GNOME Bugzilla – Bug 766227
Renaming a file in a password-protected archive causes the file to be removed
Last modified: 2016-09-18 07:04:37 UTC
Steps to reproduce: 1. Create a new archive foo.zip, and set a password in "Other Options" 2. Add at least one file to the archive and close file-roller 3. Open file-roller and then open foo.zip 4. Select a file and rename it (F2 or right-click and then Rename…, selecting a valid filename) 5. Enter the password in the dialogue and see that the file is removed
While investigating this, Valgrind was very helpful in pointing to the problematic code: ==15178== Invalid read of size 1 ==15178== at 0x73E44F2: g_build_path_va (gfileutils.c:1682) ==15178== by 0x73E56C7: g_build_filename (gfileutils.c:1995) ==15178== by 0x424290: fr_command_rename (fr-command.c:2550) ==15178== by 0x43F23D: rename_selection (fr-window.c:8206) ==15178== by 0x447F70: fr_window_exec_batch_action.isra.52 (fr-window.c:9496) ==15178== by 0x41706C: ask_password__response_cb (dlg-ask-password.c:79) ==15178== by 0x716F92A: g_cclosure_marshal_VOID__ENUMv (gmarshal.c:1496) ==15178== by 0x716D746: _g_closure_invoke_va (gclosure.c:867) ==15178== by 0x7187653: g_signal_emit_valist (gsignal.c:3294) ==15178== by 0x7187D81: g_signal_emit (gsignal.c:3441) ==15178== by 0x716D746: _g_closure_invoke_va (gclosure.c:867) ==15178== by 0x7187653: g_signal_emit_valist (gsignal.c:3294) ==15178== by 0x7187D81: g_signal_emit (gsignal.c:3441) ==15178== by 0x515FF2D: button_activate_timeout (gtkbutton.c:1982) ==15178== by 0x59340AA: gdk_threads_dispatch (gdk.c:720) ==15178== by 0x73F8522: g_timeout_dispatch (gmain.c:4577) ==15178== by 0x73F7AED: g_main_dispatch (gmain.c:3154) ==15178== by 0x73F7AED: g_main_context_dispatch (gmain.c:3769) ==15178== by 0x73F7E67: g_main_context_iterate.isra.29 (gmain.c:3840) ==15178== by 0x73F7F0B: g_main_context_iteration (gmain.c:3901) ==15178== by 0x6E86D3C: g_application_run (gapplication.c:2381) ==15178== Address 0x14f79ec1 is 1 bytes inside a block of size 2 free'd ==15178== at 0x4C2ED4A: free (vg_replace_malloc.c:530) ==15178== by 0x43C01B: rename_data_free (fr-window.c:8146) ==15178== by 0x43F14C: fr_window_reset_current_action (fr-window.c:9598) ==15178== by 0x43F14C: fr_window_set_current_action (fr-window.c:9583) ==15178== by 0x43F14C: rename_selection (fr-window.c:8187) ==15178== by 0x447F70: fr_window_exec_batch_action.isra.52 (fr-window.c:9496) ==15178== by 0x41706C: ask_password__response_cb (dlg-ask-password.c:79) ==15178== by 0x716F92A: g_cclosure_marshal_VOID__ENUMv (gmarshal.c:1496) ==15178== by 0x716D746: _g_closure_invoke_va (gclosure.c:867) ==15178== by 0x7187653: g_signal_emit_valist (gsignal.c:3294) ==15178== by 0x7187D81: g_signal_emit (gsignal.c:3441) ==15178== by 0x716D746: _g_closure_invoke_va (gclosure.c:867) ==15178== by 0x7187653: g_signal_emit_valist (gsignal.c:3294) ==15178== by 0x7187D81: g_signal_emit (gsignal.c:3441) ==15178== by 0x515FF2D: button_activate_timeout (gtkbutton.c:1982) ==15178== by 0x59340AA: gdk_threads_dispatch (gdk.c:720) ==15178== by 0x73F8522: g_timeout_dispatch (gmain.c:4577) ==15178== by 0x73F7AED: g_main_dispatch (gmain.c:3154) ==15178== by 0x73F7AED: g_main_context_dispatch (gmain.c:3769) ==15178== by 0x73F7E67: g_main_context_iterate.isra.29 (gmain.c:3840) ==15178== by 0x73F7F0B: g_main_context_iteration (gmain.c:3901) ==15178== by 0x6E86D3C: g_application_run (gapplication.c:2381) ==15178== by 0x414FB5: main (main.c:38) ==15178== Block was alloc'd at ==15178== at 0x4C2DB9D: malloc (vg_replace_malloc.c:299) ==15178== by 0x73FD038: g_malloc (gmem.c:94) ==15178== by 0x741520E: g_strdup (gstrfuncs.c:363) ==15178== by 0x43F102: rename_data_new (fr-window.c:8128) ==15178== by 0x43F102: rename_selection (fr-window.c:8180) ==15178== by 0x444A8A: fr_window_rename_selection (fr-window.c:8404) ==15178== by 0x716D517: g_closure_invoke (gclosure.c:804) ==15178== by 0x717ED91: signal_emit_unlocked_R (gsignal.c:3629) ==15178== by 0x718796A: g_signal_emit_valist (gsignal.c:3385) ==15178== by 0x7187D81: g_signal_emit (gsignal.c:3441) ==15178== by 0x6E8E7E4: g_simple_action_activate (gsimpleaction.c:225) ==15178== by 0x5255A13: _gtk_marshal_BOOLEAN__OBJECT_UINT_FLAGS (gtkmarshalers.c:709) ==15178== by 0x716D517: g_closure_invoke (gclosure.c:804) ==15178== by 0x717ED91: signal_emit_unlocked_R (gsignal.c:3629) ==15178== by 0x71873E9: g_signal_emit_valist (gsignal.c:3395) ==15178== by 0x7187D81: g_signal_emit (gsignal.c:3441) ==15178== by 0x513625E: gtk_accel_group_activate (gtkaccelgroup.c:910) ==15178== by 0x5137A9C: gtk_accel_groups_activate (gtkaccelgroup.c:948) ==15178== by 0x53B08C9: gtk_window_activate_key (gtkwindow.c:11769) ==15178== by 0x53B0A00: gtk_window_key_press_event (gtkwindow.c:7953) ==15178== by 0x5254D2B: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:86)
Created attachment 327587 [details] [review] fic renaming by avoiding the invalid read
patch pushed to master, thank you.