Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1090433

Summary: [GTK][BUG] win32: add more clipboard data checks to avoid crash
Product: Red Hat Enterprise Virtualization Manager Reporter: Luca Villa <luvilla>
Component: mingw-virt-viewerAssignee: Marc-Andre Lureau <marcandre.lureau>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: high    
Version: 3.3.0CC: cfergeau, gklein, juwu, marcandre.lureau, michele, mkrcmari, rbalakri, yeylon
Target Milestone: ---Keywords: Upstream
Target Release: 3.5.0   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: mingw-gtk2-2.24.13-8 Doc Type: Bug Fix
Doc Text:
Previously, If the clipboard is of type image/bmp, and the data is of 0 size, GTK+ will crash. With this update, the data size is checked first, and GTK+ no longer crashes when clipboard is of type image/bmp, and the data is of 0 size.
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-11 17:43:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1142923, 1156165    

Description Luca Villa 2014-04-23 10:29:12 UTC
Description of problem:
It may happen that the received clipboard data is empty, but
if it's of type image/bmp, gtk+ will crash:

gdk_property_change: 00030AD4 GDK_SELECTION image/bmp REPLACE 8*0 bits:
... delayed rendering
gdk_selection_send_notify_for_display: 00030AD4 CLIPBOARD image/bmp
_gdk_win32_selection_convert_to_dib: 1252003C image/bmp

Program received signal SIGSEGV, Segmentation fault.
0x749a9f40 in msvcrt!memmove () from C:\Windows\syswow64\msvcrt.dll

Thread 1 (Thread 2248.0x1b34):
target=0xc07b) at gdkselection-win32.c:1292
at gdkevents-win32.c:3498
wparam=8, lparam=0) at gdkevents-win32.c:232
message=773, wparam=8, lparam=0)
    at gdkevents-win32.c:263
wparam=0, lparam=-1687549457)
    at gdkevents-win32.c:248

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
On the guest:
1.	Create a screenshot of the desktop in the guest
2.	Copy to clipboard
3.	Close the screenshot dialog
On the Windows client:
4.	Paste in Paint (Windows) => Paint is performing a long taskā€¦
5.	Close paint, are you sure to force close => yes (note that during the Paint task the VDI freezes as well)
6.	After paint is closed the VDI responds again, now create new screenshot
On the guest:
7.	Press copy to clipboard and note it freezes

Actual results:
Remote-viewer throw a segmentation fault

Expected results:
No segfault

Additional info:

Comment 2 Marc-Andre Lureau 2014-04-24 16:00:30 UTC
patch has been accepted upstream, moving to POST

Comment 5 errata-xmlrpc 2015-02-11 17:43:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.