Bug#384138: crash in gtk_entry_completion_default_completion_func

[Anthony DeRobertis]

Package: libgtk2.0-0
Version: 2.8.18-1
Severity: important

(This code is the same in 2.8.20 at the same line numbers)
(The code is in 2.10.2 starting at line 711 instead of 744)

These lines:

744           normalized_string = g_utf8_normalize (item, -1, G_NORMALIZE_ALL);
745           case_normalized_string = g_utf8_casefold (normalized_string, -1);
746           
747           if (!strncmp (key, case_normalized_string, strlen (key)))
748             ret = TRUE;

(gdb) print item
$5 = (gchar *) 0x34dc630 "#PC���"
(gdb) print normalized_string
$6 = (gchar *) 0x0
(gdb) print case_normalized_string
$7 = (gchar *) 0x0

You can guess what happens when NULL is passed to strncmp on line 747.
Segfault.

The utf8 normalize is failing, I suppose, because item is not valid
utf-8:

(gdb) x/8xb item 
0x34dc630:      0x23    0x50    0x43    0xb8    0xed    0xc1    0xb6    0x00


This is apparently a font name, and is causing Inkscape to crash.


BTW: I'm attaching a patch, but there is probably a better solution.
Probably at least a warning should be printed.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing'), (130, 'unstable'), (120, 'experimental')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libgtk2.0-0 depends on:
ii  libatk1.0-0                 1.12.1-1     The ATK accessibility toolkit
ii  libc6                       2.3.6-15     GNU C Library: Shared libraries
ii  libcairo2                   1.2.2-1      The Cairo 2D vector graphics libra
ii  libfontconfig1              2.3.2-7      generic font configuration library
ii  libglib2.0-0                2.10.3-3     The GLib library of C routines
ii  libgtk2.0-0                 2.8.18-1     The GTK+ graphical user interface 
ii  libgtk2.0-bin               2.8.18-1     The programs for the GTK+ graphica
ii  libgtk2.0-common            2.8.18-1     Common files for the GTK+ graphica
ii  libjpeg62                   6b-13        The Independent JPEG Group's JPEG 
ii  libpango1.0-0               1.12.3-1+b1  Layout and rendering of internatio
ii  libpng12-0                  1.2.8rel-5.2 PNG library - runtime
ii  libtiff4                    3.8.2-6      Tag Image File Format (TIFF) libra
ii  libx11-6                    2:1.0.0-8    X11 client-side library
ii  libxcursor1                 1.1.5.2-5    X cursor management library
ii  libxext6                    1:1.0.0-4    X11 miscellaneous extension librar
ii  libxfixes3                  1:3.0.1.2-4  X11 miscellaneous 'fixes' extensio
ii  libxi6                      1:1.0.0-5    X11 Input extension library
ii  libxinerama1                1:1.0.1-4    X11 Xinerama extension library
ii  libxrandr2                  2:1.1.0.2-4  X11 RandR extension library
ii  libxrender1                 1:0.9.0.2-4  X Rendering Extension client libra

Versions of packages libgtk2.0-0 recommends:
ii  hicolor-icon-theme            0.8-4      default fallback theme for FreeDes

-- no debconf information
-------------- next part --------------
diff -rdbU3 gtk+-2.8.18.orig/gtk/gtkentrycompletion.c gtk+-2.8.18/gtk/gtkentrycompletion.c
--- gtk+-2.8.18.orig/gtk/gtkentrycompletion.c	2006-02-10 14:21:58.000000000 -0500
+++ gtk+-2.8.18/gtk/gtkentrycompletion.c	2006-08-21 22:40:44.000000000 -0400
@@ -744,7 +744,7 @@
       normalized_string = g_utf8_normalize (item, -1, G_NORMALIZE_ALL);
       case_normalized_string = g_utf8_casefold (normalized_string, -1);
       
-      if (!strncmp (key, case_normalized_string, strlen (key)))
+      if (case_normalized_string && !strncmp (key, case_normalized_string, strlen (key)))
 	ret = TRUE;
       
       g_free (item);