Crash when searching files when using the file portal
I tried to upload a file using Firefox (I have the portal enabled for testing) and started typing for the folder I was looking for. The portal crashed with the following stack:
(gdb) bt
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:74
#1 0x00007f9fe104bb72 in g_utf8_collate_key_for_filename (str=0x0, len=-1) at ../glib/gunicollate.c:569
#2 0x00007f9fe0757e20 in file_system_model_set (model=0x55a519636340, file=0x55a519508d60, info=0x7f9f8c04c0d0, column=<optimized out>, value=0x55a519abfd90, data=0x55a5195694c0) at ../gtk/gtkfilechooserwidget.c:4413
#3 0x00007f9fe0927858 in _gtk_file_system_model_get_value (model=0x55a519636340, iter=<optimized out>, column=5) at ../gtk/gtkfilesystemmodel.c:1683
#4 0x00007f9fe0a4a818 in compare_name.constprop.0 (model=model@entry=0x55a519636340, a=a@entry=0x7fffccd293c0, b=b@entry=0x7fffccd293a0, impl=<optimized out>) at ../gtk/gtkfilechooserwidget.c:3530
#5 0x00007f9fe07559ee in search_sort_func (user_data=<optimized out>, b=0x7fffccd293a0, a=0x7fffccd293c0, model=0x55a519636340) at ../gtk/gtkfilechooserwidget.c:3699
#6 search_sort_func (model=0x55a519636340, a=0x7fffccd293c0, b=0x7fffccd293a0, user_data=<optimized out>) at ../gtk/gtkfilechooserwidget.c:3699
#7 0x00007f9fe09212f3 in compare_array_element (a=<optimized out>, b=<optimized out>, user_data=user_data@entry=0x7fffccd297b0) at ../gtk/gtkfilesystemmodel.c:719
#8 0x00007f9fe1024ac5 in msort_with_tmp (p=p@entry=0x7fffccd29740, b=b@entry=0x55a519c98b30, n=n@entry=3) at ../glib/gqsort.c:152
#9 0x00007f9fe10249e7 in msort_with_tmp (p=p@entry=0x7fffccd29740, b=b@entry=0x55a519c98b20, n=n@entry=5) at ../glib/gqsort.c:86
#10 0x00007f9fe10249d9 in msort_with_tmp (p=p@entry=0x7fffccd29740, b=b@entry=0x55a519c98b20, n=n@entry=10) at ../glib/gqsort.c:85
#11 0x00007f9fe10249e7 in msort_with_tmp (p=p@entry=0x7fffccd29740, b=b@entry=0x55a519c98ad0, n=n@entry=20) at ../glib/gqsort.c:86
#12 0x00007f9fe10249e7 in msort_with_tmp (p=p@entry=0x7fffccd29740, b=b@entry=0x55a519c98a38, n=n@entry=39) at ../glib/gqsort.c:86
#13 0x00007f9fe10249d9 in msort_with_tmp (p=p@entry=0x7fffccd29740, b=b@entry=0x55a519c98a38, n=n@entry=78) at ../glib/gqsort.c:85
#14 0x00007f9fe10249d9 in msort_with_tmp (p=p@entry=0x7fffccd29740, b=0x55a519c98a38, n=n@entry=157) at ../glib/gqsort.c:85
#15 0x00007f9fe1026fa6 in msort_r (b=<optimized out>, n=<optimized out>, s=360, cmp=cmp@entry=0x7f9fe0921290 <compare_array_element>, arg=arg@entry=0x7fffccd297b0) at ../glib/gqsort.c:237
#16 0x00007f9fe102714c in g_qsort_with_data (pbase=<optimized out>, total_elems=<optimized out>, size=<optimized out>, compare_func=compare_func@entry=0x7f9fe0921290 <compare_array_element>, user_data=user_data@entry=0x7fffccd297b0)
at ../glib/gqsort.c:303
#17 0x00007f9fe0927d38 in gtk_file_system_model_sort (model=model@entry=0x55a519636340) at ../gtk/gtkfilesystemmodel.c:743
#18 0x00007f9fe0928450 in gtk_file_system_model_sort (model=0x55a519636340) at ../gtk/gtkfilesystemmodel.c:1993
#19 thaw_updates (model=0x55a519636340) at ../gtk/gtkfilesystemmodel.c:2005
#20 0x00007f9fe075a794 in _gtk_file_system_model_update_files (infos=0x55a5199fe0c0, files=0x55a5199fe0e0, model=0x55a519636340) at ../gtk/gtkfilesystemmodel.c:1932
#21 search_engine_hits_added_cb (engine=<optimized out>, hits=<optimized out>, impl=0x55a5195694c0) at ../gtk/gtkfilechooserwidget.c:6489
#22 0x00007f9fe0d9a837 in g_cclosure_marshal_VOID__POINTERv (closure=<optimized out>, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>,
param_types=0x55a519535d00) at ../gobject/gmarshal.c:1800
#23 0x00007f9fe0db8c79 in _g_closure_invoke_va (param_types=<optimized out>, n_params=<optimized out>, args=0x7fffccd29a50, instance=<optimized out>, return_value=<optimized out>, closure=0x55a519b787f0) at ../gobject/gclosure.c:893
#24 g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fffccd29a50) at ../gobject/gsignal.c:3406
#25 0x00007f9fe0db8db3 in g_signal_emit (instance=instance@entry=0x55a519c15320, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3553
#26 0x00007f9fe0941d61 in _gtk_search_engine_hits_added (engine=engine@entry=0x55a519c15320, hits=hits@entry=0x55a519819500) at ../gtk/gtksearchengine.c:392
#27 0x00007f9fe0941e37 in hits_added (engine=<optimized out>, hits=<optimized out>, data=0x55a519c15320) at ../gtk/gtksearchengine.c:208
#28 0x00007f9fe0d9a837 in g_cclosure_marshal_VOID__POINTERv (closure=<optimized out>, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>,
param_types=0x55a519535d00) at ../gobject/gmarshal.c:1800
#29 0x00007f9fe0db8c79 in _g_closure_invoke_va (param_types=<optimized out>, n_params=<optimized out>, args=0x7fffccd29d30, instance=<optimized out>, return_value=<optimized out>, closure=0x55a519a40fd0) at ../gobject/gclosure.c:893
#30 g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fffccd29d30) at ../gobject/gsignal.c:3406
#31 0x00007f9fe0db8db3 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at ../gobject/gsignal.c:3553
#32 0x00007f9fe094c4db in query_callback (statement=<optimized out>, res=<optimized out>, user_data=user_data@entry=0x55a519c1a870) at ../gtk/gtksearchenginetracker3.c:184
#33 0x00007f9fe0e98cda in g_task_return_now (task=0x55a519aa6630) at ../gio/gtask.c:1230
#34 0x00007f9fe0e98ee3 in g_task_return (type=<optimized out>, task=0x55a519aa6630) at ../gio/gtask.c:1300
#35 g_task_return (task=0x55a519aa6630, type=<optimized out>) at ../gio/gtask.c:1256
#36 0x00007f9fe0e99cdc in g_task_return_pointer (task=<optimized out>, result=<optimized out>, result_destroy=<optimized out>) at ../gio/gtask.c:1720
#37 0x00007f9fdf84d44d in tracker_bus_statement_real_execute_async_co.isra.0 (_data_=0x55a51962fc80) at ../src/libtracker-sparql/bus/tracker-bus-statement.vala:94
#38 0x00007f9fe0e98cda in g_task_return_now (task=0x55a519acde30) at ../gio/gtask.c:1230
#39 0x00007f9fe0e98ee3 in g_task_return (type=<optimized out>, task=0x55a519acde30) at ../gio/gtask.c:1300
#40 g_task_return (task=0x55a519acde30, type=<optimized out>) at ../gio/gtask.c:1256
#41 0x00007f9fe0e99cdc in g_task_return_pointer (task=<optimized out>, result=<optimized out>, result_destroy=<optimized out>) at ../gio/gtask.c:1720
#42 0x00007f9fdf84f96e in tracker_bus_connection_perform_query_call_co.isra.0 (_data_=0x55a519781210) at ../src/libtracker-sparql/bus/tracker-bus.vala:171
#43 0x00007f9fe0e98cda in g_task_return_now (task=0x55a519acdef0) at ../gio/gtask.c:1230
#44 0x00007f9fe0e98ee3 in g_task_return (type=<optimized out>, task=0x55a519acdef0) at ../gio/gtask.c:1300
#45 g_task_return (task=0x55a519acdef0, type=<optimized out>) at ../gio/gtask.c:1256
#46 0x00007f9fe0e77b63 in async_ready_splice_callback_wrapper (source_object=<optimized out>, res=0x55a519acfb10, _data=_data@entry=0x55a519acdef0) at ../gio/goutputstream.c:1712
#47 0x00007f9fe0e98cda in g_task_return_now (task=0x55a519acfb10) at ../gio/gtask.c:1230
#48 0x00007f9fe0e98ee3 in g_task_return (type=<optimized out>, task=0x55a519acfb10) at ../gio/gtask.c:1300
#49 g_task_return (task=0x55a519acfb10, type=<optimized out>) at ../gio/gtask.c:1256
#50 0x00007f9fe0e794dc in real_splice_async_complete_cb (task=0x55a519acfb10) at ../gio/goutputstream.c:2684
--Type <RET> for more, q to quit, c to continue without paging--
#51 0x00007f9fe0e62491 in async_ready_close_callback_wrapper (source_object=0x55a519b6ca50, res=0x7f9fc8066b00, user_data=0x55a519acfb10) at ../gio/ginputstream.c:577
#52 0x00007f9fe0e98cda in g_task_return_now (task=0x7f9fc8066b00) at ../gio/gtask.c:1230
#53 0x00007f9fe0e98d1d in complete_in_idle_cb (task=task@entry=0x7f9fc8066b00) at ../gio/gtask.c:1244
#54 0x00007f9fe10124ab in g_idle_dispatch (source=0x7f9fb401ff50, callback=0x7f9fe0e98d10 <complete_in_idle_cb>, user_data=0x7f9fc8066b00) at ../glib/gmain.c:5935
#55 0x00007f9fe1015faf in g_main_dispatch (context=0x55a5192c6050) at ../glib/gmain.c:3417
#56 g_main_context_dispatch (context=0x55a5192c6050) at ../glib/gmain.c:4135
#57 0x00007f9fe106b228 in g_main_context_iterate.constprop.0 (context=0x55a5192c6050, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4211
#58 0x00007f9fe10156cf in g_main_loop_run (loop=0x55a51933ce10) at ../glib/gmain.c:4411
#59 0x000055a5177eddfb in main (argc=<optimized out>, argv=<optimized out>) at ../src/xdg-desktop-portal-gnome.c:269
In g_utf8_collate_key_for_filename
, str
is null and len is -1
, so we end up calling strlen(NULL)
, which crashes. The null string comes from g_file_info_get_display_name
(which is weird because it's documented to never return null.
The GFileInfo
struct has 3 attributes, all of them integers:
(gdb) p info->attributes.len
$25 = 3
(gdb) p ((GFileAttribute *)info->attributes.data)[0]
$26 = {attribute = 1048590, value = {type = G_FILE_ATTRIBUTE_TYPE_UINT64, status = G_FILE_ATTRIBUTE_STATUS_UNSET, u = {boolean = 0, int32 = 0, uint32 = 0, int64 = 0, uint64 = 0, string = 0x0, obj = 0x0, stringv = 0x0}}}
(gdb) p ((GFileAttribute *)info->attributes.data)[1]
$27 = {attribute = 6291457, value = {type = G_FILE_ATTRIBUTE_TYPE_UINT64, status = G_FILE_ATTRIBUTE_STATUS_UNSET, u = {boolean = 1618509260, int32 = 1618509260, uint32 = 1618509260, int64 = 1618509260, uint64 = 1618509260,
string = 0x60787dcc <error: Cannot access memory at address 0x60787dcc>, obj = 0x60787dcc, stringv = 0x60787dcc}}}
(gdb) p ((GFileAttribute *)info->attributes.data)[2]
$28 = {attribute = 6291458, value = {type = G_FILE_ATTRIBUTE_TYPE_UINT32, status = G_FILE_ATTRIBUTE_STATUS_UNSET, u = {boolean = 0, int32 = 0, uint32 = 0, int64 = 0, uint64 = 0, string = 0x0, obj = 0x0, stringv = 0x0}}}
The relevant file is a local file I have somewhere in my Downloads folder:
(gdb) p *((GLocalFile*)file)
$36 = {parent_instance = {g_type_instance = {g_class = 0x55a51937a610}, ref_count = 4, qdata = 0x0}, filename = 0x55a519c962d0 "/home/emilio/Downloads/_WorldView.swift"}