Bug 573932 - [GTK] JVM crash in Table.createColumn() in virtual tables
Summary: [GTK] JVM crash in Table.createColumn() in virtual tables
Status: NEW
Alias: None
Product: Platform
Classification: Eclipse Project
Component: SWT (show other bugs)
Version: 4.21   Edit
Hardware: PC Linux
: P3 normal with 2 votes (vote)
Target Milestone: ---   Edit
Assignee: Platform-SWT-Inbox CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-02 18:00 EDT by Alexandr Miloslavskiy CLA
Modified: 2021-11-16 18:45 EST (History)
4 users (show)

See Also:

Attachments
Test snippet (1.70 KB, application/octet-stream)
2021-06-02 18:05 EDT, Alexandr Miloslavskiy CLA 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandr Miloslavskiy CLA 2021-06-02 18:00:57 EDT 

    


    


      



        
          Comment 1
        

        
          Alexandr Miloslavskiy CLA

        

        
        

        
          2021-06-02 18:05:59 EDT
        

      






Created attachment 286511 [details]
Test snippet

Use test snippet to reproduce.

Example crash:
--------
Stack: [0x00007fd96cf5d000,0x00007fd96d05e000],  sp=0x00007fd96d05a790,  free space=1013k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  [libgtk-3.so.0+0x35ac62]  gtk_tree_model_get_valist+0x112

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j  org.eclipse.swt.internal.gtk.GTK.gtk_tree_model_get(JJI[JI)V+0
j  org.eclipse.swt.widgets.TableItem._getText(I)Ljava/lang/String;+76
j  org.eclipse.swt.widgets.TableItem.setText(ILjava/lang/String;)V+22
j  org.eclipse.swt.widgets.TableItem.setText(Ljava/lang/String;)V+7
j  Bug573932_JvmCrash_TableColumn.lambda$main$0(Lorg/eclipse/swt/widgets/Event;)V+16
j  Bug573932_JvmCrash_TableColumn$$Lambda$29.handleEvent(Lorg/eclipse/swt/widgets/Event;)V+1
j  org.eclipse.swt.widgets.EventTable.sendEvent(Lorg/eclipse/swt/widgets/Event;)V+218
j  org.eclipse.swt.widgets.Display.sendEvent(Lorg/eclipse/swt/widgets/EventTable;Lorg/eclipse/swt/widgets/Event;)V+12
j  org.eclipse.swt.widgets.Widget.sendEvent(Lorg/eclipse/swt/widgets/Event;)V+26
j  org.eclipse.swt.widgets.Widget.sendEvent(ILorg/eclipse/swt/widgets/Event;Z)V+73
j  org.eclipse.swt.widgets.Widget.sendEvent(ILorg/eclipse/swt/widgets/Event;)V+4
j  org.eclipse.swt.widgets.Table.checkData(Lorg/eclipse/swt/widgets/TableItem;)Z+107
j  org.eclipse.swt.widgets.Table.cellDataProc(JJJJJ)J+224
j  org.eclipse.swt.widgets.Display.cellDataProc(JJJJJ)J+25
v  ~StubRoutines::call_stub
j  org.eclipse.swt.internal.gtk.GTK.gtk_list_store_remove(JJ)V+0
j  org.eclipse.swt.widgets.Table.createColumn(Lorg/eclipse/swt/widgets/TableColumn;I)V+409
j  org.eclipse.swt.widgets.Table.createItem(Lorg/eclipse/swt/widgets/TableColumn;I)V+95
j  org.eclipse.swt.widgets.TableColumn.createWidget(I)V+6
j  org.eclipse.swt.widgets.TableColumn.<init>(Lorg/eclipse/swt/widgets/Table;I)V+24
j  Bug573932_JvmCrash_TableColumn.lambda$main$1(Lorg/eclipse/swt/widgets/Table;Lorg/eclipse/swt/widgets/Event;)V+10
j  Bug573932_JvmCrash_TableColumn$$Lambda$30.handleEvent(Lorg/eclipse/swt/widgets/Event;)V+5
j  org.eclipse.swt.widgets.EventTable.sendEvent(Lorg/eclipse/swt/widgets/Event;)V+218
j  org.eclipse.swt.widgets.Display.sendEvent(Lorg/eclipse/swt/widgets/EventTable;Lorg/eclipse/swt/widgets/Event;)V+12
j  org.eclipse.swt.widgets.Widget.sendEvent(Lorg/eclipse/swt/widgets/Event;)V+26
j  org.eclipse.swt.widgets.Display.runDeferredEvents()Z+96
J 738 c1 org.eclipse.swt.widgets.Display.readAndDispatch()Z (90 bytes) @ 0x00007fd950f31124 [0x00007fd950f30b80+0x00000000000005a4]
j  Bug573932_JvmCrash_TableColumn.main([Ljava/lang/String;)V+156
v  ~StubRoutines::call_stub

siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x0000000000000030
--------

    


    


      



        
          Comment 2
        

        
          Alexandr Miloslavskiy CLA

        

        
        

        
          2021-06-02 18:10:53 EDT
        

      






Another way to crash is to add 'SetData' listener and call 'TableItem.getBoundsinPixels()' from it.

    


    


      



        
          Comment 3
        

        
          Alexandr Miloslavskiy CLA

        

        
        

        
          2021-08-07 13:21:44 EDT
        

      






The problem develops as follows:

 1) User's code inserts a new column
 2) SWT finds that it needs to resize model in 'Table.createColumn()'
 3) 'Table.createColumn()' calls 'GTK.gtk_list_store_remove()' for item #0
 4) GTK fires 'row-deleted' signal
 5) GTK wants to update the next surviving item
    GTK sees it as item #0, because SWT just deleted previous item #0
    SWT however knows this as item#1, because deletion is merely
        due to rebuilding model
 6) GTK eventually calls 'Table.cellDataProc()'
 7) 'Table.cellDataProc()' calls 'gtk_tree_model_get_path()' to get item's index
 8) GTK returns #0 (see explanation in point 5)
 9) SWT translates it to 'TableItem' #0 which has dead handle (see point 3)
10) SWT sends 'SWT.SetData' to user's code
11) User's code does 'TableItem.setText()'
12) GTK crashes because 'TableItem.handle' is dead (see point 3).

    


    


      



        
          Comment 4
        

        
          Eclipse Genie CLA

        

        
        

        
          2021-09-01 16:27:06 EDT
        

      






New Gerrit change created: https://git.eclipse.org/r/c/platform/eclipse.platform.swt/+/184895

    


    


      



        
          Comment 5
        

        
          Eclipse Genie CLA

        

        
        

        
          2021-09-01 18:13:47 EDT
        

      






New Gerrit change created: https://git.eclipse.org/r/c/platform/eclipse.platform.swt/+/184897