1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
Description: Fix crash when exporting the private key.
In ca_on_extractprivatekey1_activate, when calling
gtk_tree_model_get, GLib attempts to assign a guint64 value to a
variable declared gint (CA_MODEL_COLUMN_ID is defined as type
G_TYPE_UINT64 in the tree store). This corrupts the stack and also
invalidates the iter.
.
While investigating this, I noticed that the program happily leaks
GtkTreeIter's. Every time the user selects a certificate from the
tree view, the callback ca_treeview_selection_change invokes
__ca_selection_type which makes a copy of the iter with
gtk_tree_iter_copy. If the user chooses some action from the popup
menu, the toolbar or the main menu, __ca_selection_type is called
once again in the widget's callback function, copying another iter.
AFAICT these are never freed for the lifetime of the program.
.
This is not addressed by the patch as it would require some changes,
but it could be a source of trouble and something to watch out if
bugs like this pop up. According to the GTK+ API documentation,
gtk_tree_iter_copy is not supposed to be used by applications;
GtkTreeIter structs should be copied by value.
Bug-Debian: https://bugs.debian.org/855200
Author: Yavor Doganov <yavor@gnu.org>
Forwarded: gnomint-devel@lists.sourceforge.net
Last-Update: 2018-09-02
---
--- gnomint-1.3.0.orig/src/ca.c
+++ gnomint-1.3.0/src/ca.c
@@ -922,7 +922,7 @@
GObject *widget = NULL;
gchar * filename = NULL;
GtkDialog * dialog = NULL;
- gint id;
+ guint64 id;
gchar * strerror = NULL;
widget = gtk_builder_get_object (main_window_gtkb, "main_window1");
@@ -973,7 +973,7 @@
GObject *widget = NULL;
gchar * filename = NULL;
GtkDialog * dialog = NULL;
- gint id;
+ guint64 id;
gchar * error_msg = NULL;
widget = gtk_builder_get_object (main_window_gtkb, "main_window1");
@@ -1022,7 +1022,7 @@
GObject *widget = NULL;
gchar * filename = NULL;
GtkDialog * dialog = NULL;
- gint id;
+ guint64 id;
gchar *error_msg = NULL;
@@ -1181,7 +1181,7 @@
GtkTreeIter *iter;
gint type;
gchar *filename = NULL;
- gint id;
+ guint64 id;
type = __ca_selection_type (GTK_TREE_VIEW(gtk_builder_get_object (main_window_gtkb, "ca_treeview")), &iter);
@@ -1212,7 +1212,7 @@
GtkTreeIter *iter;
gint type = __ca_selection_type (GTK_TREE_VIEW(gtk_builder_get_object (main_window_gtkb, "ca_treeview")), &iter);
gint response = 0;
- gint id = 0;
+ guint64 id = 0;
if (type == CA_FILE_ELEMENT_TYPE_CSR)
return;
@@ -1267,7 +1267,7 @@
GtkTreeIter *iter;
gint type = __ca_selection_type (GTK_TREE_VIEW(gtk_builder_get_object (main_window_gtkb, "ca_treeview")), &iter);
gint response = 0;
- gint id = 0;
+ guint64 id = 0;
if (type != CA_FILE_ELEMENT_TYPE_CSR)
return;
|