After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 771680 - segfaults if drag and drop event received from some other software
segfaults if drag and drop event received from some other software
Status: RESOLVED FIXED
Product: gnome-calendar
Classification: Applications
Component: General
3.21.x
Other Linux
: Normal critical
: 3.26
Assigned To: GNOME Calendar maintainers
GNOME Calendar maintainers
Depends on:
Blocks:
 
 
Reported: 2016-09-20 02:48 UTC by Mohammed Sadiq
Modified: 2017-04-17 18:20 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
month-view: return if dnd item isn't an event (1.11 KB, patch)
2016-09-21 03:54 UTC, Mohammed Sadiq 		none Details | Review
month-view: return if dnd item isn't an event (1.12 KB, patch)
2016-09-21 03:57 UTC, Mohammed Sadiq 		none Details | Review
month-view: return if dnd item isn't an event (1.10 KB, patch)
2016-09-21 04:43 UTC, Mohammed Sadiq 		none Details | Review
views: protect against invalid drop (1.49 KB, patch)
2016-09-28 01:41 UTC, Georges Basile Stavracas Neto 		committed Details | Review

Description Mohammed Sadiq 2016-09-20 02:48:32 UTC 
If Calendar receives some drag and drop event from some other application (say, a file from nautilus is DnD to some cell in Calendar), Calendar segfaults.
Comment 1 Mohammed Sadiq 2016-09-21 03:54:31 UTC 
Created attachment 335962 [details] [review]
month-view: return if dnd item isn't an event

On month view, dnd received from an application other than
gnome-calendar leads to segfault.

This is because, gnome-calendar does not check if the received event
is a valid GCAL_EVENT_WIDGET.

This commit checks if the received event is a true GCAL_EVENT_WIDGET
and fails otherwise.
Comment 2 Mohammed Sadiq 2016-09-21 03:57:05 UTC 
Created attachment 335963 [details] [review]
month-view: return if dnd item isn't an event

On month view, dnd received from an application other than
gnome-calendar leads to segfault.

This is because, gnome-calendar does not check if the received event
is from a valid GCAL_EVENT_WIDGET.

This commit checks if the received event is from a true GCAL_EVENT_WIDGET
and fails otherwise.

(fix commit message in last patch)
Comment 3 Georges Basile Stavracas Neto 2016-09-21 04:21:10 UTC 
Review of attachment 335963 [details] [review]:

The code fails too aggressively - a simple check is ok for now. In the future, we'll handle ICS files being DnD'ed.

Also, nice commit message!

::: src/gcal-month-view.c
@@ +868,3 @@
   GTimeSpan timespan = 0;
 
+  g_return_if_fail (GCAL_IS_EVENT_WIDGET (event_widget));

Failing here is a long shot. For now, we can silently cancel with:
 
if (!GCAL_IS_EVENT_WIDGET(widget))
    return;
Comment 4 Mohammed Sadiq 2016-09-21 04:43:24 UTC 
Created attachment 335964 [details] [review]
month-view: return if dnd item isn't an event

On month view, dnd received from an application other than
gnome-calendar leads to segfault.

This is because, gnome-calendar does not check if the received event
is from a valid GCAL_EVENT_WIDGET.

This commit checks if the received event is from a true GCAL_EVENT_WIDGET
and return otherwise.
Comment 5 Georges Basile Stavracas Neto 2016-09-28 01:41:51 UTC 
Created attachment 336402 [details] [review]
views: protect against invalid drop

If the user tries to drop a e.g. file, GNOME Calendar crashes
immediately.

While the desired behavior would be checking if that's an ics file,
lets just not crash for now.
Comment 6 Georges Basile Stavracas Neto 2016-09-28 01:42:38 UTC 
Thanks for your fix! I merged your code with a fix for Year view too, and pushed.

Attachment 336402 [details] pushed as 8187399 - views: protect against invalid drop