Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1090433 - [GTK][BUG] win32: add more clipboard data checks to avoid crash
[GTK][BUG] win32: add more clipboard data checks to avoid crash
Status: CLOSED ERRATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: mingw-virt-viewer (Show other bugs)
3.3.0
Unspecified Unspecified
high Severity high
: ---
: 3.5.0
Assigned To: Marc-Andre Lureau
Desktop QE
: Upstream
Depends On:
Blocks: rhev3.5beta 1156165
  Show dependency treegraph
 
Reported: 2014-04-23 06:29 EDT by Luca Villa
Modified: 2015-02-11 12:43 EST (History)
8 users (show)

See Also:
Fixed In Version: mingw-gtk2-2.24.13-8
Doc Type: Bug Fix
Doc Text:
Previously, If the clipboard is of type image/bmp, and the data is of 0 size, GTK+ will crash. With this update, the data size is checked first, and GTK+ no longer crashes when clipboard is of type image/bmp, and the data is of 0 size.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-02-11 12:43:54 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Bugzilla 728745 None None None Never
Red Hat Product Errata RHSA-2015:0197 normal SHIPPED_LIVE Moderate: rhevm-spice-client security and bug fix update 2015-02-11 17:35:16 EST

  None (edit)
Description Luca Villa 2014-04-23 06:29:12 EDT 
Description of problem:
It may happen that the received clipboard data is empty, but
if it's of type image/bmp, gtk+ will crash:

gdk_property_change: 00030AD4 GDK_SELECTION image/bmp REPLACE 8*0 bits:
... delayed rendering
gdk_selection_send_notify_for_display: 00030AD4 CLIPBOARD image/bmp
GDK_SELECTION (no-op)
_gdk_win32_selection_convert_to_dib: 1252003C image/bmp

Program received signal SIGSEGV, Segmentation fault.
0x749a9f40 in msvcrt!memmove () from C:\Windows\syswow64\msvcrt.dll

Thread 1 (Thread 2248.0x1b34):
target=0xc07b) at gdkselection-win32.c:1292
at gdkevents-win32.c:3498
wparam=8, lparam=0) at gdkevents-win32.c:232
message=773, wparam=8, lparam=0)
    at gdkevents-win32.c:263
C:\Windows\syswow64\user32.dll
C:\Users\rugoosse\AppData\Local\virt-viewer\bin\libpangocairo-1.0-0.dll
wparam=0, lparam=-1687549457)
    at gdkevents-win32.c:248
C:\Users\rugoosse\AppData\Local\virt-viewer\bin\libpangocairo-1.0-0.dll

Version-Release number of selected component (if applicable):
rhevm-spice-client-x86-cab-3.3-11.el6_5

How reproducible:
easily

Steps to Reproduce:
On the guest:
1.	Create a screenshot of the desktop in the guest
2.	Copy to clipboard
3.	Close the screenshot dialog
On the Windows client:
4.	Paste in Paint (Windows) => Paint is performing a long task…
5.	Close paint, are you sure to force close => yes (note that during the Paint task the VDI freezes as well)
6.	After paint is closed the VDI responds again, now create new screenshot
On the guest:
7.	Press copy to clipboard and note it freezes

Actual results:
Remote-viewer throw a segmentation fault

Expected results:
No segfault

Additional info:
https://bugzilla.gnome.org/show_bug.cgi?id=728745
Comment 2 Marc-Andre Lureau 2014-04-24 12:00:30 EDT 
patch has been accepted upstream, moving to POST
Comment 5 errata-xmlrpc 2015-02-11 12:43:54 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0197.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.