358240 – SWT-GTK: Release operation of Combo box may release arbitrary widget

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 358240 - SWT-GTK: Release operation of Combo box may release arbitrary widget

Summary: SWT-GTK: Release operation of Combo box may release arbitrary widget

Status:	CLOSED DUPLICATE of bug 383189

Alias:	None

Product:	Platform
Classification:	Eclipse Project
Component:	SWT (show other bugs)
Version:	3.7
Hardware:	PC Linux

Importance:	P3 critical (vote)
Target Milestone:	---
Assignee:	Platform-SWT-Inbox
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	357085
	Show dependency tree

Reported:	2011-09-20 09:06 EDT by Ansgar Radermacher
Modified:	2012-08-31 12:38 EDT (History)
CC List:	5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ansgar Radermacher

2011-09-20 09:06:57 EDT

A combo box has (among other handles) a button handle. When the operation pack() is called, the button handle is freed by an underlying GTK function - in this case gtk_widget_size_request() which is called by computeSize() which is turn is called by pack().

I create a test class inheriting from Combo. The function test() within this class has the following code;

public void test() {
  int index = (int)/*64*/ OS.g_object_get_qdata (buttonHandle, display.SWT_OBJECT_INDEX) - 1;
  System.err.println (0 <= index && index < display.widgetTable.length ?
    "widget found (before)" : "widget not found (before)");
  GtkRequisition requisition = new GtkRequisition ();
  gtk_widget_size_request (handle, requisition);
  index = (int)/*64*/ OS.g_object_get_qdata (buttonHandle, display.SWT_OBJECT_INDEX) - 1;
  System.err.println (0 <= index && index < display.widgetTable.length ?
    "widget found (after)" : "widget not found (after)");
}

The code will produce the output on my machine (x86_64, with GTK 2.22.1 and 2.24.6, Window manager is KDE 4.6.0)
  widget found (before)
  widget not found (after)
[The combo has been created within a ToolBar with the option SWT.DROP_DOWN]

The problem is that the buttonHandle attribute within the Combo remains assigned (non zero) and that the removeWidget operation of the combo tries to free this handle. In the meantime, other widgets might have reclaimed the handle and thus the release operation of the combo might dispose a totally unrelated widget. This happens with Papyrus, typically an arbitrary menuitem is disposed when the combo is released, causing random null pointer exception.
creation of a combo box within a toolbar (as a control)

Comment 1 Felipe Heidrich

2011-09-26 15:03:24 EDT

Arun plese investigate

Comment 2 Ansgar Radermacher

2011-12-13 17:18:12 EST

(In reply to comment #1)
> Arun plese investigate

After a recent upgrade of my Linux distribution (openSuse 11.4) I had to deactivate malloc checks. The distribution ships a newer glibc version (2.14.1) which unlike the older version does memory checks by default. I guess that the error I reported is related with bug 320487, i.e. double call of release operations, once by the native code and a 2nd time by Java. It might either cause a double free detected by glibc or release another widget that uses the same pointer.

Comment 3 Silenio Quarti

2012-08-31 12:38:43 EDT

Please try the next 4.3 integration build. This should be fix.

*** This bug has been marked as a duplicate of bug 383189 ***