Comment 9 for bug 1667227

Bug can be detected by "Gtk-CRITICAL **: gtk_widget_get_toplevel: assertion 'GTK_IS_WIDGET (widget)' failed" messages, when mate-terminal or gnome-terminal are started from another console (with option --disable-factory) and keyboard shortcuts are edited.
I have such messages with gtk+3 (upstream) versions 3.16.7, 3.18.9, 3.20.9, 3.22.8; valgrind can detect invalid reads (use after free) from window_group_cleanup_grabs -> gtk_widget_get_toplevel.

Simple, but potentially incorrect patch corrects this bug (both Gtk-CRITICAL messages and valgrind detections/SIGSEGVs) in mate-terminal and gnome-terminal (bug #1667232). It is tested with gtk+3 3.16.7, 3.18.9, 3.20.9, 3.22.8.
Just call _gtk_window_group_remove_grab from gtkmain.c:gtk_grab_remove twice, additional call with default window group, to clear all possible references to the widget from the grabs list:

diff --git a/gtk/gtkmain.c b/gtk/gtkmain.c
index 3152971256..681cb2bec9 100644
--- a/gtk/gtkmain.c
+++ b/gtk/gtkmain.c
@@ -2274,6 +2274,9 @@ gtk_grab_remove (GtkWidget *widget)

       group = gtk_main_get_window_group (widget);
       _gtk_window_group_remove_grab (group, widget);
+ // quick workaround for lp #1667227, lp #1667232
+ _gtk_window_group_remove_grab (gtk_window_get_group (NULL), widget);
+
       new_grab_widget = gtk_window_group_get_current_grab (group);

       gtk_grab_notify (group, NULL, widget, new_grab_widget, FALSE);