[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #61727] Premature cleanup in NSPopUpButtonCell -dealloc crashes app
|
From: |
Yavor Doganov |
|
Subject: |
[bug #61727] Premature cleanup in NSPopUpButtonCell -dealloc crashes application |
|
Date: |
Thu, 23 Dec 2021 10:40:11 -0500 (EST) |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0 |
URL:
<https://savannah.gnu.org/bugs/?61727>
Summary: Premature cleanup in NSPopUpButtonCell -dealloc
crashes application
Project: GNUstep
Submitted by: yavor
Submitted on: Thu 23 Dec 2021 05:40:10 PM EET
Category: Gui/AppKit
Severity: 3 - Normal
Item Group: Bug
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
GTAMSAnalyzer crashes with GUI 0.29; backtrace at
https://bugs.debian.org/1001537. Cannot reproduce with earlier GUI versions.
Relevant valgrind output:
==6853== Process terminating with default action of signal 11 (SIGSEGV)
==6853== Access not within mapped region at address 0xDEADFB0E
==6853== at 0x569CD55: objc_msg_lookup (sendmsg.c:442)
==6853== by 0x4AD1DBA: _i_NSApplication__targetForAction_to_from_
(NSApplication.m:2294)
==6853== by 0x4B93B67: _i_NSMenu___autoenableItem_ (NSMenu.m:1179)
==6853== by 0x4B98D36: _i_NSMenu__update (NSMenu.m:1255)
==6853== by 0x4BBE5E0: _i_NSPopUpButtonCell__setMenuItem_
(NSPopUpButtonCell.m:640)
==6853== by 0x4BBEDEB:
_i_NSPopUpButtonCell__synchronizeTitleAndSelectedItem
(NSPopUpButtonCell.m:842)
==6853== by 0x4BBFA1A: _i_NSPopUpButtonCell__dealloc
(NSPopUpButtonCell.m:152)
==6853== by 0x4B2B1C0: _i_NSControl__dealloc (NSControl.m:125)
==6853== by 0x4C46BDB: _i_NSView__removeSubview_ (NSView.m:965)
==6853== by 0x4C55B6F: _i_NSView__dealloc (NSView.m:745)
==6853== by 0x4C46BDB: _i_NSView__removeSubview_ (NSView.m:965)
==6853== by 0x4C55B6F: _i_NSView__dealloc (NSView.m:745)
If I revert commit b7f5fb2, the problem goes away. I think what is happening
is exactly as described in the code comment which was deleted in that commit:
/*
* We don't use methods here to clean up the selected item, the menu
* item and the menu as these methods internally update the menu,
* which tries to access the target of the menu item (or of this cell).
* When the popup is relases this target may already have been freed,
* so the local reference to it is invalid and will result in a
* segmentation fault.
*/
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?61727>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
- [bug #61727] Premature cleanup in NSPopUpButtonCell -dealloc crashes application,
Yavor Doganov <=
- [bug #61727] Premature cleanup in NSPopUpButtonCell -dealloc crashes application, Ivan Vučica, 2021/12/23
- [bug #61727] Premature cleanup in NSPopUpButtonCell -dealloc crashes application, Ivan Vučica, 2021/12/23
- [bug #61727] Premature cleanup in NSPopUpButtonCell -dealloc crashes application, Riccardo Mottola, 2021/12/23
- [bug #61727] Premature cleanup in NSPopUpButtonCell -dealloc crashes application, Yavor Doganov, 2021/12/24
- [bug #61727] Premature cleanup in NSPopUpButtonCell -dealloc crashes application, Riccardo Mottola, 2021/12/24
- [bug #61727] Premature cleanup in NSPopUpButtonCell -dealloc crashes application, Sergei Golovin, 2021/12/25
- [bug #61727] Premature cleanup in NSPopUpButtonCell -dealloc crashes application, Sergei Golovin, 2021/12/26
- [bug #61727] Premature cleanup in NSPopUpButtonCell -dealloc crashes application, Fred Kiefer, 2021/12/26
- [bug #61727] Premature cleanup in NSPopUpButtonCell -dealloc crashes application, Yavor Doganov, 2021/12/26
- [bug #61727] Premature cleanup in NSPopUpButtonCell -dealloc crashes application, Fred Kiefer, 2021/12/27