Crash with long --combo-values value
zenity crashes with SIGABRT (134) with the following error with long --combo-values
parameters:
$ /zenity --forms --text="Text" --title="Choose" --add-combo "Pick something" --combo-values "mimieidvreljywuocyga|jdcavubyilijjrznydso|qzuomhivtzkviwymhuuz|jlygyenaajyqsgmxpmvg|lpvwzaoadnpqwtimchep|dznhsquygfhtcerjdisx|byprjepgfmjzhcgtlsox|qddwjfiqvhferyjsivrc|ctnfvgsjtaitseyqgvlg|daqkhytcwmvfqruaowgt|eiuqbhyoilgnaqhcnqze|oipbumvhztmmgtymfdcu|zzxxmspawvoennbwjpbf|ykgjsdgyysbfisyrsfbu|crnyaalsgzncwenciltz|zlowvgtisfvhwhugdstz|bxcgetykxptvrfqhyszg|hetartbfuyluosnusszo|egjsaiqyyhpewaaznhih|llfgjkpcttorkxyfhacc|zvypnkbjlxpgvitizwre|htqmwmgsasetrdcmjovd|robjdyrazupdrulfhxpg|fxjeehtbnvqvuielnaxl|fcepfnmgblbcahrbznki|lkwcvinbqyrnqmslphtc|ssffff"
lpvwzaoadnpqwtimchep
free(): double free detected in tcache 2
[5] 7932 abort (core dumped) ./zenity --forms --text="Text" --title="Choose" --add-combo "Pick something"
The crash happens after selecting any value from the dropdown menu and clicking OK. The selected value is printed correctly, but the application crashes afterwards.
If I shorten the last value ssffff
to ssfff
, the command no longer crashes and only prints the selected value.
Running the latest HEAD (cd636315) with gdb returns the following stack trace:
gdb --args ./zenity --forms --text="Text" --title="Choose" --add-combo "Pick something" --combo-values "mimieidvreljywuocyga|jdcavubyilijjrznydso|qzuomhivtzkviwymhuuz|jlygyenaajyqsgmxpmvg|lpvwzaoadnpqwtimchep|dznhsquygfhtcerjdisx|byprjepgfmjzhcgtlsox|qddwjfiqvhferyjsivrc|ctnfvgsjtaitseyqgvlg|daqkhytcwmvfqruaowgt|eiuqbhyoilgnaqhcnqze|oipbumvhztmmgtymfdcu|zzxxmspawvoennbwjpbf|ykgjsdgyysbfisyrsfbu|crnyaalsgzncwenciltz|zlowvgtisfvhwhugdstz|bxcgetykxptvrfqhyszg|hetartbfuyluosnusszo|egjsaiqyyhpewaaznhih|llfgjkpcttorkxyfhacc|zvypnkbjlxpgvitizwre|htqmwmgsasetrdcmjovd|robjdyrazupdrulfhxpg|fxjeehtbnvqvuielnaxl|fcepfnmgblbcahrbznki|lkwcvinbqyrnqmslphtc|ssffff"
GNU gdb (GDB) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./zenity...done.
(gdb) r
Starting program: /home/matoking/git/zenity/src/zenity --forms --text=Text --title=Choose --add-combo Pick\ something --combo-values mimieidvreljywuocyga\|jdcavubyilijjrznydso\|qzuomhivtzkviwymhuuz\|jlygyenaajyqsgmxpmvg\|lpvwzaoadnpqwtimchep\|dznhsquygfhtcerjdisx\|byprjepgfmjzhcgtlsox\|qddwjfiqvhferyjsivrc\|ctnfvgsjtaitseyqgvlg\|daqkhytcwmvfqruaowgt\|eiuqbhyoilgnaqhcnqze\|oipbumvhztmmgtymfdcu\|zzxxmspawvoennbwjpbf\|ykgjsdgyysbfisyrsfbu\|crnyaalsgzncwenciltz\|zlowvgtisfvhwhugdstz\|bxcgetykxptvrfqhyszg\|hetartbfuyluosnusszo\|egjsaiqyyhpewaaznhih\|llfgjkpcttorkxyfhacc\|zvypnkbjlxpgvitizwre\|htqmwmgsasetrdcmjovd\|robjdyrazupdrulfhxpg\|fxjeehtbnvqvuielnaxl\|fcepfnmgblbcahrbznki\|lkwcvinbqyrnqmslphtc\|ssffff
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7fffec69b700 (LWP 6679)]
[New Thread 0x7fffebe9a700 (LWP 6680)]
[New Thread 0x7fffea957700 (LWP 6681)]
dznhsquygfhtcerjdisx
free(): double free detected in tcache 2
Thread 1 "zenity" received signal SIGABRT, Aborted.
0x00007ffff2e7c82f in raise () from /usr/lib/libc.so.6
(gdb) thread apply all bt full
Thread 4 (Thread 0x7fffea957700 (LWP 6681)):
#0 0x00007ffff2f350d1 in poll () at /usr/lib/libc.so.6
#1 0x00007fffeafa4673 in () at /usr/lib/libpulse.so.0
#2 0x00007fffeaf95990 in pa_mainloop_poll () at /usr/lib/libpulse.so.0
#3 0x00007fffeaf95fe0 in pa_mainloop_iterate () at /usr/lib/libpulse.so.0
#4 0x00007fffeaf96091 in pa_mainloop_run () at /usr/lib/libpulse.so.0
#5 0x00007fffeafa45ae in () at /usr/lib/libpulse.so.0
#6 0x00007fffead439fc in () at /usr/lib/pulseaudio/libpulsecommon-12.2.so
#7 0x00007ffff3011a92 in start_thread () at /usr/lib/libpthread.so.0
#8 0x00007ffff2f3fcd3 in clone () at /usr/lib/libc.so.6
Thread 3 (Thread 0x7fffebe9a700 (LWP 6680)):
#0 0x00007ffff2f350d1 in poll () at /usr/lib/libc.so.6
#1 0x00007ffff72ae7c0 in () at /usr/lib/libglib-2.0.so.0
#2 0x00007ffff72af7f2 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#3 0x00007ffff7420648 in () at /usr/lib/libgio-2.0.so.0
#4 0x00007ffff7289f21 in () at /usr/lib/libglib-2.0.so.0
#5 0x00007ffff3011a92 in start_thread () at /usr/lib/libpthread.so.0
#6 0x00007ffff2f3fcd3 in clone () at /usr/lib/libc.so.6
Thread 2 (Thread 0x7fffec69b700 (LWP 6679)):
#0 0x00007ffff2f350d1 in poll () at /usr/lib/libc.so.6
#1 0x00007ffff72ae7c0 in () at /usr/lib/libglib-2.0.so.0
#2 0x00007ffff72ae8ae in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#3 0x00007ffff72ae902 in () at /usr/lib/libglib-2.0.so.0
#4 0x00007ffff7289f21 in () at /usr/lib/libglib-2.0.so.0
#5 0x00007ffff3011a92 in start_thread () at /usr/lib/libpthread.so.0
#6 0x00007ffff2f3fcd3 in clone () at /usr/lib/libc.so.6
Thread 1 (Thread 0x7fffed2e7a00 (LWP 6675)):
#0 0x00007ffff2e7c82f in raise () at /usr/lib/libc.so.6
#1 0x00007ffff2e67672 in abort () at /usr/lib/libc.so.6
#2 0x00007ffff2ebee78 in __libc_message () at /usr/lib/libc.so.6
#3 0x00007ffff2ec578a in () at /usr/lib/libc.so.6
#4 0x00007ffff2ec712d in _int_free () at /usr/lib/libc.so.6
#5 0x00007ffff72801c6 in g_strfreev () at /usr/lib/libglib-2.0.so.0
#6 0x0000555555561c0a in zenity_option_free () at option.c:1087
#7 0x000055555556020b in main (argc=8, argv=0x7fffffffdb18) at main.c:117
results = 0x5555557e6800
retval = 0
__FUNCTION__ = "main"
(gdb)
This issue happens on zenity v3.32.0 and the current master HEAD (cd636315).