Ubuntu gtk leaks references in GtkTreeView / GtTreeModelSort which cause segfault in bluefish

[Impact]
<fill me in with explanation of severity and frequency of bug on users and justification for backporting the fix to the stable release>

[Development Fix]
<fill me in with an explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix. >

[Stable Fix]
<fill me in by pointing out a minimal patch applicable to the stable version of the package.>

[Text Case]
<fill me in with detailed *instructions* on how to reproduce the bug. This will be used by people later on to verify the updated package fixes the problem.>
1.
2.
3.
Broken Behavior:
Fixed Behavior:

[Regression Potential]
<fill me in with a discussion of likelihood and potential severity of regressions and how users could get inadvertently affected.

[Original Report]

In Bluefish we get a lot of bugreports from users on Ubuntu 11.10 that have a segfault and all backtraces have something weird: a GtkTreeModelSort is calling it's sort function after the model has been unreffed by bluefish already.

This behaviour cannot be reproduced on Fedora 16 which also has Gtk-3.2.

Checking with libgobject-list (from http://people.gnome.org/~mortenw/gobject-list.c) reveals that on Ubuntu there is a GtkTreeModelSort leaking, that is not leaking on Fedora 16.

After a gdb breakpoint g_object_ref and g_object_unref with a condition object == 0x123123123 (the pointer of the GtkTreeModelSort) and doing a backtrace for each break, I found which function does not clean it's reference count:

Breakpoint 2, g_object_ref (object=0xaebbb0) at gobject-list.c:642
642 GObject *obj = G_OBJECT (object);
#0 g_object_ref (object=0xaebbb0) at gobject-list.c:642
#1 0x00007ffff7548abd in gtk_tree_row_reference_new_proxy (proxy=0xaebbb0,
    model=0xaebbb0, path=0x1942660)
    at /build/buildd/gtk+3.0-3.2.0/./gtk/gtktreemodel.c:2300
#2 0x00007ffff75dae49 in cell_info_new (accessible=0x196f820, tree_model=0xaebbb0,
    path=0x1942660, tv_col=0x746bc0, cell=0x1908dc0)
    at /build/buildd/gtk+3.0-3.2.0/./gtk/a11y/gtktreeviewaccessible.c:3227
#3 0x00007ffff75de929 in gtk_tree_view_accessible_ref_child (obj=0x196f820, i=18)
    at /build/buildd/gtk+3.0-3.2.0/./gtk/a11y/gtktreeviewaccessible.c:563
#4 0x00007ffff75de608 in focus_in (widget=0xaba3c0)
    at /build/buildd/gtk+3.0-3.2.0/./gtk/a11y/gtktreeviewaccessible.c:1939
#5 0x00007ffff7456f08 in _gtk_marshal_BOOLEAN__BOXED (closure=0x1930ca0,
    return_value=0x7fffffffd640, n_param_values=<optimized out>, param_values=0x1720980,
    invocation_hint=<optimized out>, marshal_data=<optimized out>)
    at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmarshalers.c:85
#6 0x00007ffff61d00a4 in g_closure_invoke (closure=0x1930ca0,
    return_value=0x7fffffffd640, n_param_values=2, param_values=0x1720980,
    invocation_hint=<optimized out>)
    at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c:774
#7 0x00007ffff61e202a in signal_emit_unlocked_R (node=<optimized out>, detail=0,
    instance=0xaba3c0, emission_return=0x7fffffffd7a0, instance_and_params=0x1720980)
    at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3272
#8 0x00007ffff61eb483 in g_signal_emit_valist (instance=<optimized out>,
    signal_id=<optimized out>, detail=<optimized out>, var_args=<optimized out>)
    at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3013
#9 0x00007ffff61eb852 in g_signal_emit (instance=<optimized out>,
    signal_id=<optimized out>, detail=<optimized out>)
    at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3060
#10 0x00007ffff7584fe9 in gtk_widget_event_internal (widget=0xaba3c0, event=0x1912930)
    at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwidget.c:6132
#11 0x00007ffff7591492 in gtk_widget_send_focus_change (widget=0xaba3c0, event=0x1912930)
    at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwidget.c:14204
#12 0x00007ffff75968d0 in do_focus_change (widget=0xaba3c0, in=1)
    at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:6009
#13 0x00007ffff75a2149 in _gtk_window_set_is_active (window=0x6fa170, is_active=1)
    at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:9377
#14 0x00007ffff75a25ea in gtk_window_focus_in_event (widget=0x6fa170,
    event=<optimized out>) at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:6063
#15 gtk_window_focus_in_event (widget=0x6fa170, event=<optimized out>)
    at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwindow.c:6049
#16 0x00007ffff7456f08 in _gtk_marshal_BOOLEAN__BOXED (closure=0x6d5a90,
    return_value=0x7fffffffdb80, n_param_values=<optimized out>, param_values=0x1944010,
    invocation_hint=<optimized out>, marshal_data=<optimized out>)
    at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmarshalers.c:85
#17 0x00007ffff61d00a4 in g_closure_invoke (closure=0x6d5a90,
    return_value=0x7fffffffdb80, n_param_values=2, param_values=0x1944010,
    invocation_hint=<optimized out>)
    at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c:774
#18 0x00007ffff61e1e5f in signal_emit_unlocked_R (node=<optimized out>, detail=0,
    instance=0x6fa170, emission_return=0x7fffffffdce0, instance_and_params=0x1944010)
    at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3310
#19 0x00007ffff61eb483 in g_signal_emit_valist (instance=<optimized out>,
    signal_id=<optimized out>, detail=<optimized out>, var_args=<optimized out>)
    at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3013
#20 0x00007ffff61eb852 in g_signal_emit (instance=<optimized out>,
    signal_id=<optimized out>, detail=<optimized out>)
    at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3060
#21 0x00007ffff7584fe9 in gtk_widget_event_internal (widget=0x6fa170, event=0x1912bb0)
    at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkwidget.c:6132
#22 0x00007ffff7456da3 in gtk_main_do_event (event=0x1912bb0)
    at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmain.c:1835
#23 0x00007ffff70cf102 in gdk_event_source_dispatch (source=<optimized out>,
    callback=<optimized out>, user_data=<optimized out>)
    at /build/buildd/gtk+3.0-3.2.0/./gdk/x11/gdkeventsource.c:360
#24 0x00007ffff55a0a5d in g_main_dispatch (context=0x709090)
    at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:2441
#25 g_main_context_dispatch (context=0x709090)
    at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3011
#26 0x00007ffff55a1258 in g_main_context_iterate (context=0x709090,
    block=<optimized out>, dispatch=1, self=<optimized out>)
    at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3089
#27 0x00007ffff55a1792 in g_main_loop_run (loop=0x7fde50)
    at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3297
#28 0x00007ffff7455ecd in gtk_main () at /build/buildd/gtk+3.0-3.2.0/./gtk/gtkmain.c:1367
#29 0x0000000000422aff in main (argc=1, argv=0x7fffffffe218) at bluefish.c:402

I don't know what causes this leak. It might be Ubuntu specific patches on gtk, the gtk theme that Ubuntu is using, or accesibility settings that default to a different value on Ubuntu (both on Ubuntu and Fedora I did not change any accessibility option from the default setting).