[Wayland-bugs] [Bug 786420] New: [gnome-terminal] crash on touch event (NULL deref)

gtk+ (GNOME Bugzilla) bugzilla at gnome.org
Thu Aug 17 11:37:13 UTC 2017 

https://bugzilla.gnome.org/show_bug.cgi?id=786420

            Bug ID: 786420
           Summary: [gnome-terminal] crash on touch event (NULL deref)
    Classification: Platform
           Product: gtk+
           Version: 3.22.x
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: Normal
         Component: Backend: Wayland
          Assignee: gtk-bugs at gtk.org
          Reporter: chpe at gnome.org
        QA Contact: gtk-bugs at gtk.org
                CC: rob at robster.org.uk, wayland-bugs at lists.freedesktop.org
     GNOME version: ---

>From https://bugzilla.redhat.com/show_bug.cgi?id=1482059.

@touch is NULL in #0, and it's dereferenced.

Program terminated with signal SIGSEGV, Segmentation fault.
#0  _create_touch_event (seat=seat at entry=0x555cfa6c4020, touch=touch at entry=0x0,
evtype=evtype at entry=GDK_TOUCH_END, time=time at entry=104160567) at
gdkdevice-wayland.c:2318
2318      event->touch.window = g_object_ref (touch->window);
[Current thread is 1 (Thread 0x7fcbb5725a80 (LWP 2863))]

Thread 1 (Thread 0x7fcbb5725a80 (LWP 2863)):
#0  _create_touch_event (seat=seat at entry=0x555cfa6c4020, touch=touch at entry=0x0,
evtype=evtype at entry=GDK_TOUCH_END, time=time at entry=104160567) at
gdkdevice-wayland.c:2318
        display = 0x555cfa6ad040
        x_root = 0
        y_root = 0
        event = <optimized out>
#1  0x00007fcbb4283413 in touch_handle_up (data=0x555cfa6c4020,
wl_touch=<optimized out>, serial=<optimized out>, time=104160567, id=0) at
gdkdevice-wayland.c:2437
        seat = 0x555cfa6c4020
        display = <optimized out>
        touch = 0x0
        event = <optimized out>
        __func__ = "touch_handle_up"
#2  0x00007fcbabbdfbde in ffi_call_unix64 () at ../src/x86/unix64.S:76
No locals.
#3  0x00007fcbabbdf54f in ffi_call (cif=cif at entry=0x7fff21d0f9e0, fn=<optimized
out>, rvalue=<optimized out>, rvalue at entry=0x0,
avalue=avalue at entry=0x7fff21d0fab0) at ../src/x86/ffi64.c:525
        classes = {X86_64_INTEGERSI_CLASS, 21852, 2916165796, 32715}
        stack = <optimized out>
        argp = <optimized out>
        arg_types = <optimized out>
        gprcount = 5
        ssecount = <optimized out>
        ngpr = 1
        nsse = 0
        i = <optimized out>
        avn = <optimized out>
        ret_in_memory = <optimized out>
        reg_args = <optimized out>
#4  0x00007fcbadd10dd4 in wl_closure_invoke
(closure=closure at entry=0x555cfb37fe10, flags=flags at entry=1, target=<optimized
out>, target at entry=0x555cfa6eb470, opcode=opcode at entry=1, data=<optimized out>)
at src/connection.c:935
        count = <optimized out>
        cif = {abi = FFI_UNIX64, nargs = 5, arg_types = 0x7fff21d0fa00, rtype =
0x7fcbabbdffd0 <ffi_type_void>, bytes = 0, flags = 0}
        ffi_types = {0x7fcbabbdfeb0 <ffi_type_pointer>, 0x7fcbabbdfeb0
<ffi_type_pointer>, 0x7fcbabbdff30 <ffi_type_uint32>, 0x7fcbabbdff30
<ffi_type_uint32>, 0x7fcbabbdff10 <ffi_type_sint32>, 0x7fcbadd114d1
<wl_os_recvmsg_cloexec+33>, 0x555cfa71b5e0, 0x555cfa6a2540, 0x555c0000000f,
0x7fff21d0fa70, 0x555cfa6a8000, 0x0, 0x7fcbb428d400 <gdk_event_source_check>,
0x7fcbadd0f7fa <wl_connection_read+234>, 0x0, 0x555c00000000, 0x7fff21d0fab0,
0xb4c5533e2f0bf000, 0x7fff21d0fad0, 0x7fcbb1d20ae0 <main_arena>, 0xe4, 0x14}
        ffi_args = {0x7fff21d0f9d0, 0x7fff21d0f9d8, 0x555cfb37fe28,
0x555cfb37fe30, 0x555cfb37fe38, 0x3, 0x0, 0x7fcbadd106cb
<wl_connection_demarshal+379>, 0x555cfb37fef4, 0x555cfa6a8000, 0x555cfb37fee0,
0x555cfb37fe10, 0xb, 0x555cfa6a25b8, 0x7fff21d0fb4c, 0x7fcbadd10b10
<wl_closure_lookup_objects+176>, 0x7fcbadf14bb8 <wl_touch_events+24>,
0x555cfa6a25b8, 0x7fcbadf14bb8 <wl_touch_events+24>, 0x555cfbeab8c0, 0x69,
0xb4c5533e2f0bf000}
        implementation = <optimized out>
#5  0x00007fcbadd0d998 in dispatch_event (display=display at entry=0x555cfa6a2540,
queue=<optimized out>) at src/wayland-client.c:1310
        closure = 0x555cfb37fe10
        proxy = 0x555cfa6eb470
        opcode = 1
        proxy_destroyed = <optimized out>
#6  0x00007fcbadd0ec54 in dispatch_queue (queue=0x555cfa6a2608,
display=0x555cfa6a2540) at src/wayland-client.c:1456
        count = 0
#7  wl_display_dispatch_queue_pending (display=0x555cfa6a2540,
queue=0x555cfa6a2608) at src/wayland-client.c:1698
No locals.
#8  0x00007fcbadd0ecac in wl_display_dispatch_pending (display=<optimized out>)
at src/wayland-client.c:1761
No locals.

gtk+ version appears to be gtk3-3.22.17-2.fc26.x86_64.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/wayland-bugs/attachments/20170817/adcf22f7/attachment-0001.html>

More information about the wayland-bugs mailing list