Crashes in gtk_file_chooser_set_current_name() with incorrect input encoding

[Fabian Keil <freebsd-listen fabiankeil de>]

This Claws-Mail bug:
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2393
is about a crash in gtk's completion_match_func() caused by Claws-Mail
passing a string to gtk_file_chooser_set_current_name() that has
previously been run through g_filename_from_utf8().

While this is documented to be incorrect, it seems also understandable
as the string actually is a file name and many other gtk_file_*
functions do require the procedure.

In my opinion gtk should either deal with the problem gracefully
(by not crashing), or crash closer to the application/library
boundary so figuring out the cause of the problem takes less
time.

The attached patches prevent the segfault and complain when
the problem happens. They are against gtk+-2.22.1, but should
apply cleanly to HEAD, too.

Before I take the time to submit a bug report, I'd like to
know if you agree that gtk's current behaviour is a bug,
or if the described API violation is expected to cause
undefined behaviour which includes crashes.

Thanks for your input.

Fabian

From 2d3a68a47c20a7b375b2ffd4baac34089b9badd6 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk fabiankeil de>
Date: Sat, 2 Apr 2011 21:30:53 +0200
Subject: [PATCH 1/2] In completion_match_func(), don't crash if chooser_entry->file_part can't be g_utf8_normalize()'d

---
 gtk/gtkfilechooserentry.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/gtk/gtkfilechooserentry.c b/gtk/gtkfilechooserentry.c
index e539a8a..a934952 100644
--- a/gtk/gtkfilechooserentry.c
+++ b/gtk/gtkfilechooserentry.c
@@ -407,6 +407,11 @@ completion_match_func (GtkEntryCompletion *comp,
     }
 
   norm_file_part = g_utf8_normalize (chooser_entry->file_part, -1, G_NORMALIZE_ALL);
+  if (NULL == norm_file_part)
+    {
+       g_free (name);
+       return FALSE;
+    }
   norm_name = g_utf8_normalize (name, -1, G_NORMALIZE_ALL);
 
 #ifdef G_PLATFORM_WIN32
-- 
1.7.4.1

From e1c628d9bdd4550dd0bf27c881767cebf14722b3 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk fabiankeil de>
Date: Sat, 2 Apr 2011 21:31:21 +0200
Subject: [PATCH 2/2] In completion_match_func(), complain if chooser_entry->file_part can't be g_utf8_normalize()'d

---
 gtk/gtkfilechooserentry.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/gtk/gtkfilechooserentry.c b/gtk/gtkfilechooserentry.c
index a934952..07f747b 100644
--- a/gtk/gtkfilechooserentry.c
+++ b/gtk/gtkfilechooserentry.c
@@ -409,6 +409,8 @@ completion_match_func (GtkEntryCompletion *comp,
   norm_file_part = g_utf8_normalize (chooser_entry->file_part, -1, G_NORMALIZE_ALL);
   if (NULL == norm_file_part)
     {
+       g_warning ("completion_match_func(): normalizing '%s' failed. Invalid encoding?",
+                  chooser_entry->file_part);
        g_free (name);
        return FALSE;
     }
-- 
1.7.4.1

Attachment: signature.asc
Description: PGP signature