Summary: | [GTK] JVM crash in Table.createColumn() in virtual tables | ||||||
---|---|---|---|---|---|---|---|
Product: | [Eclipse Project] Platform | Reporter: | Alexandr Miloslavskiy <alexandr.miloslavskiy> | ||||
Component: | SWT | Assignee: | Platform-SWT-Inbox <platform-swt-inbox> | ||||
Status: | NEW --- | QA Contact: | |||||
Severity: | normal | ||||||
Priority: | P3 | CC: | alexandr.miloslavskiy, meteor007, torokati44, ts-swt | ||||
Version: | 4.21 | ||||||
Target Milestone: | --- | ||||||
Hardware: | PC | ||||||
OS: | Linux | ||||||
See Also: |
https://bugs.eclipse.org/bugs/show_bug.cgi?id=547623 https://bugs.eclipse.org/bugs/show_bug.cgi?id=182598 https://git.eclipse.org/r/c/platform/eclipse.platform.swt/+/184895 https://git.eclipse.org/r/c/platform/eclipse.platform.swt/+/184897 https://git.eclipse.org/c/platform/eclipse.platform.swt.git/commit/?id=9763bac261b7a71fbc6c16c5a3b9416e290f6dcf https://git.eclipse.org/c/platform/eclipse.platform.swt.git/commit/?id=5be1cd898482a1f20f91fd24ae10839ac97654bb https://bugs.eclipse.org/bugs/show_bug.cgi?id=577268 |
||||||
Whiteboard: | |||||||
Attachments: |
|
Description
Alexandr Miloslavskiy
2021-06-02 18:00:57 EDT
Created attachment 286511 [details] Test snippet Use test snippet to reproduce. Example crash: -------- Stack: [0x00007fd96cf5d000,0x00007fd96d05e000], sp=0x00007fd96d05a790, free space=1013k Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code) C [libgtk-3.so.0+0x35ac62] gtk_tree_model_get_valist+0x112 Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) j org.eclipse.swt.internal.gtk.GTK.gtk_tree_model_get(JJI[JI)V+0 j org.eclipse.swt.widgets.TableItem._getText(I)Ljava/lang/String;+76 j org.eclipse.swt.widgets.TableItem.setText(ILjava/lang/String;)V+22 j org.eclipse.swt.widgets.TableItem.setText(Ljava/lang/String;)V+7 j Bug573932_JvmCrash_TableColumn.lambda$main$0(Lorg/eclipse/swt/widgets/Event;)V+16 j Bug573932_JvmCrash_TableColumn$$Lambda$29.handleEvent(Lorg/eclipse/swt/widgets/Event;)V+1 j org.eclipse.swt.widgets.EventTable.sendEvent(Lorg/eclipse/swt/widgets/Event;)V+218 j org.eclipse.swt.widgets.Display.sendEvent(Lorg/eclipse/swt/widgets/EventTable;Lorg/eclipse/swt/widgets/Event;)V+12 j org.eclipse.swt.widgets.Widget.sendEvent(Lorg/eclipse/swt/widgets/Event;)V+26 j org.eclipse.swt.widgets.Widget.sendEvent(ILorg/eclipse/swt/widgets/Event;Z)V+73 j org.eclipse.swt.widgets.Widget.sendEvent(ILorg/eclipse/swt/widgets/Event;)V+4 j org.eclipse.swt.widgets.Table.checkData(Lorg/eclipse/swt/widgets/TableItem;)Z+107 j org.eclipse.swt.widgets.Table.cellDataProc(JJJJJ)J+224 j org.eclipse.swt.widgets.Display.cellDataProc(JJJJJ)J+25 v ~StubRoutines::call_stub j org.eclipse.swt.internal.gtk.GTK.gtk_list_store_remove(JJ)V+0 j org.eclipse.swt.widgets.Table.createColumn(Lorg/eclipse/swt/widgets/TableColumn;I)V+409 j org.eclipse.swt.widgets.Table.createItem(Lorg/eclipse/swt/widgets/TableColumn;I)V+95 j org.eclipse.swt.widgets.TableColumn.createWidget(I)V+6 j org.eclipse.swt.widgets.TableColumn.<init>(Lorg/eclipse/swt/widgets/Table;I)V+24 j Bug573932_JvmCrash_TableColumn.lambda$main$1(Lorg/eclipse/swt/widgets/Table;Lorg/eclipse/swt/widgets/Event;)V+10 j Bug573932_JvmCrash_TableColumn$$Lambda$30.handleEvent(Lorg/eclipse/swt/widgets/Event;)V+5 j org.eclipse.swt.widgets.EventTable.sendEvent(Lorg/eclipse/swt/widgets/Event;)V+218 j org.eclipse.swt.widgets.Display.sendEvent(Lorg/eclipse/swt/widgets/EventTable;Lorg/eclipse/swt/widgets/Event;)V+12 j org.eclipse.swt.widgets.Widget.sendEvent(Lorg/eclipse/swt/widgets/Event;)V+26 j org.eclipse.swt.widgets.Display.runDeferredEvents()Z+96 J 738 c1 org.eclipse.swt.widgets.Display.readAndDispatch()Z (90 bytes) @ 0x00007fd950f31124 [0x00007fd950f30b80+0x00000000000005a4] j Bug573932_JvmCrash_TableColumn.main([Ljava/lang/String;)V+156 v ~StubRoutines::call_stub siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x0000000000000030 -------- Another way to crash is to add 'SetData' listener and call 'TableItem.getBoundsinPixels()' from it. The problem develops as follows: 1) User's code inserts a new column 2) SWT finds that it needs to resize model in 'Table.createColumn()' 3) 'Table.createColumn()' calls 'GTK.gtk_list_store_remove()' for item #0 4) GTK fires 'row-deleted' signal 5) GTK wants to update the next surviving item GTK sees it as item #0, because SWT just deleted previous item #0 SWT however knows this as item#1, because deletion is merely due to rebuilding model 6) GTK eventually calls 'Table.cellDataProc()' 7) 'Table.cellDataProc()' calls 'gtk_tree_model_get_path()' to get item's index 8) GTK returns #0 (see explanation in point 5) 9) SWT translates it to 'TableItem' #0 which has dead handle (see point 3) 10) SWT sends 'SWT.SetData' to user's code 11) User's code does 'TableItem.setText()' 12) GTK crashes because 'TableItem.handle' is dead (see point 3). New Gerrit change created: https://git.eclipse.org/r/c/platform/eclipse.platform.swt/+/184895 New Gerrit change created: https://git.eclipse.org/r/c/platform/eclipse.platform.swt/+/184897 Gerrit change https://git.eclipse.org/r/c/platform/eclipse.platform.swt/+/184895 was merged to [master]. Commit: http://git.eclipse.org/c/platform/eclipse.platform.swt.git/commit/?id=9763bac261b7a71fbc6c16c5a3b9416e290f6dcf Gerrit change https://git.eclipse.org/r/c/platform/eclipse.platform.swt/+/184897 was merged to [master]. Commit: http://git.eclipse.org/c/platform/eclipse.platform.swt.git/commit/?id=5be1cd898482a1f20f91fd24ae10839ac97654bb |