Hello,
just tried to reproduce the stack smashing.
It looks like the variable "gdouble c[3];" in colorb_csok
needs to be a "gdouble c[4];".
Did not find an related upstream ticket, neither in old SF nor at Github.
Also at Github this function was not yet changed, so this should be
forwarded to upstream.
See details below.
Kind regards,
Bernhard
# With a locally rebuild version to get debug information.
(gdb) cont
Continuing.
Hardware watchpoint 2: *0x7fffffffd428
Old value = -1459212032
New value = 0
gtk_color_selection_get_color (colorsel=0x555555992370, color=0x7fffffffd410)
at ./gtk/gtkcolorsel.c:2579
2579 ./gtk/gtkcolorsel.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7ffff7a01c6e <gtk_color_selection_get_color+110>: add $0x8,%rsp
(gdb) bt
#0 0x00007ffff7a01c6e in gtk_color_selection_get_color
(colorsel=0x555555992370, color=0x7fffffffd410) at ./gtk/gtkcolorsel.c:2579
#1 0x00005555555e6cdc in colorb_csok(_GtkWidget*, void*) (b=<optimized out>,
data=0x5555558ec810) at widgetproxy.cc:364
#2 0x00007ffff64f0f6d in g_closure_invoke () at
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#3 0x00007ffff6503d3e in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#4 0x00007ffff650c3f5 in g_signal_emit_valist () at
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#5 0x00007ffff650ce0f in g_signal_emit () at
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#6 0x00007ffff79e7785 in gtk_real_button_released (button=0x5555559564e0) at
./gtk/gtkbutton.c:1712
#7 0x00007ffff64f0f6d in g_closure_invoke () at
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#8 0x00007ffff6503e0e in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#9 0x00007ffff650c3f5 in g_signal_emit_valist () at
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#10 0x00007ffff650ce0f in g_signal_emit () at
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#11 0x00007ffff79e6709 in gtk_button_button_release
(widget=widget@entry=0x5555559564e0, event=<optimized out>) at
./gtk/gtkbutton.c:1604
#12 0x00007ffff7a8c2bb in _gtk_marshal_BOOLEAN__BOXED (closure=0x5555556afa50,
return_value=0x7fffffffdec0, n_param_values=<optimized out>,
param_values=0x7fffffffdf20, invocation_hint=<optimized out>,
marshal_data=<optimized out>) at ./gtk/gtkmarshalers.c:84
#13 0x00007ffff64f0f6d in g_closure_invoke () at
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#14 0x00007ffff6503ac8 in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#15 0x00007ffff650bd8f in g_signal_emit_valist () at
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#16 0x00007ffff650ce0f in g_signal_emit () at
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#17 0x00007ffff7ba227c in gtk_widget_event_internal
(widget=widget@entry=0x5555559564e0, event=event@entry=0x555555a0f560) at
./gtk/gtkwidget.c:5010
#18 0x00007ffff7ba2517 in IA__gtk_widget_event
(widget=widget@entry=0x5555559564e0, event=event@entry=0x555555a0f560) at
./gtk/gtkwidget.c:4807
#19 0x00007ffff7a8a55c in IA__gtk_propagate_event (widget=0x5555559564e0,
event=0x555555a0f560) at ./gtk/gtkmain.c:2503
#20 0x00007ffff7a8a95b in IA__gtk_main_do_event (event=<optimized out>) at
./gtk/gtkmain.c:1698
#21 0x00007ffff770005c in gdk_event_dispatch (source=<optimized out>,
callback=<optimized out>, user_data=<optimized out>) at
./gdk/x11/gdkevents-x11.c:2425
#22 0x00007ffff6215287 in g_main_context_dispatch () at
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x00007ffff62154c0 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007ffff62157d2 in g_main_loop_run () at
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#25 0x00007ffff7a89987 in IA__gtk_main () at ./gtk/gtkmain.c:1270
#26 0x000055555557d854 in main (argc=<optimized out>, argv=<optimized out>) at
main.cc:108
#27 0x00007ffff55b0b17 in __libc_start_main (main=0x55555557d630 <main>,
argc=1, argv=0x7fffffffe578, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffe568)
at ../csu/libc-start.c:310
#28 0x000055555557dfea in _start () at main.cc:97
(gdb)
(gdb) list gtk_color_selection_get_color
2566 void
2567 gtk_color_selection_get_color (GtkColorSelection *colorsel,
2568 gdouble *color)
2569 {
2570 ColorSelectionPrivate *priv;
2571
2572 g_return_if_fail (GTK_IS_COLOR_SELECTION (colorsel));
2573
2574 priv = colorsel->private_data;
2575 color[0] = priv->color[COLORSEL_RED];
2576 color[1] = priv->color[COLORSEL_GREEN];
2577 color[2] = priv->color[COLORSEL_BLUE];
2578 color[3] = priv->has_opacity ? priv->color[COLORSEL_OPACITY] : 65535;
<--- Here we access memory beyond the variable "gdouble c[3];"
2579 }
(gdb) list colorb_csok
358
359 void colorb_csok(GtkWidget *b,gpointer data) {
360 ColorButton *me;
361 me=(ColorButton *)data;
362 gdouble c[3];
363 int v[3];
364
gtk_color_selection_get_color(GTK_COLOR_SELECTION(GTK_COLOR_SELECTION_DIALOG(me->colordlg)->colorsel),c);
365 v[0]=(int)(c[0]*255.0);
366 v[1]=(int)(c[1]*255.0);
367 v[2]=(int)(c[2]*255.0);
368 me->ColorValue=(v[0]<<16)|(v[1]<<8)|v[2];
369 gtk_grab_remove(me->colordlg);
370 gtk_widget_destroy(me->colordlg);
371 me->updateButtonFace();
372 }
https://developer.gnome.org/gtk2/stable/GtkColorSelection.html#gtk-color-selection-get-color
Parameters
...
color: an array of 4 gdouble to fill in with the current color.
