Bug 780151 – Null-dereference crash when trying to draw a non-existing layout

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 780151 - Null-dereference crash when trying to draw a non-existing layout


Summary:	Null-dereference crash when trying to draw a non-existing layout


Status:	RESOLVED OBSOLETE

Product:	libgnomekbd
Classification:	Core
Component:	Drawing
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	libgnomekbd maintainers
QA Contact:	Sergey V. Udaltsov

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2017-03-16 14:26 UTC by Ori Avtalion
Modified:	2021-07-05 12:33 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Fix a regression after commit 5f260b2b73a3 (Handle XkbGetKeyboard() failing) (3.12 KB, patch) 2017-11-13 12:03 UTC, Antonio Ospite	none	Details \| Review

Description Ori Avtalion 2017-03-16 14:26:27 UTC

Tested on 3.22 and git master.

"gkbd-keyboard-display -l foo" crashes on get_preferred_height_for_width() due to drawing->xkb being NULL.

Comment 1 Antonio Ospite 2017-11-13 12:03:44 UTC

Created attachment 363498 [details] [review]
Fix a regression after commit 5f260b2b73a3 (Handle XkbGetKeyboard() failing)

Passing names with invalid values to
gkbd_keyboard_drawing_set_keyboard() makes the library crash with
a segmentation fault.

This can be reproduced with gkbd-keyboard-display:

-----------------------------------------------------------------------
$ gdb --eval-comman=run --args gkbd-keyboard-display -l "INVALID"
...
Thread 1 "gkbd-keyboard-d" received signal SIGSEGV, Segmentation fault.
0x00007ffff54dec2e in get_preferred_height_for_width (...)
    at gkbd-keyboard-drawing.c:2147
2147		    drawing->xkb->geom->width_mm;
-----------------------------------------------------------------------

The same issue could be reproduced also with the test programs:

  $ ./test/gkbd-keyboard-drawing-test --geometry="INVALID"
  $ ./test/python_test.py "INVALID"

The spirit of commit 5f260b2b73a3 seems to be: let's not fail
prematurely in gkbd_keyboard_drawing_init() because it could still be
possible to get the XKeyboard in gkbd_keyboard_drawing_set_keyboard().

However in the implementation gkbd_keyboard_drawing_set_keyboard() ends
up returning always TRUE, unconditionally, even when calling
XkbGetKeyboard() fails there too.

Fix the issue by returning FALSE in gkbd_keyboard_drawing_set_keyboard()
when no keyboard was found, at that point there should really not be any
chances anymore to get the keyboard the user asked for.

While at it also remove the initalization of drawing->xkb in
gkbd_keyboard_drawing_set_keyboard() which is not needed and might hide
future bugs.

Comment 2 Sebastien Bacher 2018-11-08 15:42:14 UTC

That bug is often hit, see https://bugzilla.redhat.com/show_bug.cgi?id=1572234 or https://bugs.launchpad.net/ubuntu/+source/libgnomekbd/+bug/1721893

(the ubuntu reports are from "gkbd-keyboard-display -l default" calls which seem to be coming from g-c-c in some cases)

Comment 3 GNOME Infrastructure Team 2021-07-05 12:33:49 UTC

GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org.
As part of that, we are mass-closing older open tickets in bugzilla.gnome.org
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).

If you can still reproduce the situation described in this ticket in a recent
and supported software version, then please follow
  https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines
and create a new ticket at
  https://gitlab.gnome.org/GNOME/libgnomekbd/-/issues/

Thank you for your understanding and your help.