Re: g_stat() In src/glade3-3.8.5/gladeui/glade-utils.c At Line 1865 Causes SIGSEGV in strlen () from C:\Windows\System32\msvcrt.dll When Saving File

From: LRN <lrn1986 gmail com>
To: gtk-devel-list gnome org
Subject: Re: g_stat() In src/glade3-3.8.5/gladeui/glade-utils.c At Line 1865 Causes SIGSEGV in strlen () from C:\Windows\System32\msvcrt.dll When Saving File
Date: Tue, 22 May 2018 19:51:00 +0300

On 22.05.2018 17:27, LRN wrote:

On 22.05.2018 15:02, gtk-devel-list TalkVideo net wrote:

When running: /mingw64/bin/glade-3.exe

And I try to save a file, after selecting or entering a filename, and clicking Save in the File Chooser 
Dialog, the program crashes, (segfaults), and the file size is zero.


I can reproduce this crash. Will look into it soon.

Here's the full backtrace:

#0  0x744294c0 in strlen () from C:\WINDOWS\System32\msvcrt.dll
#1  0x64c135c7 in _g_win32_stat_utf8 (filename=filename@entry=0x0,
buf=buf@entry=0x61f128, for_symlink=for_symlink@entry=0)
    at ../glib-2477c7b/glib/gstdio.c:368
#2  0x64c13f77 in g_win32_stat_utf8 (buf=0x61f128, filename=0x0,
filename@entry=0x61f1bc "\230Z{\bE\\c\003\230Z{\bona")
    at ../glib-2477c7b/glib/gstdio.c:396
#3  g_stat (filename=filename@entry=0x0, buf=buf@entry=0x61f1bc) at
../glib-2477c7b/glib/gstdio.c:1024
#4  0x62fbfe0b in glade_util_get_file_mtime (filename=0x0,
error=error@entry=0x0) at ../../glade3-3.8.5/gladeui/glade-utils.c:1865
#5  0x0040433a in save (window=window@entry=0xf45120,
project=project@entry=0xfe9a50, path=path@entry=0x3e75cc8 "D:\\test2.glade")
    at ../../glade3-3.8.5/src/glade-window.c:1060
#6  0x0040502b in save_as (window=0xf45120) at
../../glade3-3.8.5/src/glade-window.c:1257
#7  0x681063fd in g_closure_invoke (closure=0x100e698, return_value=0x0,
n_param_values=1, param_values=0x61f430, invocation_hint=0x61f3dc)
    at ../glib-2477c7b/gobject/gclosure.c:806
#8  0x68119174 in signal_emit_unlocked_R (node=node@entry=0x3f779a8, detail=0,
instance=0xfc5568, emission_return=emission_return@entry=0x0,
    instance_and_params=0x61f430) at ../glib-2477c7b/gobject/gsignal.c:3635
#9  0x681212bb in g_signal_emit_valist (instance=instance@entry=0xfc5568,
signal_id=signal_id@entry=340, detail=detail@entry=0,
    var_args=var_args@entry=0x61f56c "?K\020h?K\020h?oa") at
../glib-2477c7b/gobject/gsignal.c:3391
#10 0x68121426 in g_signal_emit (instance=instance@entry=0xfc5568,
signal_id=340, detail=detail@entry=0) at ../glib-2477c7b/gobject/gsignal.c:3447
#11 0x6198ce0a in _gtk_action_emit_activate (action=0xfc5568) at
../../gtk+-ca2e62d/gtk/gtkaction.c:795
#12 0x681063fd in g_closure_invoke (closure=0xf5f030, return_value=0x0,
n_param_values=1, param_values=0x61f6f0, invocation_hint=0x61f69c)
    at ../glib-2477c7b/gobject/gclosure.c:806
#13 0x68118b4a in signal_emit_unlocked_R (node=node@entry=0xf5f080, detail=0,
instance=0x3ef0b40, emission_return=emission_return@entry=0x0,
    instance_and_params=0x61f6f0) at ../glib-2477c7b/gobject/gsignal.c:3565
#14 0x681212bb in g_signal_emit_valist (instance=instance@entry=0x3ef0b40,
signal_id=signal_id@entry=193, detail=detail@entry=0,
    var_args=var_args@entry=0x61f82c "@\vi\003@\vi\003\060-k\bxoa") at
../glib-2477c7b/gobject/gsignal.c:3391
#15 0x68121426 in g_signal_emit (instance=instance@entry=0x3ef0b40,
signal_id=193, detail=detail@entry=0) at ../glib-2477c7b/gobject/gsignal.c:3447
#16 0x61b9192d in gtk_widget_activate (widget=widget@entry=0x3ef0b40) at
../../gtk+-ca2e62d/gtk/gtkwidget.c:5041
#17 0x61a77c9a in gtk_menu_shell_activate_item (menu_shell=0x3f0f2f8,
menu_item=0x3ef0b40, force_deactivate=1)
    at ../../gtk+-ca2e62d/gtk/gtkmenushell.c:1278
#18 0x61a780ef in gtk_menu_shell_button_release (widget=0x3f0f2f8,
event=0x86f80b8) at ../../gtk+-ca2e62d/gtk/gtkmenushell.c:703
#19 0x61a62512 in _gtk_marshal_BOOLEAN__BOXED (closure=0xf3ddb8,
return_value=0x61fa18, n_param_values=2, param_values=0x61fa90,
invocation_hint=0x61fa3c,
    marshal_data=0x61a6b110 <gtk_menu_button_release>) at gtkmarshalers.c:86
#20 0x681063fd in g_closure_invoke (closure=0xf3ddb8, return_value=0x61fa18,
n_param_values=2, param_values=0x61fa90, invocation_hint=0x61fa3c)
    at ../glib-2477c7b/gobject/gclosure.c:806
#21 0x68119076 in signal_emit_unlocked_R (node=node@entry=0xf3dde0, detail=0,
instance=0x3f0f2f8, emission_return=emission_return@entry=0x61fb30,
    instance_and_params=0x61fa90) at ../glib-2477c7b/gobject/gsignal.c:3673
#22 0x68120cd0 in g_signal_emit_valist (instance=instance@entry=0x3f0f2f8,
signal_id=signal_id@entry=36, detail=detail@entry=0, var_args=<optimized out>,
    var_args@entry=0x61fbdc "??o\b\fua") at ../glib-2477c7b/gobject/gsignal.c:3401
#23 0x68121426 in g_signal_emit (instance=instance@entry=0x3f0f2f8,
signal_id=36, detail=detail@entry=0) at ../glib-2477c7b/gobject/gsignal.c:3447
#24 0x61b92e03 in gtk_widget_event_internal (widget=widget@entry=0x3f0f2f8,
event=event@entry=0x86f80b8) at ../../gtk+-ca2e62d/gtk/gtkwidget.c:5010
#25 0x61b930df in gtk_widget_event (widget=widget@entry=0x3f0f2f8,
event=event@entry=0x86f80b8) at ../../gtk+-ca2e62d/gtk/gtkwidget.c:4807
#26 0x61a60633 in gtk_propagate_event (widget=0x3f0f2f8, event=0x86f80b8) at
../../gtk+-ca2e62d/gtk/gtkmain.c:2501
#27 0x61a60acf in gtk_main_do_event (event=0x86f80b8) at
../../gtk+-ca2e62d/gtk/gtkmain.c:1696
#28 0x6c57c607 in gdk_event_dispatch (source=source@entry=0xf39f38,
callback=0x0, user_data=0x0) at
../../../gtk+-ca2e62d/gdk/win32/gdkevents-win32.c:3695
#29 0x64bf5929 in g_main_dispatch (context=0xf39ff0, context@entry=0xfe0db0) at
../glib-2477c7b/glib/gmain.c:3177
#30 g_main_context_dispatch (context=context@entry=0xf39ff0) at
../glib-2477c7b/glib/gmain.c:3830
#31 0x64bf5bfa in g_main_context_iterate (context=<optimized out>,
block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at ../glib-2477c7b/glib/gmain.c:3903
#32 0x64bf6125 in g_main_loop_run (loop=0x3fb6380) at
../glib-2477c7b/glib/gmain.c:4099
#33 0x61a5f99f in gtk_main () at ../../gtk+-ca2e62d/gtk/gtkmain.c:1268
#34 0x0040a50d in main (argc=1, argv=0x106aa58) at
../../glade3-3.8.5/src/main.c:185

As you can see, glade3 passes NULL filename here.

Looks like it's my fault. The very first thing that previous version of
g_stat() used to do was to convert the utf8 filename to utf16, and this
conveniently served both the obvious purpose *and* as a NULL-check (since
g_utf8_to_utf16 failed for NULL strings). It did a complex separator/absname
check on the utf16 string after that.

New code shuffled the lines around, and now the check is made before
conversion, on the utf8 string. And this check starts with a strlen(), which
crashes on NULL strings.

I've pushed a fix. Also backported to glib-2-56.

Attachment: signature.asc
Description: OpenPGP digital signature

References:
- g_stat() In src/glade3-3.8.5/gladeui/glade-utils.c At Line 1865 Causes SIGSEGV in strlen () from C:\Windows\System32\msvcrt.dll When Saving File
  - From: gtk-devel-list
- Re: g_stat() In src/glade3-3.8.5/gladeui/glade-utils.c At Line 1865 Causes SIGSEGV in strlen () from C:\Windows\System32\msvcrt.dll When Saving File
  - From: LRN

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]