gnustep-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crashes in GUI when applying a theme (Thematic)

From: Fred Kiefer
Subject: Re: Crashes in GUI when applying a theme (Thematic)
Date: Mon, 23 Nov 2020 19:13:57 +0100 
> Am 23.11.2020 um 17:50 schrieb Richard Frith-Macdonald 
> <richard@frithmacdonald.me.uk>:
> 
>> On 22 Nov 2020, at 22:09, Riccardo Mottola <riccardo.mottola@libero.it> 
>> wrote:
>> 
>> Riccardo Mottola wrote:
>>> #0 0x00007ffff72103ab in objc_msg_lookup () from 
>>> /usr/lib/gcc/x86_64-pc-linux-gnu/9.3.0/libobjc.so.4
>>> #1  0x00007ffff7bf976c in -[NSMenuView sizeToFit] (self=0x555555da3560, 
>>> _cmd=<optimized out>)
>>>    at /System/Library/Headers/GNUstepBase/GSIArray.h:237
>>> #2  0x00007ffff7befa79 in -[NSMenu sizeToFit] (self=0x555555db63f0, 
>>> _cmd=<optimized out>) at NSMenu.m:1562 
>> 
>> after a debugging evening with Fred, I know more, but am not much wiser.
>> 
>> [NSMenuView sizeToFit] calls _attachedMenu and [attachedMenu _owningPopUp] 
>> and the latter must be invalid because, if checked with "po" in gdb, it will 
>> crash.
>> _owningPopUp just returns _popUpButtonCell which is set and trying to print 
>> directly _attachedMenu->_popUpButtonCell does work, as inspecting it with p 
>> *(_attachedMenu->_popUpButtonCell) but sometimes I found the isa pointer to 
>> be 0x0 or in any case not accessible.
>> 
>> So we suppose that either somehow has already invalidated the object or 
>> there is memory overwriting.
>> Where in the chain Thematic - gui - base the issue is, remains open!
> 
> My investigation confirms (I used NSZombieEnabled=YES and set a breakpoint at 
> the log of the priblem, and lookd at the stack) that we have a deallocated 
> object.
> Specifically the exception is  in [[_attachedMenu _owningPopUp] pullsDown]  
> when the -pullsDown message is sent to the _owningPopUp as a result of  an 
> NSMenuView receiving a GSThemeDidActivateNotification.
> Presumably the reason is that the NSMenuView has been detached from somthing 
> in which the NSPopUpButtonCell has been deleted/deallocated, but as the view 
> has not been deallocated it still receives the notification and tried to 
> redraw.
> 
> I think adding [_menu _setOwnedByPopUp: nil] and DESTROY(_menu) near the end 
> of NSPopUpButtonCell's -dealloc may be the correct fix, since the popup 
> owns/retains the menu and appears to be leaking it.


I did some research myself and you seem to be very close to a solution. The 
best way to fix it would be to call [self setMenu: nil] at that place, but, as 
a very old changelog entry tells, I tried that before and it gave some issues 
in GNUMail. For now I will add your suggested changes and get Riccardo to test 
all his favourite applications to see whether this causes any damage.

Fred
reply via email to
[Prev in Thread] Current Thread [Next in Thread]