From fb48e023d2959b5596eae54728c689264ffabdbd Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Tue, 10 Aug 2010 00:31:46 -0400
Subject: [PATCH] Fix a sporadic segfault in treeview keynav

If a a treeview has frequent periodic additions and removals of
rows, it is possible that a page down keypress moves the cursor
out of the height of the treeview. In some of these cases, we
can be tricked into dereferencing a  NULL pointer.

Bug 612919.
---
 gtk/gtktreeview.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/gtk/gtktreeview.c b/gtk/gtktreeview.c
index 444a81a7f4..7bbb4e4d4a 100644
--- a/gtk/gtktreeview.c
+++ b/gtk/gtktreeview.c
@@ -9822,6 +9822,13 @@ gtk_tree_view_move_cursor_page_up_down (GtkTreeView *tree_view,
     _gtk_rbtree_find_offset (tree_view->priv->tree, y,
 			     &cursor_tree, &cursor_node);
 
+  if (cursor_tree == NULL)
+    {
+      /* FIXME: we lost the cursor.  Should we try to get one? */
+      gtk_tree_path_free (old_cursor_path);
+      return;
+    }
+
   if (tree_view->priv->cursor_offset > BACKGROUND_HEIGHT (cursor_node))
     {
       _gtk_rbtree_next_full (cursor_tree, cursor_node,