Bugzilla – Full Text Bug Listing
| Summary: | SWT-GTK: Release operation of Combo box may release arbitrary widget | ||
|---|---|---|---|
| Product: | [Eclipse Project] Platform | Reporter: | Ansgar Radermacher <ansgar.radermacher> |
| Component: | SWT | Assignee: | Platform-SWT-Inbox <platform-swt-inbox> |
| Status: | CLOSED DUPLICATE | QA Contact: | |
| Severity: | critical | ||
| Priority: | P3 | CC: | akurtakov, arunkumar.thondapu, eclipse.felipe, gheorghe, Silenio_Quarti |
| Version: | 3.7 | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Bug Depends on: | |||
| Bug Blocks: | 357085 | ||
Arun plese investigate (In reply to comment #1) > Arun plese investigate After a recent upgrade of my Linux distribution (openSuse 11.4) I had to deactivate malloc checks. The distribution ships a newer glibc version (2.14.1) which unlike the older version does memory checks by default. I guess that the error I reported is related with bug 320487, i.e. double call of release operations, once by the native code and a 2nd time by Java. It might either cause a double free detected by glibc or release another widget that uses the same pointer. Please try the next 4.3 integration build. This should be fix. *** This bug has been marked as a duplicate of bug 383189 *** |
A combo box has (among other handles) a button handle. When the operation pack() is called, the button handle is freed by an underlying GTK function - in this case gtk_widget_size_request() which is called by computeSize() which is turn is called by pack(). I create a test class inheriting from Combo. The function test() within this class has the following code; public void test() { int index = (int)/*64*/ OS.g_object_get_qdata (buttonHandle, display.SWT_OBJECT_INDEX) - 1; System.err.println (0 <= index && index < display.widgetTable.length ? "widget found (before)" : "widget not found (before)"); GtkRequisition requisition = new GtkRequisition (); gtk_widget_size_request (handle, requisition); index = (int)/*64*/ OS.g_object_get_qdata (buttonHandle, display.SWT_OBJECT_INDEX) - 1; System.err.println (0 <= index && index < display.widgetTable.length ? "widget found (after)" : "widget not found (after)"); } The code will produce the output on my machine (x86_64, with GTK 2.22.1 and 2.24.6, Window manager is KDE 4.6.0) widget found (before) widget not found (after) [The combo has been created within a ToolBar with the option SWT.DROP_DOWN] The problem is that the buttonHandle attribute within the Combo remains assigned (non zero) and that the removeWidget operation of the combo tries to free this handle. In the meantime, other widgets might have reclaimed the handle and thus the release operation of the combo might dispose a totally unrelated widget. This happens with Papyrus, typically an arbitrary menuitem is disposed when the combo is released, causing random null pointer exception. creation of a combo box within a toolbar (as a control)