| |
Hello
Describe the bug
This issue was reported in the fltk-rs issue tracker with some detail here:
fltk-rs/fltk-rs#1544
I was able to create a minimal repro and illicit the bug. I think it arises from the Fl_Tree::handle method. It checks if (!_root) return ret; before switching on the event. However it seems the call to if (Fl::visible_focus() && handle(FL_FOCUS)) Fl::focus(this); in the FL_PUSH case might result in a null _root pointer if another widget clears the tree in its FL_UNFOCUS case.
Adding another if ( ! _root ) return(ret); after if (Fl::visible_focus() && handle(FL_FOCUS)) Fl::focus(this); appears to subvert the issue.
To Reproduce
Build the following program:
#include <FL/Enumerations.H>
#include <FL/Fl_Tree.H>
#include <FL/Fl_Double_Window.H>
#include <FL/Fl_Input.H>
#include <FL/Fl.H>
Fl_Tree *TREE = NULL;
struct MyInput: public Fl_Input {
MyInput(int x, int y, int w, int h): Fl_Input(x, y, w, h, NULL) {}
int handle(int e) {
int ret = Fl_Input::handle(e);
switch (e) {
case FL_UNFOCUS: {
TREE->clear();
return 1;
}
}
return ret;
}
};
int main() {
auto *w = new Fl_Double_Window(400, 300);
auto *i = new MyInput(0, 0, 400, 40);
TREE = new Fl_Tree(0, 40, 400, 260);
w->end();
w->show();
TREE->add("Hello");
TREE->add("world");
return Fl::run();
}Launch the app, push the tree widget and this will result in a crash.
If you change the FL_UNFOCUS event to FL_PUSH in the MyInput handler, the program runs correctly.
Expected behavior
The application shouldn't crash.
Screenshots
N/A
FLTK Version
Please complete the following information and delete non-applicable lines:
- Version: 1.4.0
- If from Git, branch: master
FLTK Configure / Build Options
- cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DFLTK_GRAPHICS_WAYLAND=OFF
Operating System / Platform:
Kubuntu 22.04 on x86_64.
Linux/Unix Runtime, if applicable:
Additional context
Debuggin in gdb backtrace:
Thread 1 "main" received signal SIGSEGV, Segmentation fault.
0x000055555559a1f4 in Fl_Tree_Item::is_flag (this=0x0, val=2) at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/FL/Fl_Tree_Item.H:474
474 return(_flags & val ? 1 : 0);
(gdb) bt
#0 0x000055555559a1f4 in Fl_Tree_Item::is_flag(unsigned short) const (this=0x0, val=2)
at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/FL/Fl_Tree_Item.H:474
#1 0x000055555559a141 in Fl_Tree_Item::is_visible() const (this=0x0)
at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/FL/Fl_Tree_Item.H:393
#2 0x00005555555a22c1 in Fl_Tree_Item::find_clicked(Fl_Tree_Prefs const&, int) const (this=0x0, prefs=..., yonly=0)
at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl_Tree_Item.cxx:770
#3 0x00005555555a2417 in Fl_Tree_Item::find_clicked(Fl_Tree_Prefs const&, int) (this=0x0, prefs=..., yonly=0)
at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl_Tree_Item.cxx:800
#4 0x000055555559b622 in Fl_Tree::handle(int) (this=0x555555654640, e=1)
at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl_Tree.cxx:386
#5 0x000055555557b36e in send(Fl_Widget*, int) (o=0x555555654640, event=1)
at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl_Group.cxx:96
#6 0x000055555557bacb in Fl_Group::handle(int) (this=0x555555674b70, event=1)
--Type <RET> for more, q to quit, c to continue without paging--c
at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl_Group.cxx:226
#7 0x00005555555a8082 in Fl_Window::handle(int) (this=0x555555674b70, ev=1) at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl_Window.cxx:604
#8 0x000055555557255e in send_event(int, Fl_Widget*, Fl_Window*) (event=1, to=0x555555674b70, window=0x555555674b70) at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl.cxx:1194
#9 0x0000555555572793 in Fl::handle_(int, Fl_Window*) (e=1, window=0x555555674b70) at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl.cxx:1333
#10 0x000055555557261d in Fl::handle(int, Fl_Window*) (e=1, window=0x555555674b70) at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl.cxx:1282
#11 0x00005555555cac7f in fl_handle(_XEvent const&) (thisevent=...) at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl_x.cxx:2143
#12 0x00005555555c4d35 in do_queued_events() () at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl_x.cxx:117
#13 0x00005555555c510e in fd_callback(int, void*) () at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl_x.cxx:311
#14 0x00005555555e6c7b in Fl_Unix_Screen_Driver::poll_or_select_with_delay(double) (this=0x555555674ff0, time_to_wait=1e+20) at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/drivers/Unix/Fl_Unix_Screen_Driver.cxx:74
#15 0x00005555555c4df5 in Fl_X11_Screen_Driver::poll_or_select_with_delay(double) (this=0x555555674ff0, time_to_wait=1e+20) at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl_x.cxx:138
#16 0x00005555555e610a in Fl_Unix_System_Driver::wait(double) (this=0x55555565e920, time_to_wait=1e+20) at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/drivers/Unix/Fl_Unix_System_Driver.cxx:800
#17 0x0000555555571679 in Fl::wait(double) (time_to_wait=1e+20) at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl.cxx:585
#18 0x00005555555716a1 in Fl::run() () at /home/rayloom/Documents/dev/fltk-rs/fltk-sys/cfltk/fltk/src/Fl.cxx:605
#19 0x0000555555570c1c in main ()
Notice the #3 0x00005555555a2417 in Fl_Tree_Item::find_clicked(Fl_Tree_Prefs const&, int) (this=0x0, prefs=..., yonly=0) where find_clicked is called on a null pointer.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.![]() Message ID: <fltk/fltk/issues/971@github.com>
[ Direct Link to Message ] | |
