Bug#869391: gnome-control-center: Add input source dialog crashes when "Show All input sources" is enabled

Sat Dec 16 22:49:25 UTC 2017

On Sat, Jul 22, 2017 at 08:00:00PM -0400, Felipe Sateler wrote:
> I enabled all input sources in the tweak tool. Now I can't add input
> sources. g-c-c crashes with the following backtrace below.

I would like to fix this in stretch, but I don't have upload
capabilities.  If I get approval from a SRM, is a gnome team member
willing to upload it?  Debdiff for the proposed change is attached.
-------------- next part --------------
diff -Nru gnome-desktop3-3.22.2/debian/changelog gnome-desktop3-3.22.2/debian/changelog

--- gnome-desktop3-3.22.2/debian/changelog	2016-11-08 08:14:44.000000000 -0600
+++ gnome-desktop3-3.22.2/debian/changelog	2017-12-15 18:44:50.000000000 -0600
@@ -1,3 +1,12 @@
+gnome-desktop3 (3.22.2-1+deb9u1) stretch; urgency=medium
+
+  [ Jason Crain ]
+  * d/p/Fix-heap-use-after-free-with-duplicate-xkb-layouts.patch: Fixes crash
+    in gnome-control-center when adding an input source with "Show All Input
+    Sources" enabled. (Closes: #869391)
+
+ -- Jason Crain <jason at inspiresomeone.us>  Fri, 15 Dec 2017 18:44:50 -0600
+
 gnome-desktop3 (3.22.2-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru gnome-desktop3-3.22.2/debian/patches/Fix-heap-use-after-free-with-duplicate-xkb-layouts.patch gnome-desktop3-3.22.2/debian/patches/Fix-heap-use-after-free-with-duplicate-xkb-layouts.patch
--- gnome-desktop3-3.22.2/debian/patches/Fix-heap-use-after-free-with-duplicate-xkb-layouts.patch	1969-12-31 18:00:00.000000000 -0600
+++ gnome-desktop3-3.22.2/debian/patches/Fix-heap-use-after-free-with-duplicate-xkb-layouts.patch	2017-12-15 18:44:50.000000000 -0600
@@ -0,0 +1,32 @@
+From: Jason Crain <jason at inspiresomeone.us>
+Date: Mon, 24 Jul 2017 22:32:01 -0500
+Subject: Fix heap-use-after-free with duplicate xkb layouts
+
+Debian's gnome-control-center can crash when show-all-sources is
+enabled.  When parse_end_element in gnome-xkb-info.c encounters
+duplicate layouts, it will free the memory for the first layout while it
+is still in a hash table.
+
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=785320
+Bug-Debian: https://bugs.debian.org/869391
+Origin: upstream, https://git.gnome.org/browse/gnome-desktop/commit/?id=dda675941777a876c1e9b08f922de72d32e73273
+Last-Update: 2017-12-15
+---
+ libgnome-desktop/gnome-xkb-info.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/libgnome-desktop/gnome-xkb-info.c
++++ b/libgnome-desktop/gnome-xkb-info.c
+@@ -405,6 +405,12 @@
+                                                     priv->current_parser_variant->xkb_name,
+                                                     NULL);
+ 
++      if (g_hash_table_contains (priv->layouts_table, priv->current_parser_variant->id))
++        {
++          g_clear_pointer (&priv->current_parser_variant, free_layout);
++          return;
++        }
++
+       g_hash_table_replace (priv->layouts_table,
+                             priv->current_parser_variant->id,
+                             priv->current_parser_variant);
diff -Nru gnome-desktop3-3.22.2/debian/patches/series gnome-desktop3-3.22.2/debian/patches/series
--- gnome-desktop3-3.22.2/debian/patches/series	2015-10-14 11:42:32.000000000 -0500
+++ gnome-desktop3-3.22.2/debian/patches/series	2017-12-15 18:44:50.000000000 -0600
@@ -0,0 +1 @@
+Fix-heap-use-after-free-with-duplicate-xkb-layouts.patch
