When shortcut is changing, keypress handler gtk_cell_editable_event_box_key_press_event calls gtk_grab_remove, but _gtk_window_group_remove_grab tries to remove grab from wrong window_group (not the group used to add grab in gtk_grab_add -> _gtk_window_group_add_grab). Grab remove fails and stale pointer is kept in grab lists of original group. With valgrind I see errors on access with this stale pointer:
==21822== Invalid read of size 8 ==21822== at 0x578DEFF: window_group_cleanup_grabs (gtkwindowgroup.c:111) ==21822== by 0x578E38C: gtk_window_group_add_window (gtkwindowgroup.c:176) ==21822== by 0x577AD36: gtk_window_set_transient_for (gtkwindow.c:3332) ==21822== by 0x56FCD22: gtk_tooltip_set_last_window (gtktooltip.c:808) ==21822== by 0x56FE9C9: gtk_tooltip_handle_event_internal (gtktooltip.c:1432) ==21822== by 0x56FE934: _gtk_tooltip_handle_event (gtktooltip.c:1413) ==21822== by 0x55811E2: gtk_main_do_event (gtkmain.c:1938) ==21822== by 0x5D34548: _gdk_event_emit (gdkevents.c:73) ==21822== by 0x5D7ABD1: gdk_event_source_dispatch (gdkeventsource.c:367) ==21822== by 0x6F65177: g_main_dispatch (gmain.c:3203) ==21822== by 0x6F660BA: g_main_context_dispatch (gmain.c:3856) ==21822== by 0x6F662AE: g_main_context_iterate (gmain.c:3929) ==21822== Address 0x16279328 is 344 bytes inside a block of size 416 free'd ==21822== at 0x4C2DD5B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21822== by 0x6F6D990: g_free (gmem.c:189) ==21822== by 0x6F88997: g_slice_free1 (gslice.c:1136) ==21822== by 0x6CEAE5D: g_type_free_instance (gtype.c:1937) ==21822== by 0x6CD4F15: g_object_unref (gobject.c:3196) ==21822== by 0x5784A47: gtk_window_propagate_key_event (gtkwindow.c:8141) ==21822== by 0x5784AA0: gtk_window_key_press_event (gtkwindow.c:8159) ==21822== by 0x5583B9C: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:131) ==21822== by 0x6CC8CC7: g_type_class_meta_marshalv (gclosure.c:1024) ==21822== by 0x6CC8849: _g_closure_invoke_va (gclosure.c:867) ==21822== by 0x6CE40E2: g_signal_emit_valist (gsignal.c:3300) ==21822== by 0x6CE52FE: g_signal_emit (gsignal.c:3447) ==21822== Block was alloc'd at ==21822== at 0x4C2CB2F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21822== by 0x6F6D827: g_malloc (gmem.c:94) ==21822== by 0x6F8875B: g_slice_alloc (gslice.c:1025) ==21822== by 0x6F8879B: g_slice_alloc0 (gslice.c:1051) ==21822== by 0x6CEA95E: g_type_create_instance (gtype.c:1839) ==21822== by 0x6CD135B: g_object_new_internal (gobject.c:1783) ==21822== by 0x6CD20D1: g_object_new_valist (gobject.c:2042) ==21822== by 0x6CD0F44: g_object_new (gobject.c:1626) ==21822== by 0x543ABB9: gtk_cell_editable_event_box_new (gtkcellrendereraccel.c:803) Wrong gtk_grab_remove was called from the gtk_window_propagate_key_event: ==21822== by 0x578EE1B: _gtk_window_group_remove_grab (gtkwindowgroup.c:291) ==21822== by 0x5581ABE: gtk_grab_remove (gtkmain.c:2285) ==21822== by 0x543A56A: gtk_cell_editable_event_box_key_press_event (gtkcellrendereraccel.c:645) ==21822== by 0x5583B9C: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:131) ==21822== by 0x6CC8CC7: g_type_class_meta_marshalv (gclosure.c:1024) ==21822== by 0x6CC8849: _g_closure_invoke_va (gclosure.c:867) ==21822== by 0x6CE40E2: g_signal_emit_valist (gsignal.c:3300) ==21822== by 0x6CE52FE: g_signal_emit (gsignal.c:3447) ==21822== by 0x575F9BD: gtk_widget_event_internal (gtkwidget.c:7723) ==21822== by 0x575ED7F: gtk_widget_event (gtkwidget.c:7293) ==21822== by 0x57849C4: gtk_window_propagate_key_event (gtkwindow.c:8126) ** Attachment removed: "ProcMaps.txt" https://bugs.launchpad.net/ubuntu/+source/mate-terminal/+bug/1667227/+attachment/4825038/+files/ProcMaps.txt ** Information type changed from Private to Public ** Also affects: gnome-terminal (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-terminal in Ubuntu. https://bugs.launchpad.net/bugs/1667227 Title: mate-terminal crashed with SIGSEGV in g_type_check_instance_is_a() - while editing Keyboard Shortcuts Status in gnome-terminal package in Ubuntu: New Status in mate-terminal package in Ubuntu: New Bug description: 1) $ lsb_release -rd Description: Ubuntu Zesty Zapus (development branch) Release: 17.04 Installed as Ubuntu-MATE 17.04 "Zesty Zapus" - Alpha amd64 2) $ apt-cache policy mate-terminal mate-terminal: Installed: 1.17.0-0ubuntu1 Candidate: 1.17.0-0ubuntu1 3) Open mate-terminal Select "Edit" -> "Keyboard Shortcuts" Select "Help"->"Contents", click on default shortcut key "F1" to change Try to set it to various key sequences. Sometimes bug is triggered by pressing "Fn" key with some of Alt/Ctrl/Shift, sometimes by selecting Ctrl-Shift-W / Crtl-Shift-Alt-W Expected: changed keyboard shortcut for "Help"->"Contents" 4) Abort and closed mate-terminal ProblemType: Crash DistroRelease: Ubuntu 17.04 Package: mate-terminal 1.17.0-0ubuntu1 ProcVersionSignature: Ubuntu 4.10.0-8.10-generic 4.10.0-rc8 Uname: Linux 4.10.0-8-generic x86_64 ApportVersion: 2.20.4-0ubuntu2 Architecture: amd64 CurrentDesktop: MATE Date: Thu Feb 23 09:33:19 2017 ExecutablePath: /usr/bin/mate-terminal ExecutableTimestamp: 1484233434 InstallationDate: Installed on 2017-02-22 (1 days ago) InstallationMedia: Ubuntu-MATE 17.04 "Zesty Zapus" - Alpha amd64 (20170125) ProcCmdline: mate-terminal ProcCwd: /home/user SegvAnalysis: Segfault happened at: 0x7f883e41c321 <g_type_check_instance_is_a+65>: testb $0x4,0x16(%rax) PC (0x7f883e41c321) ok source "$0x4" ok destination "0x16(%rax)" (0x70000001e) not located in a known VMA region (needed writable region)! SegvReason: writing unknown VMA Signal: 11 SourcePackage: mate-terminal StacktraceTop: g_type_check_instance_is_a () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 gtk_widget_get_toplevel () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 gtk_window_group_add_window () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 gtk_window_set_transient_for () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 Title: mate-terminal crashed with SIGSEGV in g_type_check_instance_is_a() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-terminal/+bug/1667227/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
