segfault at src/frdp-channel-clipboard.c:1291
When using gnome-connections to use a second machine via RDP, the program crashes immediately after initiating the connection. GDB points to a segfault triggered by frdp-channel-clipboard.c:1291
passing a NULL pointer into a call to strlen
. The NULL pointer comes from a call to gtk_selection_data_get_text()
, presumably because it is being asked to operate on a selection_data
that has zero length.
If I add a breakpoint to the if (length > 0)
that occurs prior to the crash and then run set length = -1
in GDB to prevent the branch from being taken, when I continue execution the connection is able to complete and I am able to view the remote machine.
System Information
- Distro: Arch Linux
- Desktop: GNOME 45.0
- Windowing System: xorg-server 21.1.8-2
- Software: gnome-connections-45.0-1
GDB Session
Thread 1 "gnome-connectio" received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/x86_64/multiarch/strlen-sse2.S:142
142 movdqu (%rax), %xmm4
(gdb) bt
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/strlen-sse2.S:142
#1 0x00007ffff7fbac25 in clipboard_content_received
(clipboard=<optimized out>, selection_data=selection_data@entry=0x7fffffffdf30, user_data=user_data@entry=0x7fffc8f4f970) at ../gnome-connections-45.0/subprojects/gtk-frdp/src/frdp-channel-clipboard.c:1291
#2 0x00007ffff75812eb in selection_received
(widget=0x7fffb80037c0 [GtkInvisible], selection_data=0x7fffffffdf30, time=<optimized out>)
at ../gtk/gtk/gtkclipboard.c:960
#6 0x00007ffff7c86f50 in <emit signal '0x7ffff7667e63 "selection-received"' on instance 0x7fffb80037c0 [GtkInvisible]>
(instance=0x7fffb80037c0, detailed_signal=detailed_signal@entry=0x7ffff7667e63 "selection-received")
at ../glib/gobject/gsignal.c:3716
#3 0x00007ffff728636a in _gtk_marshal_VOID__BOXED_UINTv
(closure=0x7fffb80027d0, return_value=<optimized out>, instance=0x7fffb80037c0, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x55555566b5e0) at gtk/gtkmarshalers.c:3608
#4 0x00007ffff7c86b73 in _g_closure_invoke_va
(param_types=0x55555566b5e0, n_params=<optimized out>, args=0x7fffffffddf0, instance=0x7fffb80037c0, return_value=0x0, closure=0x7fffb80027d0) at ../glib/gobject/gclosure.c:895
#5 signal_emit_valist_unlocked
(instance=instance@entry=0x7fffb80037c0, signal_id=signal_id@entry=110, detail=<optimized out>, var_args=var_args@entry=0x7fffffffddf0) at ../glib/gobject/gsignal.c:3516
#7 0x00007ffff7481d5b in gtk_selection_retrieval_report
(time=51947294, length=0, buffer=<optimized out>, format=<optimized out>, type=<optimized out>, info=0x555555a0d620) at ../gtk/gtk/gtkselection.c:3194
#8 _gtk_selection_notify (widget=<optimized out>, event=event@entry=0x55555599f300) at ../gtk/gtk/gtkselection.c:2998
Python Exception <class 'gdb.error'>: value has been optimized out
(gdb) frame 1
#1 0x00007ffff7fbac25 in clipboard_content_received (clipboard=<optimized out>,
selection_data=selection_data@entry=0x7fffffffdf30, user_data=user_data@entry=0x7fffc8f4f970)
at ../gnome-connections-45.0/subprojects/gtk-frdp/src/frdp-channel-clipboard.c:1291
Downloading source file /usr/src/debug/gnome-connections/build/../gnome-connections-45.0/subprojects/gtk-frdp/src/frdp-channel-clipboard.c
1291 text_length = strlen ((gchar *) text);
(gdb) list
1286 data_type = gtk_selection_data_get_data_type (selection_data);
1287
1288 if (length >= 0) {
1289 if (data_type == gdk_atom_intern ("UTF8_STRING", FALSE)) {
1290 text = gtk_selection_data_get_text (selection_data);
1291 text_length = strlen ((gchar *) text);
1292 if (ConvertToUnicode (CP_UTF8, 0, (LPCSTR) text, text_length, (WCHAR **) &data, 0) > 0) {
1293 send_data_response (self, data, (text_length + 1) * sizeof (WCHAR));
1294 g_free (data);
1295 }
(gdb) p text
$1 = (guchar *) 0x0
(gdb) p selection_data
$2 = (GtkSelectionData *) 0x7fffffffdf30
(gdb) p data_type
$3 = (GdkAtom) 0x46
(gdb) p length
$4 = 0
Edited by Jason Gerecke