gtk4-rs [BUG] ` gtk4::ComboBoxText.emit

[BUG] ` gtk4::ComboBoxText.emit_popup` cause crash

Open qarmin opened this issue 3 years ago • 1 comments

System:    Host: rafalkom Kernel: 5.13.0-28-generic x86_64 bits: 64 compiler: gcc v: 11.2.0 Desktop: GNOME 40.5 
           tk: GTK 3.24.30 wm: gnome-shell dm: GDM3 Distro: Ubuntu 21.10 (Impish Indri)

RUST_BACKTRACE=full RUSTFLAGS=-Zsanitizer=address RUSTDOCFLAGS=-Zsanitizer=address cargo run  -Zbuild-std --target x86_64-unknown-linux-gnu

Bug description

let object_551 = ComboBoxText::new(); // ComboBoxText
object_551.emit_popup();

cause crash:

(crash_thing:66042): Gtk-WARNING **: 17:36:53.908: Child name 'main' not found in GtkStack

(crash_thing:66042): Gtk-WARNING **: 17:36:53.908: Calling gtk_widget_realize() on a widget that isn't inside a toplevel window is not going to work very well. Widgets must be inside a toplevel container before realizing them.

(crash_thing:66042): Gtk-CRITICAL **: 17:36:53.908: gtk_native_get_surface: assertion 'GTK_IS_NATIVE (self)' failed

(crash_thing:66042): Gdk-CRITICAL **: 17:36:53.908: gdk_surface_new_popup: assertion 'GDK_IS_SURFACE (parent)' failed
AddressSanitizer:DEADLYSIGNAL
=================================================================
==66042==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000048 (pc 0x7f19b64ec1f8 bp 0x6290001a02b0 sp 0x7ffcd355c250 T0)
==66042==The signal is caused by a WRITE memory access.
==66042==Hint: address points to the zero page.
    #0 0x7f19b64ec1f8  (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x1f71f8)
    #1 0x7f19b5f2396f  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x3196f)
    #2 0x7f19b5f23ad2  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31ad2)
    #3 0x7f19b65e3404  (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x2ee404)
    #4 0x7f19b64ed8f8  (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x1f88f8)
    #5 0x7f19b5f05c0e  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x13c0e)
    #6 0x7f19b5f21b04  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2fb04)
    #7 0x7f19b5f23883  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31883)
    #8 0x7f19b5f23ad2  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31ad2)
    #9 0x7f19b65e18bd  (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x2ec8bd)
    #10 0x7f19b5f05c0e  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x13c0e)
    #11 0x7f19b5f21893  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2f893)
    #12 0x5564b71841e0  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x3311e0)
    #13 0x5564b7184946  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x331946)
    #14 0x5564b7184c67  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x331c67)
    #15 0x5564b7184d41  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x331d41)
    #16 0x5564b7182256  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x32f256)
    #17 0x5564b717b487  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x328487)
    #18 0x5564b717aa6a  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x327a6a)
    #19 0x7f19b5f05c0e  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x13c0e)
    #20 0x7f19b5f21ea5  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2fea5)
    #21 0x7f19b5f23883  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31883)
    #22 0x7f19b5f23ad2  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31ad2)
    #23 0x7f19b60289d7  (/lib/x86_64-linux-gnu/libgio-2.0.so.0+0xdb9d7)
    #24 0x7f19b6028bb5  (/lib/x86_64-linux-gnu/libgio-2.0.so.0+0xdbbb5)
    #25 0x5564b717bee8  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x328ee8)
    #26 0x5564b717b8d7  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x3288d7)
    #27 0x5564b7181e86  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x32ee86)
    #28 0x5564b718665a  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x33365a)
    #29 0x5564b7180d14  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x32dd14)
    #30 0x5564b717caf3  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x329af3)
    #31 0x5564b79ad39d  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb5a39d)
    #32 0x5564b79bb48e  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb6848e)
    #33 0x5564b79c463a  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb7163a)
    #34 0x5564b79b9732  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb66732)
    #35 0x5564b776ba49  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x918a49)
    #36 0x5564b7808abb  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x9b5abb)
    #37 0x5564b79bb28d  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb6828d)
    #38 0x5564b79c463a  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb7163a)
    #39 0x5564b79ba42b  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb6742b)
    #40 0x5564b776bd69  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x918d69)
    #41 0x5564b7808409  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x9b5409)
    #42 0x5564b717ca55  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x329a55)
    #43 0x5564b718249b  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x32f49b)
    #44 0x7f19b5ac1fcf  (/lib/x86_64-linux-gnu/libc.so.6+0x2dfcf)
    #45 0x7f19b5ac207c  (/lib/x86_64-linux-gnu/libc.so.6+0x2e07c)
    #46 0x5564b70e81e4  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x2951e4)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x1f71f8) 
==66042==ABORTING

Issue found by fuzzer - https://github.com/qarmin/gtk-rs-fuzzer

Feb 09 '22 16:02 qarmin

That looks a programmer mistake: you have to add it to a window, etc for this to work. It still shouldn't segfault (some more assertions needed in the C code), but also there are lots of critical warnings before already.

Feb 11 '22 10:02 sdroege

gtk4-rs gtk4-rs copied to clipboard

[BUG] ` gtk4::ComboBoxText.emit_popup` cause crash

gtk4-rs
gtk4-rs copied to clipboard