1090433 – [GTK][BUG] win32: add more clipboard data checks to avoid crash

Bug 1090433 - [GTK][BUG] win32: add more clipboard data checks to avoid crash

Summary: [GTK][BUG] win32: add more clipboard data checks to avoid crash

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	mingw-virt-viewer
Sub Component:
Version:	3.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	3.5.0
Assignee:	Marc-Andre Lureau
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	rhev3.5beta 1156165
TreeView+	depends on / blocked

Reported:	2014-04-23 10:29 UTC by Luca Villa
Modified:	2015-02-11 17:43 UTC (History)
CC List:	8 users (show)
Fixed In Version:	mingw-gtk2-2.24.13-8
Doc Type:	Bug Fix
Doc Text:	Previously, If the clipboard is of type image/bmp, and the data is of 0 size, GTK+ will crash. With this update, the data size is checked first, and GTK+ no longer crashes when clipboard is of type image/bmp, and the data is of 0 size.
Clone Of:
Environment:
Last Closed:	2015-02-11 17:43:54 UTC
oVirt Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
GNOME Bugzilla	728745	0	None	None	None	Never
Red Hat Product Errata	RHSA-2015:0197	0	normal	SHIPPED_LIVE	Moderate: rhevm-spice-client security and bug fix update	2015-02-11 22:35:16 UTC

Description Luca Villa 2014-04-23 10:29:12 UTC

Description of problem:
It may happen that the received clipboard data is empty, but
if it's of type image/bmp, gtk+ will crash:

gdk_property_change: 00030AD4 GDK_SELECTION image/bmp REPLACE 8*0 bits:
... delayed rendering
gdk_selection_send_notify_for_display: 00030AD4 CLIPBOARD image/bmp
GDK_SELECTION (no-op)
_gdk_win32_selection_convert_to_dib: 1252003C image/bmp

Program received signal SIGSEGV, Segmentation fault.
0x749a9f40 in msvcrt!memmove () from C:\Windows\syswow64\msvcrt.dll

Thread 1 (Thread 2248.0x1b34):
target=0xc07b) at gdkselection-win32.c:1292
at gdkevents-win32.c:3498
wparam=8, lparam=0) at gdkevents-win32.c:232
message=773, wparam=8, lparam=0)
    at gdkevents-win32.c:263
C:\Windows\syswow64\user32.dll
C:\Users\rugoosse\AppData\Local\virt-viewer\bin\libpangocairo-1.0-0.dll
wparam=0, lparam=-1687549457)
    at gdkevents-win32.c:248
C:\Users\rugoosse\AppData\Local\virt-viewer\bin\libpangocairo-1.0-0.dll

Version-Release number of selected component (if applicable):
rhevm-spice-client-x86-cab-3.3-11.el6_5

How reproducible:
easily

Steps to Reproduce:
On the guest:
1.	Create a screenshot of the desktop in the guest
2.	Copy to clipboard
3.	Close the screenshot dialog
On the Windows client:
4.	Paste in Paint (Windows) => Paint is performing a long task…
5.	Close paint, are you sure to force close => yes (note that during the Paint task the VDI freezes as well)
6.	After paint is closed the VDI responds again, now create new screenshot
On the guest:
7.	Press copy to clipboard and note it freezes

Actual results:
Remote-viewer throw a segmentation fault

Expected results:
No segfault

Additional info:
https://bugzilla.gnome.org/show_bug.cgi?id=728745

Comment 2 Marc-Andre Lureau 2014-04-24 16:00:30 UTC

patch has been accepted upstream, moving to POST

Comment 5 errata-xmlrpc 2015-02-11 17:43:54 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0197.html

Note You need to log in before you can comment on or make changes to this bug.