xdg-portal-gtk crashes if a RemoteDesktop request is received after the session is closed

flatpak / xdg-desktop-portal-gtk

Gtk implementation of xdg-desktop-portal

GNU Lesser General Public License v2.1

129 stars 102 forks source link

Summary

This is a corollary of https://github.com/flatpak/xdg-desktop-portal/issues/508

If a client sends a RemoteDesktop request such as NotifyPointerMotion after the session is closed from the service side, xdg-desktop-portal-gtk segfaults.

Steps to reproduce

Same as https://github.com/flatpak/xdg-desktop-portal/issues/508

Save https://gitlab.gnome.org/snippets/1122 as xdp-pointer-events.py
Run python xdp-pointer-events.py
Select pointer in the list
Click [Share] to start the RemoteDesktop session
From gnome-shell, select "Screen is being shared" → "Turn off" to terminate terminate the session

Actual results

xdg-desktop-portal-gtk segfaults with the following backtrace: xdg-portal-gtk-crash.txt

Expected results

No crash - Either xdg-portal or xdg-portal-gtk should do some sanity checks on the session state.

Program terminated with signal SIGSEGV, Segmentation fault. #0 0x0000560d74095b1d in handle_notify_pointer_motion (object=0x560d75e8ee10, invocation=0x560d75ec71f0, arg_session_handle=<optimized out>, arg_options=<optimized out>, dx=0, dy=1) at src/remotedesktop.c:612 612 org_gnome_mutter_remote_desktop_session_call_notify_pointer_motion_relative (proxy, (gdb) list 607 608 remote_desktop_session = 609 (RemoteDesktopSession *)lookup_session (arg_session_handle); 610 proxy = remote_desktop_session->mutter_session_proxy; 611 612 org_gnome_mutter_remote_desktop_session_call_notify_pointer_motion_relative (proxy, 613 dx, dy, 614 NULL, NULL, NULL); 615 616 xdp_impl_remote_desktop_complete_notify_pointer_motion (object, invocation); (gdb) p proxy Cannot access memory at address 0x48 (gdb) p remote_desktop_session $1 = (RemoteDesktopSession *) 0x0

flatpak / xdg-desktop-portal-gtk