GNOME Bugzilla – Bug 648381
Crashes with long words in strings passed to gtk_widget_set_tooltip_text()
Last modified: 2013-07-24 10:25:48 UTC
Created attachment 186430 [details] Example program (by Colin Leroy) that shows the problem The attached example program (by Colin Leroy) passes a string with a long "word" to gtk_widget_set_tooltip_text() which causes a crash when the tooltip is supposed to be shown. (gdb) r --sync Starting program: /home/fk/kram/tooltip-crashes/long_tooltip_crash --sync [New LWP 101212] [New Thread 805407400 (LWP 101212/initial thread)] (long_tooltip_crash:65109): Gdk-WARNING **: Native Windows wider or taller than 65535 pixels are not supported Gdk-ERROR **: The program 'long_tooltip_crash' received an X Window System error. This probably reflects a bug in the program. The error was 'BadAlloc (insufficient resources for operation)'. (Details: serial 725 error_code 11 request_code 53 minor_code 0) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the --sync command line option to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() function.) aborting... Program received signal SIGABRT, Aborted.
+ Trace 226823
Thread 805407400 (LWP 101212/initial thread)
I'm using GTK+ 2.22.1. From the documentation at: http://developer.gimp.org/api/2.0/gtk/GtkWidget.html#gtk-widget-set-tooltip-text the expected behaviour isn't clear. According to the gtk-devel-list@ thread crashing is considered a bug, though, and I happen to agree: http://mail.gnome.org/archives/gtk-devel-list/2011-April/msg00119.html Morten Welinder noted in the same thread that Gnumeric had been affected by this problem in the past. Emmanuel Thomas-Maurin pointed out that the GDK warning is already a sign that the tooltip width has been truncated. The crash seems to indicate that the limit is too high, though. Limiting the width (and height) to 16384 prevents the crashes for me. I previously tried both 32767 and 32767-1 but still got the crashes. I didn't try anything between 16384 and 32767-1 so the actual limit may be higher (and not connected to 2**n). Note that at least in my case the height isn't a problem and I don't know if height and width really do have the same upper limit. If the tooltip text comes from an untrusted source the source can crash the application so this is at least somewhat security-related. From the documentation it isn't clear that (and how) strings passed to gtk_widget_set_tooltip_text() would have to be validated first.
Created attachment 186431 [details] [review] Patch that prevents the crashes for me This is the patch that prevents the crashes for me. As noted in the main comment, the chosen limit happens to work for me but the actual limit may be higher.
Wouldn't it make a lot more sense if tooltips were limited and force-wrapped at the screen width, so you can actually _read_ the text in them?
I agree that this would be even better, but for it to really make "a lot more sense" you would also have to make sure that long tooltips start at the left side of the screen. Currently this doesn't seem to be the case, so just force-wrapping the tooltip to the screen width isn't sufficient to make the whole text readable. Having said that, I think if the tooltip text is wide enough to cause the crash it's rather unlikely that the user is going to completely read it anyway. Therefore I'm not sure optimizing the behaviour in that situation (except for not crashing) is really worth it. An improvement that I think might be worth it, would be to make sure that the beginning of the tooltip is always visible and only the end of the text is truncated. Of course the location of the beginning of the text depends on the language so that, too, sounds like a lot of work for little benefit to me.
Thanks for the bug report. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find. *** This bug has been marked as a duplicate of bug 698758 ***
Review of attachment 186431 [details] [review]: ::: gdk/x11/gdkwindow-x11.c @@ -666,2 +666,3 @@ const char *title; int i; + static const height_and_width_limit = 16384; this could very well be a #define instead of a static variable, e.g.: #define MAX_WINDOW_SIZE (G_MAXUINT16 / 2) it would be nicer if we had an actual value we could get from Xlib, to avoid encoding magic values inside GDK, though. @@ +786,1 @@ + if (private->width > height_and_width_limit) this could be replaced by a simpler: private->width = MIN (private->width, MAX_WINDOW_SIZE); private->height = MIN (private->height, MAX_WINDOW_SIZE);