Skip to content

Crash of Gtk with GtkColumnView related to a focus issue

Steps to reproduce

Hello,
I found a bug in Gtk related to GtkColumnView. It’s a somewhat random crash and seems to be related to a focus issue.
I cannot reproduce the code here because it’s part of a large program, but I managed to pinpoint the issue and found a workaround.

I have a GtkColumnView that is sorted and has single selection:

column_view = gtk_column_view_new (NULL); 
gtk_scrolled_window_set_child (GTK_SCROLLED_WINDOW (scrolled_window), column_view);
for (gint i=0 ; i<PAGE_TASK_VISIBLES_COL ; i++)
{
    // creation of columns...
}

sorter = g_object_ref (gtk_column_view_get_sorter (GTK_COLUMN_VIEW (column_view))); 
model = G_LIST_MODEL (g_list_store_new (GSB_TYPE_OBJECT)); 
sorted_model = gtk_sort_list_model_new (model, sorter); 
selection = gtk_single_selection_new (G_LIST_MODEL (sorted_model));   
gtk_column_view_set_model (GTK_COLUMN_VIEW (column_view), GTK_SELECTION_MODEL (selection));
gtk_column_view_sort_by_column (GTK_COLUMN_VIEW (column_view), column_sort_first, GTK_SORT_DESCENDING);

The list works fine; the bug occurs when I open a dialog box (created with gtk_window_new, with modal and transient), and when I close it, the GtkColumnView is cleared and then filled again.
This is when the crash occurs, and not on the first attempt; it’s more or less random (more or less because I eventually found a sequence of operations to consistently reproduce the crash, which helped me investigate the issue).

Valgrind hinted at a focus issue, and I managed to work around the problem by adding the following line before creating the dialog:

gtk_window_set_focus (GTK_WINDOW (window), NULL);

Since then, no more crashes.

Below is the GDB backtrace, which isn’t very helpful, and the Valgrind output:

Version information

version 4.16.7 Archlinux

Warnings

Aucun warning

Backtrace

**GDB Backtrace:**

Thread 1 "clovis" received signal SIGSEGV, Segmentation fault.
0x00007ffff76a8c5d in ?? () from /usr/lib/libgtk-4.so.1
(gdb) bt
#0 0x00007ffff76a8c5d in ?? () from /usr/lib/libgtk-4.so.1
#1 0x00007ffff76ab00d in ?? () from /usr/lib/libgtk-4.so.1
#2 0x00007ffff768e204 in ?? () from /usr/lib/libgtk-4.so.1
#3 0x00007ffff768e504 in ?? () from /usr/lib/libgtk-4.so.1
#4 0x00007ffff768e5ea in ?? () from /usr/lib/libgtk-4.so.1
#5 0x00007ffff780818e in ?? () from /usr/lib/libgtk-4.so.1
#6 0x00007ffff6fcae1c in ?? () from /usr/lib/libgobject-2.0.so.0
#7 0x00007ffff6fcaf32 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#8 0x00007ffff6fcaff4 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#9 0x00007ffff74f87c0 in ?? () from /usr/lib/libgtk-4.so.1
#10 0x00007ffff7672692 in ?? () from /usr/lib/libgtk-4.so.1
#11 0x00007ffff757d4c0 in ?? () from /usr/lib/libgtk-4.so.1
#12 0x00007ffff780818e in ?? () from /usr/lib/libgtk-4.so.1
#13 0x00007ffff789f0bb in ?? () from /usr/lib/libgtk-4.so.1
#14 0x00007ffff6fcae1c in ?? () from /usr/lib/libgobject-2.0.so.0
#15 0x00007ffff6fcaf32 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#16 0x00007ffff6fcaff4 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#17 0x00007ffff7957d5b in ?? () from /usr/lib/libgtk-4.so.1
#18 0x00007ffff780de8c in ?? () from /usr/lib/libgtk-4.so.1
#19 0x00007ffff6ea5559 in ?? () from /usr/lib/libglib-2.0.so.0
#20 0x00007ffff6f08157 in ?? () from /usr/lib/libglib-2.0.so.0
#21 0x00007ffff6ea4a55 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#22 0x00007ffff714ecb6 in g_application_run () from /usr/lib/libgio-2.0.so.0
#23 0x00005555555c1df3 in main (argc=1, argv=0x7fffffffe728) at src/main.c:122

---

**Valgrind Log:**

==41697== Invalid read of size 8
==41697== at 0x4C13C5D: UnknownInlinedFun (gtkwidgetprivate.h:379)
==41697== by 0x4C13C5D: gtk_column_view_row_widget_get_column_view (gtkcolumnviewrowwidget.c:45)
==41697== by 0x4C1600C: UnknownInlinedFun (gtkcolumnviewrowwidget.c:356)
==41697== by 0x4C1600C: gtk_column_view_row_widget_set_focus_child (gtkcolumnviewrowwidget.c:347)
==41697== by 0x4BF9203: synthesize_focus_change_events.lto_priv.0 (gtkwindow.c:5116)
==41697== by 0x4BF9503: _gtk_window_set_is_active (gtkwindow.c:5916)
==41697== by 0x4BF95E9: UnknownInlinedFun (gtkwindow.c:4791)
==41697== by 0x4BF95E9: gtk_window_handle_focus.lto_priv.0 (gtkwindow.c:4779)
==41697== by 0x4D7318D: _gdk_marshal_BOOLEAN__POINTERv (gdkmarshalers.c:302)
==41697== by 0x5854E1B: UnknownInlinedFun (gclosure.c:896)
==41697== by 0x5854E1B: signal_emit_valist_unlocked (gsignal.c:3423)
==41697== by 0x5854F31: g_signal_emit_valist (gsignal.c:3262)
==41697== by 0x5854FF3: g_signal_emit (gsignal.c:3582)
==41697== by 0x4A637BF: gtk_event_controller_legacy_handle_event (gtkeventcontrollerlegacy.c:66)
==41697== by 0x4BDD691: UnknownInlinedFun (gtkeventcontroller.c:363)
==41697== by 0x4BDD691: gtk_widget_run_controllers (gtkwidget.c:4594)
==41697== by 0x4AE84BF: gtk_main_do_event (gtkmain.c:1666)
==41697== Address 0x18 is not stack'd, malloc'd or (recently) free'd
==41697==
Edited by Andre Klapper