Bug 2253814

Summary: libhandy 1.8.2 has a write after free issue
Product: [Fedora] Fedora Reporter: Tad <tad>
Component: libhandyAssignee: Matthias Clasen <mclasen>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 39CC: amigadave, gnome-sig, klember, mclasen, philip.wyett, rstrode, yaneti
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libhandy-1.8.2-5.fc40 libhandy-1.8.2-5.fc39 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-12-11 00:50:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
valgrind output none

Description Tad 2023-12-10 00:49:11 UTC 
Created attachment 2003526 [details]
valgrind output

Description of problem:
Random terminal server crashing which takes all windows with it

Version-Release number of selected component (if applicable):
gnome-terminal-3.50.1-1.fc39

How reproducible:
Frequent

Steps to Reproduce:
1. Running `dnf update` triggers it frequently

Actual results:
It'll spew errors or crash

Expected results:
Not crash

Additional info:
Attached is a valgrind log
Comment 1 Christian Persch 2023-12-10 11:37:53 UTC 
==34682== Invalid read of size 4
==34682==    at 0x4B0FD12: g_atomic_ref_count_dec (grefcount.c:270)
==34682==    by 0x4B45052: g_variant_unref (gvariant-core.c:792)
==34682==    by 0x557B8CC: UnknownInlinedFun (glib-autocleanups.h:94)
==34682==    by 0x557B8CC: UnknownInlinedFun (glib-autocleanups.h:94)
==34682==    by 0x557B8CC: settings_portal_changed_cb (hdy-settings.c:235)

This is in libhandy, not gnome-terminal's fault.
Comment 2 Tad 2023-12-10 18:24:09 UTC 
Thanks!

It seems libhandy has already reverted the problematic commit:
https://gitlab.gnome.org/GNOME/libhandy/-/commit/314b81a0e3b6bbef7bb22a622ceb86cb068acf51
https://gitlab.gnome.org/GNOME/libhandy/-/issues/469

There just hasn't been a release. Can Fedora pull in that patch?
Comment 3 Kalev Lember 2023-12-10 23:15:46 UTC 
Sure, here you go: https://src.fedoraproject.org/rpms/libhandy/c/02ae471cadae7d72681428c45d05513a706b2173?branch=rawhide
Comment 4 Fedora Update System 2023-12-10 23:19:53 UTC 
FEDORA-2023-2eaa2e4c69 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-2eaa2e4c69
Comment 5 Fedora Update System 2023-12-10 23:24:05 UTC 
FEDORA-2023-b1f08267ea has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-b1f08267ea
Comment 6 Fedora Update System 2023-12-11 00:50:02 UTC 
FEDORA-2023-2eaa2e4c69 has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 7 Fedora Update System 2023-12-11 01:34:41 UTC 
FEDORA-2023-b1f08267ea has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-b1f08267ea`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-b1f08267ea

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 8 Tad 2023-12-11 02:21:06 UTC 
No longer able to reproduce under libhandy-1.8.2-5.fc39 

Thank you!
Comment 9 Fedora Update System 2023-12-19 01:11:50 UTC 
FEDORA-2023-b1f08267ea has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.