Skip to content

Crash on startup if saved notifications are corrupt

An Endless OS system was found in the wild with a malformed .local/share/gnome-shell/notifications. When deserialized in Python, after passing trusted=True to g_variant_new_from_bytes(), the first element of the first struct in the array looks like this:

In [41]: _38.get_child_value(0).get_child_value(0)
Out[41]: GLib.Variant('s',
'\Uffffffff\Uffffffff\Uffffffff\Uffffffff\Uffffffff')

When deserialised in GJS, we get:

gjs> v.get_child_value(0).get_child_value(0)
[object variant of type "s"]
gjs> v.get_child_value(0).get_child_value(0).get_string()
typein:43:1 malformed UTF-8 character sequence at offset 0
 @typein:43:1
 @<stdin>:1:34

This causes Shell to crash on startup:

Aug 28 14:32:39 endless gnome-shell[7879]: JS ERROR: TypeError: malformed UTF-8 character sequence at offset 0
                                           _unpack_variant@resource:///org/gnome/gjs/modules/overrides/GLib.js:207:9
                                           _unpack_variant@resource:///org/gnome/gjs/modules/overrides/GLib.js:247:12
                                           _unpack_variant@resource:///org/gnome/gjs/modules/overrides/GLib.js:247:12
                                           _init/this.Variant.prototype.deep_unpack@resource:///org/gnome/gjs/modules/overrides/GLib.js:285:9
                                           _loadNotifications@resource:///org/gnome/shell/ui/notificationDaemon.js:762:27
                                           GtkNotificationDaemon@resource:///org/gnome/shell/ui/notificationDaemon.js:733:9
                                           NotificationDaemon@resource:///org/gnome/shell/ui/notificationDaemon.js:833:39
                                           _initializeUI@resource:///org/gnome/shell/ui/main.js:205:26
                                           start@resource:///org/gnome/shell/ui/main.js:143:5
                                           @<main>:1:31

Here is the offending .local/share/gnome-shell/notifications file. hexdump -C:

00000000  b0 8d a8 b7 cc 55 00 00  b0 a5 17 b7 cc 55 00 00  |.....U.......U..|
00000010  75 73 00 00 00 00 00 00  6e 61 75 74 69 6c 75 73  |us......nautilus|
00000020  2d 6d 6f 75 6e 74 2d 6f  70 65 72 61 74 69 6f 6e  |-mount-operation|
00000030  2d 30 78 35 35 64 66 38  36 33 35 38 65 33 30 00  |-0x55df86358e30.|
00000040  74 69 74 6c 65 00 00 00  4a 65 74 46 6c 61 73 68  |title...JetFlash|
00000050  20 54 72 61 6e 73 63 65  6e 64 20 34 47 42 20 63  | Transcend 4GB c|
00000060  61 6e 20 62 65 20 73 61  66 65 6c 79 20 75 6e 70  |an be safely unp|
00000070  6c 75 67 67 65 64 00 00  73 06 00 00 00 00 00 00  |lugged..s.......|
00000080  62 6f 64 79 00 00 00 00  44 65 76 69 63 65 20 63  |body....Device c|
00000090  61 6e 20 62 65 20 72 65  6d 6f 76 65 64 2e 00 00  |an be removed...|
000000a0  73 05 00 00 00 00 00 00  69 63 6f 6e 00 00 00 00  |s.......icon....|
000000b0  74 68 65 6d 65 64 00 00  6d 65 64 69 61 2d 72 65  |themed..media-re|
000000c0  6d 6f 76 61 62 6c 65 2d  73 79 6d 62 6f 6c 69 63  |movable-symbolic|
000000d0  00 19 00 61 73 07 00 28  73 76 29 05 00 00 00 00  |...as..(sv).....|
000000e0  70 72 69 6f 72 69 74 79  00 00 00 00 00 00 00 00  |priority........|
000000f0  6e 6f 72 6d 61 6c 00 00  73 09 00 00 00 00 00 00  |normal..s.......|
00000100  74 69 6d 65 73 74 61 6d  70 00 00 00 00 00 00 00  |timestamp.......|
00000110  23 78 ff 5c 00 00 00 00  00 78 0a 3a 62 9c ba db  |#x.\.....x.:b...|
00000120  00 61 7b 73 76 7d 28 00  6e 61 75 74 69 6c 75 73  |.a{sv}(.nautilus|
00000130  2d 6d 6f 75 6e 74 2d 6f  70 65 72 61 74 69 6f 6e  |-mount-operation|
00000140  2d 30 78 35 35 65 30 65  31 34 64 35 34 35 30 00  |-0x55e0e14d5450.|
00000150  74 69 74 6c 65 00 00 00  55 53 42 20 44 69 73 6b  |title...USB Disk|
00000160  20 63 61 6e 20 62 65 20  73 61 66 65 6c 79 20 75  | can be safely u|
00000170  6e 70 6c 75 67 67 65 64  00 00 73 06 00 00 00 00  |nplugged..s.....|
00000180  62 6f 64 79 00 00 00 00  44 65 76 69 63 65 20 63  |body....Device c|
00000190  61 6e 20 62 65 20 72 65  6d 6f 76 65 64 2e 00 00  |an be removed...|
000001a0  73 05 00 00 00 00 00 00  69 63 6f 6e 00 00 00 00  |s.......icon....|
000001b0  74 68 65 6d 65 64 00 00  6d 65 64 69 61 2d 72 65  |themed..media-re|
000001c0  6d 6f 76 61 62 6c 65 2d  73 79 6d 62 6f 6c 69 63  |movable-symbolic|
000001d0  00 19 00 61 73 07 00 28  73 76 29 05 00 00 00 00  |...as..(sv).....|
000001e0  70 72 69 6f 72 69 74 79  00 00 00 00 00 00 00 00  |priority........|
000001f0  6e 6f 72 6d 61 6c 00 00  73 09 00 00 00 00 00 00  |normal..s.......|
00000200  74 69 6d 65 73 74 61 6d  70 00 00 00 00 00 00 00  |timestamp.......|
00000210  8e 2f 02 5d 00 00 00 00  00 78 0a 2c 52 8c aa cb  |./.].....x.,R...|
00000220  00 61 7b 73 76 7d 28 10  01 0f 02 13 00 2d 02     |.a{sv}(......-.|
0000022f