure * closure, _GValue * return_value, unsigned int n_param_values, const _GValue * param_values, void * invocation_hint, void * marshal_data) Line 3297 (_gvsbuild-meson\gtk\gtkmarshalers.c:3297)
gobject-2.0-0.dll!g_closure_invoke(_GClosure * closure, _GValue * return_value, unsigned int n_param_values, const _GValue * param_values, void * invocation_hint) Line 815 (c:\gtk_md_2\debug\build\x64\release\glib\gobject\gclosure.c:815)
gobject-2.0-0.dll!signal_emit_unlocked_R(_SignalNode * node, unsigned int detail, void * instance, _GValue * emission_return, const _GValue * instance_and_params) Line 3746 (c:\gtk_md_2\debug\build\x64\release\glib\gobject\gsignal.c:3746)
gobject-2.0-0.dll!g_signal_emit_valist(void * instance, unsigned int signal_id, unsigned int detail, char * var_args) Line 3497 (c:\gtk_md_2\debug\build\x64\release\glib\gobject\gsignal.c:3497)
gobject-2.0-0.dll!g_signal_emit(void * instance, unsigned int signal_id, unsigned int detail, ...) Line 3554 (c:\gtk_md_2\debug\build\x64\release\glib\gobject\gsignal.c:3554)
gtk-3-vs16.dll!gtk_gesture_set_sequence_state(_GtkGesture * gesture, _GdkEventSequence * sequence, GtkEventSequenceState state) Line 1168 (gtk\gtkgesture.c:1168)
gtk-3-vs16.dll!_gtk_gesture_update_point(_GtkGesture * gesture, const _GdkEvent * event, int add) Line 607 (gtk\gtkgesture.c:607)
gtk-3-vs16.dll!gtk_gesture_handle_event(_GtkEventController * controller, const _GdkEvent * event) Line 741 (gtk\gtkgesture.c:741)
gtk-3-vs16.dll!gtk_gesture_single_handle_event(_GtkEventController * controller, const _GdkEvent * event) Line 222 (gtk\gtkgesturesingle.c:222)
gtk-3-vs16.dll!gtk_event_controller_handle_event(_GtkEventController * controller, const _GdkEvent * event) Line 230 (gtk\gtkeventcontroller.c:230)
gtk-3-vs16.dll!_gtk_widget_run_controllers(_GtkWidget * widget, const _GdkEvent * event, GtkPropagationPhase phase) Line 7443 (gtk\gtkwidget.c:7443)
gtk-3-vs16.dll!gtk_widget_real_button_event(_GtkWidget * widget, _GdkEventButton * event) Line 7206 (gtk\gtkwidget.c:7206)
gtk-3-vs16.dll!_gtk_marshal_BOOLEAN__BOXEDv(_GClosure * closure, _GValue * return_value, void * instance, char * args, void * marshal_data, int n_params, unsigned __int64 * param_types) Line 130 (_gvsbuild-meson\gtk\gtkmarshalers.c:130)
gobject-2.0-0.dll!g_type_class_meta_marshalv(_GClosure * closure, _GValue * return_value, void * instance, char * args, void * marshal_data, int n_params, unsigned __int64 * param_types) Line 1040 (c:\gtk_md_2\debug\build\x64\release\glib\gobject\gclosure.c:1040)
gobject-2.0-0.dll!_g_closure_invoke_va(_GClosure * closure, _GValue * return_value, void * instance, char * args, int n_params, unsigned __int64 * param_types) Line 878 (c:\gtk_md_2\debug\build\x64\release\glib\gobject\gclosure.c:878)
gobject-2.0-0.dll!g_signal_emit_valist(void * instance, unsigned int signal_id, unsigned int detail, char * var_args) Line 3412 (c:\gtk_md_2\debug\build\x64\release\glib\gobject\gsignal.c:3412)
gobject-2.0-0.dll!g_signal_emit(void * instance, unsigned int signal_id, unsigned int detail, ...) Line 3554 (c:\gtk_md_2\debug\build\x64\release\glib\gobject\gsignal.c:3554)
gtk-3-vs16.dll!gtk_widget_event_internal(_GtkWidget * widget, _GdkEvent * event) Line 7809 (gtk\gtkwidget.c:7809)
gtk-3-vs16.dll!gtk_widget_event(_GtkWidget * widget, _GdkEvent * event) Line 7379 (gtk\gtkwidget.c:7379)
gtk-3-vs16.dll!propagate_event_up(_GtkWidget * widget, _GdkEvent * event, _GtkWidget * topmost) Line 2588 (gtk\gtkmain.c:2588)
gtk-3-vs16.dll!propagate_event(_GtkWidget * widget, _GdkEvent * event, int captured, _GtkWidget * topmost) Line 2689 (gtk\gtkmain.c:2689)
gtk-3-vs16.dll!gtk_propagate_event(_GtkWidget * widget, _GdkEvent * event) Line 2726 (gtk\gtkmain.c:2726)
gtk-3-vs16.dll!gtk_main_do_event(_GdkEvent * event) Line 1922 (gtk\gtkmain.c:1922)
gdk-3-vs16.dll!_gdk_event_emit(_GdkEvent * event) Line 75 (gdk\gdkevents.c:75)
gdk-3-vs16.dll!gdk_event_dispatch(_GSource * source, int(*)(void *) callback, void * user_data) Line 3879 (gdk\win32\gdkevents-win32.c:3879)
glib-2.0-0.dll!g_main_dispatch(_GMainContext * context) Line 3337 (c:\gtk_md_2\debug\build\x64\release\glib\glib\gmain.c:3337)
glib-2.0-0.dll!g_main_context_dispatch(_GMainContext * context) Line 4060 (c:\gtk_md_2\debug\build\x64\release\glib\glib\gmain.c:4060)
glib-2.0-0.dll!g_main_context_iterate(_GMainContext * context, int block, int dispatch, _GThread * self) Line 4133 (c:\gtk_md_2\debug\build\x64\release\glib\glib\gmain.c:4133)
glib-2.0-0.dll!g_main_loop_run(_GMainLoop * loop) Line 4329 (c:\gtk_md_2\debug\build\x64\release\glib\glib\gmain.c:4329)
gtk-3-vs16.dll!gtk_main() Line 1330 (gtk\gtkmain.c:1330)
macOS 10.15.7:
_gtk_gesture_get_pointer_emulating_sequence (gtk+-3.24.28/gtk/gtkgesture.c:1823)
_gtk_widget_get_emulating_sequence (gtk+-3.24.28/gtk/gtkwidget.c:4231)
_gtk_widget_set_sequence_state_internal (gtk+-3.24.28/gtk/gtkwidget.c:4293)
event_controller_sequence_state_changed (gtk+-3.24.28/gtk/gtkwidget.c:17394)
_gtk_marshal_VOID__BOXED_ENUM (@_gtk_marshal_VOID__BOXED_ENUM:43)
g_closure_invoke (glib-2.68.0/gobject/gclosure.c:810)
signal_emit_unlocked_R (glib-2.68.0/gobject/gsignal.c:3741)
g_signal_emit_valist (glib-2.68.0/gobject/gsignal.c:3497)
g_signal_emit (glib-2.68.0/gobject/gsignal.c:3553)
gtk_gesture_set_sequence_state (gtk+-3.24.28/gtk/gtkgesture.c:1165)
_gtk_gesture_update_point (gtk+-3.24.28/gtk/gtkgesture.c:604)
gtk_gesture_handle_event (gtk+-3.24.28/gtk/gtkgesture.c:741)
gtk_gesture_single_handle_event (gtk+-3.24.28/gtk/gtkgesturesingle.c:222)
gtk_event_controller_handle_event (gtk+-3.24.28/gtk/gtkeventcontroller.c:230)
_gtk_widget_run_controllers (gtk+-3.24.28/gtk/gtkwidget.c:7443)
gtk_widget_real_button_event (gtk+-3.24.28/gtk/gtkwidget.c:7204)
_gtk_marshal_BOOLEAN__BOXEDv (@_gtk_marshal_BOOLEAN__BOXEDv:60)
g_type_class_meta_marshalv (glib-2.68.0/gobject/gclosure.c:1034)
_g_closure_invoke_va (glib-2.68.0/gobject/gclosure.c:873)
g_signal_emit_valist (glib-2.68.0/gobject/gsignal.c:3406)
g_signal_emit (glib-2.68.0/gobject/gsignal.c:3553)
gtk_widget_event_internal (gtk+-3.24.28/gtk/gtkwidget.c:7808)
gtk_widget_event (gtk+-3.24.28/gtk/gtkwidget.c:7378)
propagate_event_up (gtk+-3.24.28/gtk/gtkmain.c:2588)
propagate_event (gtk+-3.24.28/gtk/gtkmain.c:2691)
gtk_propagate_event (gtk+-3.24.28/gtk/gtkmain.c:2725)
gtk_main_do_event (gtk+-3.24.28/gtk/gtkmain.c:1921)
_gdk_event_emit (gtk+-3.24.28/gdk/gdkevents.c:73)
gdk_event_dispatch (gtk+-3.24.28/gdk/quartz/gdkeventloop-quartz.c:715)
g_main_dispatch (glib-2.68.0/glib/gmain.c:3337)
g_main_context_dispatch (glib-2.68.0/glib/gmain.c:4055)
g_main_context_iterate (glib-2.68.0/glib/gmain.c:4131)
g_main_loop_run (glib-2.68.0/glib/gmain.c:4329)
gtk_main (gtk+-3.24.28/gtk/gtkmain.c:1329)
Possible Resolution
Adding a nullptr check at gtkgesture.c for data->event
, however it would be interesting to figure out how that event got set to nullptr and allowed through in the first place.
Edited by Matthias Clasen