Bug#1077677: Python Gtk.Clipboard.request_rich_text() crashes

Bernhard Übelacker bernhardu at mailbox.org
Wed Aug 14 21:40:08 BST 2024


On Wed, 31 Jul 2024 22:33:10 +0200 Jakub Wilk <jwilk at jwilk.net> wrote:> Package: gir1.2-gtk-3.0
> Version: 3.24.38-2~deb12u1
> 
> Gtk.Clipboard.request_rich_text() segfaults for me:
> 
>     $ python3 request_rich_text.py
>     Segmentation fault
> 
> Backtrace:
> 
> #0  0xf5b23141 in gtk_clipboard_request_rich_text (clipboard=0x877a8f8, buffer=0x877b180, callback=0xf7647008, user_data=0x877fb80) at ../../../gtk/gtkclipboard.c:1177
> #1  0xf7fac7d8 in ffi_call_i386 () at ../src/x86/sysv.S:121


> 
> -- System Information:
> Architecture: i386
> 
> Versions of packages gir1.2-gtk-3.0 depends on:
> ii  gir1.2-atk-1.0        2.46.0-5
> ii  gir1.2-freedesktop    1.74.0-3
> ii  gir1.2-gdkpixbuf-2.0  2.42.10+dfsg-1+deb12u1
> ii  gir1.2-glib-2.0       1.74.0-3
> ii  gir1.2-pango-1.0      1.50.12+ds-1
> ii  libgtk-3-0            3.24.38-2~deb12u1
> ii  libgtk-3-common       3.24.38-2~deb12u1
> 
> -- 
> Jakub Wilk



Hello,
just tried to have a look at it and could reproduce it also on amd64.

It looks like function gtk_clipboard_request_rich_text
does dereference info->atoms while it holds a null pointer.

Could not find an upstream bug, and it looks like the
file gtk/gtkclipboard.c got removed in the git repository.
(At least in the main branch for gtk4.)

Kind regards,
Bernhard



(gdb) bt
#0  0x00007f634578e393 in gtk_clipboard_request_rich_text (clipboard=0x54b67c0, buffer=<optimized out>, callback=0x7f6355b9a010, user_data=0x54796a0) at ../../../gtk/gtkclipboard.c:1177
#1  0x00007f63559a93fe in ffi_call_unix64 () at ../src/x86/unix64.S:104
...
(gdb) print info->current_atom
$6 = 0
(gdb) print info->atoms
$7 = (GdkAtom *) 0x0
(gdb) list gtk_clipboard_request_rich_text
1156    void
1157    gtk_clipboard_request_rich_text (GtkClipboard                    *clipboard,
1158                                     GtkTextBuffer                   *buffer,
1159                                     GtkClipboardRichTextReceivedFunc callback,
1160                                     gpointer                         user_data)
1161    {
1162      RequestRichTextInfo *info;
1163
1164      g_return_if_fail (clipboard != NULL);
1165      g_return_if_fail (GTK_IS_TEXT_BUFFER (buffer));
1166      g_return_if_fail (callback != NULL);
1167
1168      info = g_new (RequestRichTextInfo, 1);
1169      info->callback = callback;
1170      info->atoms = NULL;
1171      info->n_atoms = 0;
1172      info->current_atom = 0;
1173      info->user_data = user_data;
1174
1175      info->atoms = gtk_text_buffer_get_deserialize_formats (buffer, &info->n_atoms);
1176
1177      gtk_clipboard_request_contents (clipboard, info->atoms[info->current_atom],
1178                                      request_rich_text_received_func,
1179                                      info);
1180    }
(gdb)



More information about the pkg-gnome-maintainers mailing list