Poedit crashes on wayland when using gtk3 built-in text-input-v3 implementation due to gdk_display_sync

[wengxt]

Description

We observed a crash triggered by wx widgets usage of gdk_display_sync call.

To reproduce:

1. use kwin wayland preferablly 5.27
2. install fcitx5 open virtual keyboard kcm, select fcitx5
3. unset GTK_IM_MODULE
4. install fcitx5-configtool and add some input method with fcitx5-config-qt, e.g. install fcitx5-rime and add rime
5. open poedit and a po file
6. remove all text in the translated text field, then type in the translated text and commit some text with input method

Basically this is what happened:

1. text-input-v3 implementation in Gtk receives wayland event

zwp_text_input_v3@37.commit_string("啊")
zwp_text_input_v3@37.done(4)

7. it triggers text_input_commit_apply and triggers a text input buffer text commit signal
8. this signal eventually calls into wxWindow::Update() which calls gdk_display_sync
9. This causes wl_display_dispatch_queue_pending is being called twice on the stack, the text input event being handled twice and leaves a invalid GtkTextIter when returns back

Relevant stack, as you can see wl_display_dispatch_queue_pending appears twice. Some other project also had similar issue about re-entry wl_display_dispatch_queue_pending before, e.g. firefox https://bugzilla.mozilla.org/show_bug.cgi?id=1648698

#0  au_insert_text_callback(GtkTextBuffer*, GtkTextIter*, gchar*, gint, wxTextCtrl*)
    (buffer=0x5555566b0780, end=0x7fffffffa930, text=0x55555661ad10 "啊", len=3, win=0x5555566afed0)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/gtk/textctrl.cpp:553
#1  0x00007ffff5298571 in _gtk_marshal_VOID__BOXED_STRING_INT
    (closure=0x5555566c18f0, return_value=0x0, n_param_values=4, param_values=0x7fffffffa580, invocation_hint=0x7fffffffa500, marshal_data=0x0) at gtk/gtkmarshalers.c:3468
#2  0x00007ffff6db26c0 in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#3  0x00007ffff6de0cbb in  () at /usr/lib/libgobject-2.0.so.0
#4  0x00007ffff6dd1aa7 in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#5  0x00007ffff6dd1d34 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#6  0x00007ffff55b0e4f in gtk_text_buffer_emit_insert (buffer=0x5555566b0780, iter=0x7fffffffa930, text=0x55555661ad10 "啊", len=3) at ../gtk/gtk/gtktextbuffer.c:937
#7  0x00007ffff55b1234 in gtk_text_buffer_insert_interactive (buffer=0x5555566b0780, iter=0x7fffffffa930, text=0x55555661ad10 "啊", len=-1, default_editable=1)
    at ../gtk/gtk/gtktextbuffer.c:1029
#8  0x00007ffff55b139a in gtk_text_buffer_insert_interactive_at_cursor (buffer=0x5555566b0780, text=0x55555661ad10 "啊", len=-1, default_editable=1)
    at ../gtk/gtk/gtktextbuffer.c:1067
#9  0x00007ffff55f9caa in gtk_text_view_commit_text (text_view=0x5555566b0b00, str=0x55555661ad10 "啊") at ../gtk/gtk/gtktextview.c:9144
#10 0x00007ffff55f9adb in gtk_text_view_commit_handler (context=0x5555566b0df0, str=0x55555661ad10 "啊", text_view=0x5555566b0b00) at ../gtk/gtk/gtktextview.c:9103
#11 0x00007ffff6db0fc0 in g_cclosure_marshal_VOID__STRINGv () at /usr/lib/libgobject-2.0.so.0
#12 0x00007ffff6dd0cfe in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#13 0x00007ffff6dd1f60 in g_signal_emit_by_name () at /usr/lib/libgobject-2.0.so.0
#14 0x00007ffff5474ac5 in gtk_im_multicontext_commit_cb (slave=0x5555566c4050, str=0x55555679ef50 "啊", multicontext=0x5555566b0df0) at ../gtk/gtk/gtkimmulticontext.c:529
#15 0x00007ffff6db2626 in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#16 0x00007ffff6de0938 in  () at /usr/lib/libgobject-2.0.so.0
#17 0x00007ffff6dd1aa7 in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#18 0x00007ffff6dd1f60 in g_signal_emit_by_name () at /usr/lib/libgobject-2.0.so.0
#19 0x00007fffd8f70ba6 in text_input_commit_apply (global=0x5555560af930) at ../gtk/modules/input/imwayland.c:227
#20 0x00007fffd8f70dba in text_input_done (data=0x5555560af930, text_input=0x5555560f1310, serial=4) at ../gtk/modules/input/imwayland.c:304
#21 0x00007ffff475f4f6 in  () at /usr/lib/libffi.so.8
#22 0x00007ffff475bf5e in  () at /usr/lib/libffi.so.8
#23 0x00007ffff475eb73 in ffi_call () at /usr/lib/libffi.so.8
#24 0x00007fffebd74645 in  () at /usr/lib/libwayland-client.so.0
#25 0x00007fffebd74e73 in  () at /usr/lib/libwayland-client.so.0
#26 0x00007fffebd7513c in wl_display_dispatch_queue_pending () at /usr/lib/libwayland-client.so.0
#27 0x00007fffebd77cf0 in wl_display_roundtrip_queue () at /usr/lib/libwayland-client.so.0
--Type <RET> for more, q to quit, c to continue without paging--
#28 0x00007fffef35592a in gdk_wayland_display_sync (display=0x5555559a5450) at ../gtk/gdk/wayland/gdkdisplay-wayland.c:813
#29 0x00007fffef30c02f in gdk_display_sync (display=0x5555559a5450) at ../gtk/gdk/gdkdisplay.c:1691
#30 0x00007ffff79e143c in wxWindow::Update() (this=0x555555b6a460) at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/gtk/window.cpp:5202
#31 0x00007ffff7a15db6 in wxStatusBar::DoUpdateStatusText(int) (this=0x555555b6a460, number=0)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/generic/statusbr.cpp:166
#32 0x00007ffff780611f in wxStatusBarBase::SetStatusText(wxString const&, int) (this=0x555555b6a460, text=..., number=0)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/statbar.cpp:262
#33 0x00005555556f4c27 in  ()
#34 0x00005555556fd090 in  ()
#35 0x000055555571ab35 in  ()
#36 0x00007ffff6f3f33d in wxAppConsoleBase::CallEventHandler(wxEvtHandler*, wxEventFunctor&, wxEvent&) const
    (this=0x55555599ce80, handler=0x5555566afed0, functor=..., event=...) at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/appbase.cpp:675
#37 0x00007ffff7042f8c in wxEvtHandler::ProcessEventIfMatchesId(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) (entry=..., handler=0x5555566afed0, event=...)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/event.cpp:1431
#38 0x00007ffff7043d84 in wxEvtHandler::SearchDynamicEventTable(wxEvent&) (this=0x5555566afed0, event=...)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/event.cpp:1901
#39 0x00007ffff704346a in wxEvtHandler::TryHereOnly(wxEvent&) (this=0x5555566afed0, event=...)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/event.cpp:1624
#40 0x00007ffff7045047 in wxEvtHandler::TryBeforeAndHere(wxEvent&) (this=0x5555566afed0, event=...)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/include/wx/event.h:4007
#41 0x00007ffff70432a5 in wxEvtHandler::ProcessEventLocally(wxEvent&) (this=0x5555566afed0, event=...)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/event.cpp:1561
#42 0x00007ffff704323c in wxEvtHandler::ProcessEvent(wxEvent&) (this=0x5555566afed0, event=...)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/event.cpp:1534
#43 0x00007ffff7043563 in wxEvtHandler::SafelyProcessEvent(wxEvent&) (this=0x5555566afed0, event=...)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/event.cpp:1650
#44 0x00007ffff782ecba in wxWindowBase::HandleWindowEvent(wxEvent&) const (this=0x5555566afed0, event=...)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/wincmn.cpp:1553
#45 0x00007ffff781d219 in wxTextEntryBase::SendTextUpdatedEvent(wxWindow*) (win=0x5555566afed0)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/textentrycmn.cpp:461
#46 0x00007ffff7eb4303 in wxTextEntryBase::SendTextUpdatedEvent() (this=0x5555566b0438)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/include/wx/textentry.h:190
#47 0x00007ffff7a611f9 in wxTextCtrl::GTKOnTextChanged() (this=0x5555566afed0) at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/gtk/textctrl.cpp:1550
--Type <RET> for more, q to quit, c to continue without paging--
#48 0x00007ffff7a652a5 in wx_gtk_text_changed_callback(GtkWidget*, wxTextEntry*) (entry=0x5555566b0438)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/gtk/textentry.cpp:151
#49 0x00007ffff6db26c0 in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#50 0x00007ffff6de0938 in  () at /usr/lib/libgobject-2.0.so.0
#51 0x00007ffff6dd1aa7 in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#52 0x00007ffff6dd1d34 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#53 0x00007ffff55b0ca9 in gtk_text_buffer_real_insert_text (buffer=0x5555566b0780, iter=0x7fffffffc920, text=0x555555a15790 "啊", len=3) at ../gtk/gtk/gtktextbuffer.c:916
#54 0x00007ffff5298571 in _gtk_marshal_VOID__BOXED_STRING_INT
    (closure=0x5555566441c0, return_value=0x0, n_param_values=4, param_values=0x7fffffffc570, invocation_hint=0x7fffffffc4f0, marshal_data=0x7ffff55b0baa <gtk_text_buffer_real_insert_text>) at gtk/gtkmarshalers.c:3468
#55 0x00007ffff6db26c0 in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#56 0x00007ffff6de0e79 in  () at /usr/lib/libgobject-2.0.so.0
#57 0x00007ffff6dd1aa7 in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#58 0x00007ffff6dd1d34 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#59 0x00007ffff55b0e4f in gtk_text_buffer_emit_insert (buffer=0x5555566b0780, iter=0x7fffffffc920, text=0x555555a15790 "啊", len=3) at ../gtk/gtk/gtktextbuffer.c:937
#60 0x00007ffff55b1234 in gtk_text_buffer_insert_interactive (buffer=0x5555566b0780, iter=0x7fffffffc920, text=0x555555a15790 "啊", len=-1, default_editable=1)
    at ../gtk/gtk/gtktextbuffer.c:1029
#61 0x00007ffff55b139a in gtk_text_buffer_insert_interactive_at_cursor (buffer=0x5555566b0780, text=0x555555a15790 "啊", len=-1, default_editable=1)
    at ../gtk/gtk/gtktextbuffer.c:1067
#62 0x00007ffff55f9caa in gtk_text_view_commit_text (text_view=0x5555566b0b00, str=0x555555a15790 "啊") at ../gtk/gtk/gtktextview.c:9144
#63 0x00007ffff55f9adb in gtk_text_view_commit_handler (context=0x5555566b0df0, str=0x555555a15790 "啊", text_view=0x5555566b0b00) at ../gtk/gtk/gtktextview.c:9103
#64 0x00007ffff6db0fc0 in g_cclosure_marshal_VOID__STRINGv () at /usr/lib/libgobject-2.0.so.0
#65 0x00007ffff6dd1bc9 in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#66 0x00007ffff6dd1f60 in g_signal_emit_by_name () at /usr/lib/libgobject-2.0.so.0
#67 0x00007ffff5474ac5 in gtk_im_multicontext_commit_cb (slave=0x5555566c4050, str=0x55555625d960 "啊", multicontext=0x5555566b0df0) at ../gtk/gtk/gtkimmulticontext.c:529
#68 0x00007ffff6db26c0 in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#69 0x00007ffff6de0938 in  () at /usr/lib/libgobject-2.0.so.0
#70 0x00007ffff6dd1aa7 in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#71 0x00007ffff6dd1f60 in g_signal_emit_by_name () at /usr/lib/libgobject-2.0.so.0
#72 0x00007fffd8f70ba6 in text_input_commit_apply (global=0x5555560af930) at ../gtk/modules/input/imwayland.c:227
#73 0x00007fffd8f70dba in text_input_done (data=0x5555560af930, text_input=0x5555560f1310, serial=4) at ../gtk/modules/input/imwayland.c:304
#74 0x00007ffff475f4f6 in  () at /usr/lib/libffi.so.8
#75 0x00007ffff475bf5e in  () at /usr/lib/libffi.so.8
--Type <RET> for more, q to quit, c to continue without paging--
#76 0x00007ffff475eb73 in ffi_call () at /usr/lib/libffi.so.8
#77 0x00007fffebd74645 in  () at /usr/lib/libwayland-client.so.0
#78 0x00007fffebd74e73 in  () at /usr/lib/libwayland-client.so.0
#79 0x00007fffebd7513c in wl_display_dispatch_queue_pending () at /usr/lib/libwayland-client.so.0
#80 0x00007fffef35897a in _gdk_wayland_display_queue_events (display=0x5555559a5450) at ../gtk/gdk/wayland/gdkeventsource.c:201
#81 0x00007fffef309c5a in gdk_display_get_event (display=0x5555559a5450) at ../gtk/gdk/gdkdisplay.c:442
#82 0x00007fffef358781 in gdk_event_source_dispatch (base=0x5555559c4610, callback=0x0, data=0x0) at ../gtk/gdk/wayland/gdkeventsource.c:120
#83 0x00007ffff5f0fa31 in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#84 0x00007ffff5f6ccc9 in  () at /usr/lib/libglib-2.0.so.0
#85 0x00007ffff5f0efef in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#86 0x00007ffff54a1022 in gtk_main () at ../gtk/gtk/gtkmain.c:1329
#87 0x00007ffff79b4977 in wxGUIEventLoop::DoRun() (this=0x5555560bc5a0) at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/gtk/evtloop.cpp:61
#88 0x00007ffff6f7cd54 in wxEventLoopBase::Run() (this=0x5555560bc5a0) at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/evtloopcmn.cpp:87
#89 0x00007ffff6f3e6ca in wxAppConsoleBase::MainLoop() (this=0x55555599ce80) at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/appbase.cpp:381
#90 0x00007ffff6f3e40f in wxAppConsoleBase::OnRun() (this=0x55555599ce80) at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/appbase.cpp:303
#91 0x00007ffff76dcecd in wxAppBase::OnRun() (this=0x55555599ce80) at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/appcmn.cpp:334
#92 0x00007ffff6fb8849 in wxEntry(int&, wchar_t**) (argc=@0x7ffff714a484: 1, argv=0x55555599ce20)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/init.cpp:508
#93 0x00007ffff6fb8936 in wxEntry(int&, char**) (argc=@0x7fffffffdaac: 1, argv=0x7fffffffdbc8)
    at /home/csslayer/Develop/build/wxwidgets/src/wxWidgets-3.2.2.1/src/common/init.cpp:520
#94 0x000055555564be27 in  ()
#95 0x00007ffff4a27cd0 in  () at /usr/lib/libc.so.6
#96 0x00007ffff4a27d8a in __libc_start_main () at /usr/lib/libc.so.6
#97 0x0000555555650005 in  ()

Platform and version information

• wxWidgets version you use: 3.2.2.1
• wxWidgets port you use: wxGTK
• OS and its version: Archlinux

• GTK version: 3.24.38
• Which GDK Wayland

I tried simply removing gdk_display_sync in wxWidgets-3.2.2.1/src/gtk/window.cpp may prevent the crash, but not sure whether that's a right fix and won't cause issues.