Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: mut...@packages.debian.org Control: affects -1 + src:mutter
Please unblock package mutter [ Reason ] Fix a crash when plugging in a Lenovo Thunderbolt dock (#1031847) [ Impact ] Desktop environment crash when connecting certain Thunderbolt docks (maybe also monitors) that have an invalid ICC profile in their EDID data [ Tests ] Bug reporter confirmed that an earlier test-build of the patched package resolves their crash. The uploaded version is functionally very similar, but logs an error message instead of crashing in a related "can't happen" situation, as requested in the upstream merge request. I've installed it on my laptop and it works normally, but I don't have the necessary hardware to reproduce the crash. [ Risks ] This is a highly visible component of our default desktop environment, but the change is straightforward. If it introduces a bug, the bug should be minor (a memory leak, once per device connected). [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock mutter/43.3-4
diffstat for mutter-43.3 mutter-43.3 debian/changelog | 10 ++ debian/patches/color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch | 47 ++++++++++ debian/patches/color-device-Make-sure-lcms_context-is-not-NULL.patch | 44 +++++++++ debian/patches/series | 2 src/backends/meta-color-device.c | 17 ++- 5 files changed, 114 insertions(+), 6 deletions(-) diff -Nru mutter-43.3/debian/changelog mutter-43.3/debian/changelog --- mutter-43.3/debian/changelog 2023-02-18 18:44:12.000000000 +0000 +++ mutter-43.3/debian/changelog 2023-03-02 08:50:50.000000000 +0000 @@ -1,3 +1,13 @@ +mutter (43.3-4) unstable; urgency=medium + + * Team upload + * d/p/color-device-Make-sure-lcms_context-is-not-NULL.patch, + d/p/color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch: + Fix a double-free when loading the ICC profile from a device's EDID + fails (Closes: #1031847) + + -- Simon McVittie <s...@debian.org> Thu, 02 Mar 2023 08:50:50 +0000 + mutter (43.3-3) unstable; urgency=medium * Team upload diff -Nru mutter-43.3/debian/patches/color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch mutter-43.3/debian/patches/color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch --- mutter-43.3/debian/patches/color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch 1970-01-01 01:00:00.000000000 +0100 +++ mutter-43.3/debian/patches/color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch 2023-03-02 08:50:50.000000000 +0000 @@ -0,0 +1,47 @@ +From: Simon McVittie <s...@debian.org> +Date: Wed, 1 Mar 2023 10:12:12 +0000 +Subject: color-device: Don't close lcms profile on error from + cd_icc_load_handle + +As implemented in colord 1.4.6, cd_icc_load_handle() has three possible +results: + +1. success, taking ownership of the profile; +2. failure because cmsGetProfileContextID returns NULL, *not* taking + ownership of the profile; +3. failure in cd_icc_load(), taking ownership of the profile. + +The previous commit ensures that we are not in case 2. + +In case 3 where cd_icc_load() fails, ownership was already given to +the colord CdIcc object, so it will be freed when the g_autoptr unrefs +the CdIcc, and we must not free it again: that would be a double-free, +potentially resulting in memory corruption. + +Bug: https://gitlab.gnome.org/GNOME/mutter/-/issues/2659 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031847 +Signed-off-by: Simon McVittie <s...@debian.org> +Forwarded: https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2877 +--- + src/backends/meta-color-device.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/src/backends/meta-color-device.c b/src/backends/meta-color-device.c +index ea3b9de..bb87f48 100644 +--- a/src/backends/meta-color-device.c ++++ b/src/backends/meta-color-device.c +@@ -890,12 +890,9 @@ create_icc_profile_from_edid (MetaColorDevice *color_device, + cmsSetHeaderRenderingIntent (lcms_profile, INTENT_PERCEPTUAL); + cmsSetDeviceClass (lcms_profile, cmsSigDisplayClass); + +- if (!cd_icc_load_handle (cd_icc, lcms_profile, ++ if (!cd_icc_load_handle (cd_icc, g_steal_pointer (&lcms_profile), + CD_ICC_LOAD_FLAGS_PRIMARIES, error)) +- { +- cmsCloseProfile (lcms_profile); +- return NULL; +- } ++ return NULL; + + cd_icc_add_metadata (cd_icc, CD_PROFILE_PROPERTY_FILENAME, file_path); + cd_icc_add_metadata (cd_icc, diff -Nru mutter-43.3/debian/patches/color-device-Make-sure-lcms_context-is-not-NULL.patch mutter-43.3/debian/patches/color-device-Make-sure-lcms_context-is-not-NULL.patch --- mutter-43.3/debian/patches/color-device-Make-sure-lcms_context-is-not-NULL.patch 1970-01-01 01:00:00.000000000 +0100 +++ mutter-43.3/debian/patches/color-device-Make-sure-lcms_context-is-not-NULL.patch 2023-03-02 08:50:50.000000000 +0000 @@ -0,0 +1,44 @@ +From: Simon McVittie <s...@debian.org> +Date: Wed, 1 Mar 2023 10:12:03 +0000 +Subject: color-device: Make sure lcms_context is not NULL + +lcms interprets a NULL context as using a default, non-thread-safe +context, which is unsuitable for mutter's use. Make sure we're always +using a non-trivial context. + +Bug: https://gitlab.gnome.org/GNOME/mutter/-/issues/2659 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031847 +Signed-off-by: Simon McVittie <s...@debian.org> +Forwarded: https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2877 +--- + src/backends/meta-color-device.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/backends/meta-color-device.c b/src/backends/meta-color-device.c +index c0a98a4..ea3b9de 100644 +--- a/src/backends/meta-color-device.c ++++ b/src/backends/meta-color-device.c +@@ -846,6 +846,15 @@ create_icc_profile_from_edid (MetaColorDevice *color_device, + return NULL; + } + ++ lcms_context = meta_color_manager_get_lcms_context (color_manager); ++ ++ if (!lcms_context) ++ { ++ g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, ++ "Internal error: no LCMS context available"); ++ return NULL; ++ } ++ + cd_icc = cd_icc_new (); + + chroma.Red.x = edid_info->red_x; +@@ -863,7 +872,6 @@ create_icc_profile_from_edid (MetaColorDevice *color_device, + transfer_curve[1] = transfer_curve[0]; + transfer_curve[2] = transfer_curve[0]; + +- lcms_context = meta_color_manager_get_lcms_context (color_manager); + lcms_profile = cmsCreateRGBProfileTHR (lcms_context, + &white_point, + &chroma, diff -Nru mutter-43.3/debian/patches/series mutter-43.3/debian/patches/series --- mutter-43.3/debian/patches/series 2023-02-18 18:44:12.000000000 +0000 +++ mutter-43.3/debian/patches/series 2023-03-02 08:50:50.000000000 +0000 @@ -1,4 +1,6 @@ x11-Avoid-updating-focus-on-wayland-compositor.patch +color-device-Make-sure-lcms_context-is-not-NULL.patch +color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch wayland-Don-t-overwrite-surface-offsets.patch tests-Break-up-stacking-installed-tests-into-more-smaller.patch meson-add-back-default_driver-option.patch diff -Nru mutter-43.3/src/backends/meta-color-device.c mutter-43.3/src/backends/meta-color-device.c --- mutter-43.3/src/backends/meta-color-device.c 2023-02-13 18:12:26.000000000 +0000 +++ mutter-43.3/src/backends/meta-color-device.c 2023-03-02 11:27:42.000000000 +0000 @@ -846,6 +846,15 @@ return NULL; } + lcms_context = meta_color_manager_get_lcms_context (color_manager); + + if (!lcms_context) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, + "Internal error: no LCMS context available"); + return NULL; + } + cd_icc = cd_icc_new (); chroma.Red.x = edid_info->red_x; @@ -863,7 +872,6 @@ transfer_curve[1] = transfer_curve[0]; transfer_curve[2] = transfer_curve[0]; - lcms_context = meta_color_manager_get_lcms_context (color_manager); lcms_profile = cmsCreateRGBProfileTHR (lcms_context, &white_point, &chroma, @@ -882,12 +890,9 @@ cmsSetHeaderRenderingIntent (lcms_profile, INTENT_PERCEPTUAL); cmsSetDeviceClass (lcms_profile, cmsSigDisplayClass); - if (!cd_icc_load_handle (cd_icc, lcms_profile, + if (!cd_icc_load_handle (cd_icc, g_steal_pointer (&lcms_profile), CD_ICC_LOAD_FLAGS_PRIMARIES, error)) - { - cmsCloseProfile (lcms_profile); - return NULL; - } + return NULL; cd_icc_add_metadata (cd_icc, CD_PROFILE_PROPERTY_FILENAME, file_path); cd_icc_add_metadata (cd_icc,