Source: gtk+3.0
Version: 3.24.49-3
Severity: normal
Tags: upstream patch
Hi,
gdk_monitor_get_refresh_rate() overflows on 32-bit systems, returning
a bogus value. This has been confirmed to crash webkitgtk-based apps
(#1085710).
The problem is in this line from gdk/x11/gdkscreen-x11.c (there are
actually two of them in the file):
refresh_rate = (1000 * xmode->dotClock) / (xmode->hTotal * xmode->vTotal);
xmode->dotClock is an unsigned long (32 bits in i386) so a pixel clock
of e.g. 106500000 will result in an overflow.
I confirmed that using 1000ULL instead of 1000 solves the crash (patch
attached), but in case you prefer to wait for the upstream fix, here's
the issue:
https://gitlab.gnome.org/GNOME/gtk/-/issues/8103
Regards,
Berto
Index: gtk+3.0-3.24.49/gdk/x11/gdkscreen-x11.c
===================================================================
--- gtk+3.0-3.24.49.orig/gdk/x11/gdkscreen-x11.c
+++ gtk+3.0-3.24.49/gdk/x11/gdkscreen-x11.c
@@ -587,7 +587,7 @@ init_randr15 (GdkScreen *screen, gboolea
if (xmode->id == crtc->mode)
{
if (xmode->hTotal != 0 && xmode->vTotal != 0)
- refresh_rate = (1000 * xmode->dotClock) / (xmode->hTotal *
xmode->vTotal);
+ refresh_rate = (1000ULL * xmode->dotClock) /
(xmode->hTotal * xmode->vTotal);
break;
}
}
@@ -837,7 +837,7 @@ init_randr13 (GdkScreen *screen, gboolea
if (xmode->id == crtc->mode)
{
if (xmode->hTotal != 0 && xmode->vTotal != 0)
- refresh_rate = (1000 * xmode->dotClock) / (xmode->hTotal *
xmode->vTotal);
+ refresh_rate = (1000ULL * xmode->dotClock) /
(xmode->hTotal * xmode->vTotal);
break;
}
}
