Re: [gtk-osx-users] crash on updateTrackingRect is BAAACK

From: John Ralls <jralls ceridwen us>
To: Allin Cottrell <cottrell wfu edu>
Cc: gtk-osx-users-list gnome org
Subject: Re: [gtk-osx-users] crash on updateTrackingRect is BAAACK
Date: Mon, 16 Nov 2020 14:06:37 -0800

On Nov 16, 2020, at 1:46 PM, Allin Cottrell via gtk-osx-users-list <gtk-osx-users-list gnome org> wrote:

Back in 2106 there was a thread concerning a crash on macOS when (a) a GTK window is maximized, then (b) 
the user tries to close the maximized window via the quartz control button ("x"). See
https://mail.gnome.org/archives/gtk-osx-users-list/2016-February/msg00005.html
and following.

I thought we were done with that; there seemed to be fix in hand and no more was heard of the problem. But 
now I'm seeing the same thing again -- this is with GTK 2.24.32 on macOS 10.15.7. The crash report from the 
OS looks just like before, with the coup de grace in this sequence:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libgdk-quartz-2.0.0.dylib 0x000000010bb690a5 -[GdkQuartzView updateTrackingRect] + 37
1 libgdk-quartz-2.0.0.dylib 0x000000010bb69249 -[GdkQuartzView setFrame:] + 105
2 com.apple.AppKit          0x00007fff2d5d889b -[NSThemeFrame setStyleMask:] + 1008

Any ideas on what might have changed to allow this bug to re-emerge?

Just for reference, here's the code for the function at issue, in GdkQuartzView.c. In 2016 the problem was 
handled by checking for "!impl" as well as "!impl->toplevel" before doing anything substantive. Now 
apparently that is not sufficient.

-(void)updateTrackingRect
{
 GdkWindowObject *private = GDK_WINDOW_OBJECT (gdk_window);
 GdkWindowImplQuartz *impl = GDK_WINDOW_IMPL_QUARTZ (private->impl);
 NSRect rect;

 if (!impl || !impl->toplevel)
   return;

 if (trackingRect)
   {
     [self removeTrackingRect: trackingRect];
     trackingRect = 0;
   }

 if (!impl->toplevel)
   return;

 /* Note, if we want to set assumeInside we can use:
  * NSPointInRect ([[self window] convertScreenToBase:[NSEvent mouseLocation]], rect)
  */

 rect = [self bounds];
 trackingRect = [self addTrackingRect: rect
   owner: self
   userData: nil
   assumeInside: NO];
}


It's probably a use-after-free where private->impl has been freed but not NULLed. Address sanitizer is the 
fastest way to track down problems like that. I haven't been working much with Gtk2 in the last couple of 
years but The GIMP still does. Unfortunately I don't think any of them subscribe here so I suggest you open 
an issue at https://gitlab.gnome.org/GNOME/gtk.

Regards,
John Ralls

Follow-Ups:
- Re: [gtk-osx-users] crash on updateTrackingRect is BAAACK
  - From: Emmanuele Bassi
- Re: [gtk-osx-users] crash on updateTrackingRect is BAAACK
  - From: Allin Cottrell

References:
- [gtk-osx-users] crash on updateTrackingRect is BAAACK
  - From: Allin Cottrell

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]