Comment 7 for bug 1667227

When shortcut is changing, keypress handler gtk_cell_editable_event_box_key_press_event calls gtk_grab_remove, but _gtk_window_group_remove_grab tries to remove grab from wrong window_group (not the group used to add grab in gtk_grab_add -> _gtk_window_group_add_grab).
Grab remove fails and stale pointer is kept in grab lists of original group. With valgrind I see errors on access with this stale pointer:

==21822== Invalid read of size 8
==21822== at 0x578DEFF: window_group_cleanup_grabs (gtkwindowgroup.c:111)
==21822== by 0x578E38C: gtk_window_group_add_window (gtkwindowgroup.c:176)
==21822== by 0x577AD36: gtk_window_set_transient_for (gtkwindow.c:3332)
==21822== by 0x56FCD22: gtk_tooltip_set_last_window (gtktooltip.c:808)
==21822== by 0x56FE9C9: gtk_tooltip_handle_event_internal (gtktooltip.c:1432)
==21822== by 0x56FE934: _gtk_tooltip_handle_event (gtktooltip.c:1413)
==21822== by 0x55811E2: gtk_main_do_event (gtkmain.c:1938)
==21822== by 0x5D34548: _gdk_event_emit (gdkevents.c:73)
==21822== by 0x5D7ABD1: gdk_event_source_dispatch (gdkeventsource.c:367)
==21822== by 0x6F65177: g_main_dispatch (gmain.c:3203)
==21822== by 0x6F660BA: g_main_context_dispatch (gmain.c:3856)
==21822== by 0x6F662AE: g_main_context_iterate (gmain.c:3929)
==21822== Address 0x16279328 is 344 bytes inside a block of size 416 free'd
==21822== at 0x4C2DD5B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21822== by 0x6F6D990: g_free (gmem.c:189)
==21822== by 0x6F88997: g_slice_free1 (gslice.c:1136)
==21822== by 0x6CEAE5D: g_type_free_instance (gtype.c:1937)
==21822== by 0x6CD4F15: g_object_unref (gobject.c:3196)
==21822== by 0x5784A47: gtk_window_propagate_key_event (gtkwindow.c:8141)
==21822== by 0x5784AA0: gtk_window_key_press_event (gtkwindow.c:8159)
==21822== by 0x5583B9C: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:131)
==21822== by 0x6CC8CC7: g_type_class_meta_marshalv (gclosure.c:1024)
==21822== by 0x6CC8849: _g_closure_invoke_va (gclosure.c:867)
==21822== by 0x6CE40E2: g_signal_emit_valist (gsignal.c:3300)
==21822== by 0x6CE52FE: g_signal_emit (gsignal.c:3447)
==21822== Block was alloc'd at
==21822== at 0x4C2CB2F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21822== by 0x6F6D827: g_malloc (gmem.c:94)
==21822== by 0x6F8875B: g_slice_alloc (gslice.c:1025)
==21822== by 0x6F8879B: g_slice_alloc0 (gslice.c:1051)
==21822== by 0x6CEA95E: g_type_create_instance (gtype.c:1839)
==21822== by 0x6CD135B: g_object_new_internal (gobject.c:1783)
==21822== by 0x6CD20D1: g_object_new_valist (gobject.c:2042)
==21822== by 0x6CD0F44: g_object_new (gobject.c:1626)
==21822== by 0x543ABB9: gtk_cell_editable_event_box_new (gtkcellrendereraccel.c:803)

Wrong gtk_grab_remove was called from the gtk_window_propagate_key_event:
==21822== by 0x578EE1B: _gtk_window_group_remove_grab (gtkwindowgroup.c:291)
==21822== by 0x5581ABE: gtk_grab_remove (gtkmain.c:2285)
==21822== by 0x543A56A: gtk_cell_editable_event_box_key_press_event (gtkcellrendereraccel.c:645)
==21822== by 0x5583B9C: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:131)
==21822== by 0x6CC8CC7: g_type_class_meta_marshalv (gclosure.c:1024)
==21822== by 0x6CC8849: _g_closure_invoke_va (gclosure.c:867)
==21822== by 0x6CE40E2: g_signal_emit_valist (gsignal.c:3300)
==21822== by 0x6CE52FE: g_signal_emit (gsignal.c:3447)
==21822== by 0x575F9BD: gtk_widget_event_internal (gtkwidget.c:7723)
==21822== by 0x575ED7F: gtk_widget_event (gtkwidget.c:7293)
==21822== by 0x57849C4: gtk_window_propagate_key_event (gtkwindow.c:8126)