After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 740613 - XConvertSelection crashes Gtk+ apps
XConvertSelection crashes Gtk+ apps
Status: RESOLVED FIXED
Product: gtk+
Classification: Platform
Component: Backend: X11
3.12.x
Other Linux
: Normal critical
: ---
Assigned To: gtk-bugs
gtk-bugs
: 743115 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2014-11-24 10:41 UTC by Egmont Koblinger
Modified: 2015-01-25 00:53 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
gdb backtrace from gedit crash on paste (2.73 KB, text/plain)
2015-01-21 15:17 UTC, Florian Pelz
Details

Description Egmont Koblinger 2014-11-24 10:41:50 UTC
Forwarded from https://bugs.launchpad.net/ubuntu/+source/gnome-terminal/+bug/1395250

Calling XConvertSelection() in an app crashes whichever Gtk+ app that has the selection.

[The original report is about gnome-terminal, but pretty much any Gtk+ app can be crashed. The original report is on Ubuntu 12.04, but I can also reproduce on 14.10 (Gtk+ 3.12.2).]

Code to trigger the crash:

// gcc -o foo foo.c -lX11 && ./foo
#include <X11/Xlib.h>

int main()
{
  Display* dpy = XOpenDisplay(0);
  Atom selection = XInternAtom(dpy, "PRIMARY", False);
  Atom target = XInternAtom(dpy, "STRING", False);
  Window table = RootWindow(dpy, 0);
  XConvertSelection(dpy, selection, target, None, table, CurrentTime);
  XSync(dpy, 0);
  return 0;
}
Comment 1 Iain Lane 2015-01-19 12:32:08 UTC
Hi (Egmont alerted me to this via the Ubuntu bug)

The patch (732af31) doesn't fix it for me, 3.14.7 which has the patch too or git master. Does it for you?

1. Open gedit
2. Type some text
3. Highlight it using the mouse
4. Run the test program above in a terminal

gedit crashes
Comment 2 Matthias Clasen 2015-01-19 14:08:39 UTC
It did for me, otherwise I wouldn't have closed the bug. Maybe there's something more to fix, then. In any case, the behavior of the code snipplet was considered obsolete at the time the ICCCM was written (a generation ago), so if you find such code in the wild, it is truly behind the times...
Comment 3 Egmont Koblinger 2015-01-19 14:48:00 UTC
Bug 743115 was reported yesterday which is persumably the same.  Supertuxkart (or a library it uses) uses this snippet.

Supertux (or the lib it uses) could/should migrate from the obsolete methods to current ones, that'd be a great workaround.  But as long as that method is not removed for good, Gtk+ should not crash either.
Comment 4 Deve 2015-01-20 11:36:30 UTC
XConvertSelection() function is used also in SDL2 library. It means that it's used by quite a lot games and applications, also commercial.
Comment 5 Matthias Clasen 2015-01-20 16:21:03 UTC
Using XConvertSelection is fine. Whats obsolete is passing None as the third argument.
Comment 6 Deve 2015-01-20 20:46:30 UTC
As I understend create an atom should be fine?

Atom selection = XInternAtom(display, "STK_SELECTION", False);
XConvertSelection (display, X_ATOM_CLIPBOARD, XA_STRING, selection, ownerWindow, CurrentTime);

instead of 

XConvertSelection (display, X_ATOM_CLIPBOARD, XA_STRING, None, ownerWindow, CurrentTime);
Comment 7 Egmont Koblinger 2015-01-21 14:50:35 UTC
*** Bug 743115 has been marked as a duplicate of this bug. ***
Comment 8 Florian Pelz 2015-01-21 15:17:57 UTC
Created attachment 295109 [details]
gdb backtrace from gedit crash on paste

I originally wrote this to the duplicate bug 743115:

Pasting (Ctrl+V) into supertuxkart crashes the application I'm pasting from. It seems to be the same bug discussed here. I've tried with the git version of gtk and still get a crash and this error message:

(gedit:804): Gdk-ERROR **: The program 'gedit' received an X Window System
error.
This probably reflects a bug in the program.
The error was 'BadAtom (invalid Atom parameter)'.
  (Details: serial 5602 error_code 5 request_code 18 (core protocol) minor_code
0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the GDK_SYNCHRONIZE environment
   variable to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
[1]  + trace trap (core dumped)  gedit

Only gedit crashes, not supertuxkart or the terminal. I'm attaching a gdb backtrace from doing what the error message says.