Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1090433 - [GTK][BUG] win32: add more clipboard data checks to avoid crash
Summary: [GTK][BUG] win32: add more clipboard data checks to avoid crash
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: mingw-virt-viewer
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 3.5.0
Assignee: Marc-Andre Lureau
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks: rhev3.5beta 1156165
TreeView+ depends on / blocked
 
Reported: 2014-04-23 10:29 UTC by Luca Villa
Modified: 2015-02-11 17:43 UTC (History)
8 users (show)

Fixed In Version: mingw-gtk2-2.24.13-8
Doc Type: Bug Fix
Doc Text:
Previously, If the clipboard is of type image/bmp, and the data is of 0 size, GTK+ will crash. With this update, the data size is checked first, and GTK+ no longer crashes when clipboard is of type image/bmp, and the data is of 0 size.
Clone Of:
Environment:
Last Closed: 2015-02-11 17:43:54 UTC
oVirt Team: ---
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0197 normal SHIPPED_LIVE Moderate: rhevm-spice-client security and bug fix update 2015-02-11 22:35:16 UTC
GNOME Bugzilla 728745 None None None Never

Description Luca Villa 2014-04-23 10:29:12 UTC
Description of problem:
It may happen that the received clipboard data is empty, but
if it's of type image/bmp, gtk+ will crash:

gdk_property_change: 00030AD4 GDK_SELECTION image/bmp REPLACE 8*0 bits:
... delayed rendering
gdk_selection_send_notify_for_display: 00030AD4 CLIPBOARD image/bmp
GDK_SELECTION (no-op)
_gdk_win32_selection_convert_to_dib: 1252003C image/bmp

Program received signal SIGSEGV, Segmentation fault.
0x749a9f40 in msvcrt!memmove () from C:\Windows\syswow64\msvcrt.dll

Thread 1 (Thread 2248.0x1b34):
target=0xc07b) at gdkselection-win32.c:1292
at gdkevents-win32.c:3498
wparam=8, lparam=0) at gdkevents-win32.c:232
message=773, wparam=8, lparam=0)
    at gdkevents-win32.c:263
C:\Windows\syswow64\user32.dll
C:\Users\rugoosse\AppData\Local\virt-viewer\bin\libpangocairo-1.0-0.dll
wparam=0, lparam=-1687549457)
    at gdkevents-win32.c:248
C:\Users\rugoosse\AppData\Local\virt-viewer\bin\libpangocairo-1.0-0.dll

Version-Release number of selected component (if applicable):
rhevm-spice-client-x86-cab-3.3-11.el6_5

How reproducible:
easily

Steps to Reproduce:
On the guest:
1.	Create a screenshot of the desktop in the guest
2.	Copy to clipboard
3.	Close the screenshot dialog
On the Windows client:
4.	Paste in Paint (Windows) => Paint is performing a long task…
5.	Close paint, are you sure to force close => yes (note that during the Paint task the VDI freezes as well)
6.	After paint is closed the VDI responds again, now create new screenshot
On the guest:
7.	Press copy to clipboard and note it freezes

Actual results:
Remote-viewer throw a segmentation fault

Expected results:
No segfault

Additional info:
https://bugzilla.gnome.org/show_bug.cgi?id=728745

Comment 2 Marc-Andre Lureau 2014-04-24 16:00:30 UTC
patch has been accepted upstream, moving to POST

Comment 5 errata-xmlrpc 2015-02-11 17:43:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0197.html


Note You need to log in before you can comment on or make changes to this bug.