ComboBox: Use iter before popdown() may invalidate

Bad actors, such as our very own FileChooserButton, may connect to the
:popped-up property and alter the model as the menu becomes in/visible.

We were getting an iter to the model while popped-up, then doing
popdown(), then using the iter, which may have just been invalidated by
the errant notify::popped-up handler. If so, we quickly crash fatally.

This is clearly bonkers, but until such patterns are removed, we have to
work around them. So, set_active() from the clicked item while it is
known to be valid, by moving the call to set_active() before popdown().

While here, change set_active_iter(iter) to set_active_internal(path) to
avoid pointlessly going through the iter to get the path we already have

https://bugzilla.gnome.org/show_bug.cgi?id=729651

diff --git a/gtk/gtkcombobox.c b/gtk/gtkcombobox.c
index a661c6974d170aad5a908150abdbdabc260f35ef..1bac65977a74432434895689e2a2edb56912bb10 100644 (file)
--- a/gtk/gtkcombobox.c
+++ b/gtk/gtkcombobox.c
@@ -3235,13 +3235,17 @@ gtk_combo_box_list_button_released (GtkWidget      *widget,
     return TRUE; /* clicked outside window? */
 
   gtk_tree_model_get_iter (priv->model, &iter, path);
+
+  /* Use iter before popdown, as mis-users like GtkFileChooserButton alter the
+   * model during notify::popped-up, which means the iterator becomes invalid.
+   */
+  if (tree_column_row_is_sensitive (combo_box, &iter))
+    gtk_combo_box_set_active_internal (combo_box, path);
+
   gtk_tree_path_free (path);
 
   gtk_combo_box_popdown (combo_box);
 
-  if (tree_column_row_is_sensitive (combo_box, &iter))
-    gtk_combo_box_set_active_iter (combo_box, &iter);
-
   return TRUE;
 }