search

flatpak / xdg-desktop-portal-gtk

Gtk implementation of xdg-desktop-portal
GNU Lesser General Public License v2.1
126 stars 98 forks source link

xdg-desktop-portal-gtk crashed with SIGSEGV in g_path_is_absolute() #93

Open caravena opened 7 years ago

caravena commented 7 years ago

Hello,

Open bug in lauchpad.net https://bugs.launchpad.net/ubuntu/+source/xdg-desktop-portal-gtk/+bug/1716026

Backtrace:
#0  0x00007f6501b3fd07 in g_path_is_absolute (file_name=file_name@entry=0x4 <error: Cannot access memory at address 0x4>) at ../../../../glib/gfileutils.c:2119
No locals.
#1  0x00007f650214dea2 in canonicalize_filename (filename=filename@entry=0x4 <error: Cannot access memory at address 0x4>) at ../../../../gio/glocalfile.c:209
        canon = <optimized out>
        start = <optimized out>
        p = <optimized out>
        q = <optimized out>
        cwd = <optimized out>
        i = <optimized out>
#2  0x00007f650214fd85 in _g_local_file_new (filename=0x4 <error: Cannot access memory at address 0x4>) at ../../../../gio/glocalfile.c:307
        local = 0xcdbfe93fa0
#3  0x00007f6502af25df in gtk_file_chooser_set_current_folder (chooser=0xcdc00cabf0, filename=filename@entry=0x4 <error: Cannot access memory at address 0x4>) at ././gtk/gtkfilechooser.c:908
        file = <optimized out>
        result = <optimized out>
        __func__ = "gtk_file_chooser_set_current_folder"
#4  0x000000cdbe2b462b in handle_open (object=<optimized out>, invocation=0x7f64e80119c0, arg_handle=<optimized out>, arg_app_id=<optimized out>, arg_parent_window=<optimized out>, arg_title=<optimized out>, arg_options=0x7f64e8019190) at src/filechooser.c:458
        request = 0xcdc02cc600
        method_name = <optimized out>
        sender = <optimized out>
        action = GTK_FILE_CHOOSER_ACTION_SAVE
        multiple = 0
        modal = 1
        display = <optimized out>
        screen = <optimized out>
        dialog = 0xcdc00cabf0
        external_parent = <optimized out>
        fake_parent = 0xcdbffeefa0
        handle = 0xcdc01dc660
        cancel_label = <optimized out>
        accept_label = 0xcdbff71540 "Guardar"
        iter = 0xcdc03a7280
        current_name = 0x100000002 <error: Cannot access memory at address 0x100000002>
        path = 0x4 <error: Cannot access memory at address 0x4>
        choices = 0x0
        preview = <optimized out>
#5  0x00007f64fcfbfe18 in ffi_call_unix64 () at ../src/x86/unix64.S:76
No locals.
#6  0x00007f64fcfbf87a in ffi_call (cif=cif@entry=0x7ffff5049a80, fn=fn@entry=0xcdbe2b3bb0 <handle_open>, rvalue=<optimized out>, avalue=avalue@entry=0x7ffff5049950) at ../src/x86/ffi64.c:525
        classes = {X86_64_INTEGER_CLASS, X86_64_NO_CLASS, 4110719616, 32767}
        stack = <optimized out>
        argp = 0x7ffff5049850 "\n"
        arg_types = <optimized out>
        gprcount = 6
        ssecount = <optimized out>
        ngpr = 1
        nsse = 0
        i = <optimized out>
        avn = <optimized out>
        ret_in_memory = <optimized out>
        reg_args = <optimized out>
#7  0x00007f6501e2c799 in g_cclosure_marshal_generic (closure=0xcdbfda7ef0, return_gvalue=0x7ffff5049c50, n_param_values=<optimized out>, param_values=<optimized out>, invocation_hint=<optimized out>, marshal_data=<optimized out>) at ../../../../gobject/gclosure.c:1490
        rtype = <optimized out>
        rvalue = 0x7ffff50499f0
        n_args = 8
        atypes = <optimized out>
        i = <optimized out>
        cif = {abi = FFI_UNIX64, nargs = 8, arg_types = 0x7ffff50499a0, rtype = 0x7f64fcfc0140 <ffi_type_sint32>, bytes = 16, flags = 10}
        cc = 0xcdbfda7ef0
        enum_tmpval = <optimized out>
        tmpval_used = 0
#8  0x00007f6501e2bf9d in g_closure_invoke (closure=0xcdbfda7ef0, return_value=0x7ffff5049c50, n_param_values=7, param_values=0xcdc031ff30, invocation_hint=0x7ffff5049c30) at ../../../../gobject/gclosure.c:804
        marshal = 0x7f6501e2c590 <g_cclosure_marshal_generic>
        marshal_data = 0x0
        in_marshal = 0
        real_closure = 0xcdbfda7ed0
        __func__ = "g_closure_invoke"
#9  0x00007f6501e3ed2e in signal_emit_unlocked_R (node=node@entry=0xcdbfd95060, detail=detail@entry=0, instance=instance@entry=0xcdbff77060, emission_return=emission_return@entry=0x7ffff5049d80, instance_and_params=instance_and_params@entry=0xcdc031ff30) at ../../../../gobject/gsignal.c:3635
        tmp = <optimized out>
        handler = 0xcdbff9dd40
        accumulator = 0xcdbfd95110
        emission = {next = 0x0, instance = 0xcdbff77060, ihint = {signal_id = 204, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
        handler_list = 0xcdbff9dd40
        return_accu = 0x7ffff5049c50
        accu = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        signal_id = 204
        max_sequential_handler_number = 34388
        return_value_altered = 0
#10 0x00007f6501e46a70 in g_signal_emitv (instance_and_params=instance_and_params@entry=0xcdc031ff30, signal_id=signal_id@entry=204, detail=detail@entry=0, return_value=return_value@entry=0x7ffff5049d80) at ../../../../gobject/gsignal.c:3129
        instance = 0xcdbff77060
        __func__ = "g_signal_emitv"
#11 0x000000cdbe2bf8b3 in _xdp_impl_file_chooser_skeleton_handle_method_call (connection=<optimized out>, sender=<optimized out>, object_path=<optimized out>, interface_name=0x7f64e8005350 "org.freedesktop.impl.portal.FileChooser", method_name=0x7f64e8019eb0 "SaveFile", parameters=<optimized out>, invocation=0x7f64e80119c0, user_data=0xcdbff77060) at src/xdg-desktop-portal-dbus.c:2157
        skeleton = <optimized out>
        info = 0xcdbe4f5320 <_xdp_impl_file_chooser_method_info_save_file>
        iter = {x = {140071365849984, 5, 5, 0, 883686909888, 140071800169303, 0, 3579507750, 0, 140071808899992, 883688943104, 883686392448, 883688943104, 140071780829311, 85, 12210568970479365376}}
        child = 0x0
        paramv = 0xcdc031ff30
        num_params = <optimized out>
        n = <optimized out>
        signal_id = 204
        return_value = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        __func__ = "_xdp_impl_file_chooser_skeleton_handle_method_call"
#12 0x00007f6502144f47 in g_dbus_interface_method_dispatch_helper (interface=<optimized out>, method_call_func=0xcdbe2bf6e0 <_xdp_impl_file_chooser_skeleton_handle_method_call>, invocation=0x7f64e80119c0) at ../../../../gio/gdbusinterfaceskeleton.c:609
        has_handlers = <optimized out>
        has_default_class_handler = <optimized out>
        emit_authorized_signal = <optimized out>
        run_in_thread = <optimized out>
        flags = <optimized out>
        object = 0x0
        __func__ = "g_dbus_interface_method_dispatch_helper"
#13 0x00007f650212d1fc in call_in_idle_cb (user_data=0x7f64e80119c0) at ../../../../gio/gdbusconnection.c:4851
        invocation = 0x7f64e80119c0
        vtable = <optimized out>
        registration_id = <optimized out>
        subtree_registration_id = <optimized out>
        __func__ = "call_in_idle_cb"
#14 0x00007f6501b52dd5 in g_main_dispatch (context=0xcdbfd22800) at ../../../../glib/gmain.c:3148
        dispatch = 0x7f6501b4f710 <g_idle_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x7f64e80119c0
        callback = 0x7f650212d110 <call_in_idle_cb>
        cb_funcs = 0x7f6501e1a280 <g_source_callback_funcs>
        cb_data = 0x7f64e801b5f0
        need_destroy = <optimized out>
        source = 0x7f64e80055b0
        current = 0xcdbfda5a40
        i = 0
#15 g_main_context_dispatch (context=context@entry=0xcdbfd22800) at ../../../../glib/gmain.c:3813
No locals.
#16 0x00007f6501b531a0 in g_main_context_iterate (context=0xcdbfd22800, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../../glib/gmain.c:3886
        max_priority = 2147483647
        timeout = -1
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = 4
        fds = 0xcdc0321e70
#17 0x00007f6501b534b2 in g_main_loop_run (loop=0xcdbfced420) at ../../../../glib/gmain.c:4082
        __func__ = "g_main_loop_run"
#18 0x000000cdbe2b3100 in main (argc=<optimized out>, argv=<optimized out>) at src/xdg-desktop-portal-gtk.c:209
        owner_id = 1
        error = 0x0
        session_bus = <optimized out>
        context = <optimized out>
mariospr commented 7 years ago

From https://github.com/flatpak/xdg-desktop-portal-gtk/blob/master/src/filechooser.c#L458 it looks like the current_folder value is being unpacked from the GVariant but somehow ends up returning invalid data (and same issue for current_name, unpacked previously):

        current_name = 0x100000002 <error: Cannot access memory at address 0x100000002>
        path = 0x4 <error: Cannot access memory at address 0x4>

One thing is not clear to me, neither form this issue nor from the original bug in launchpad is how exactly you reproduced this issue. Could you please provide the steps to reproduce it?