Hello community,
here is the log from the commit of package xfdesktop for openSUSE:Factory
checked in at 2012-06-28 17:22:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xfdesktop (Old)
and /work/SRC/openSUSE:Factory/.xfdesktop.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xfdesktop", Maintainer is ""
Changes:
--------
--- /work/SRC/openSUSE:Factory/xfdesktop/xfdesktop.changes 2012-05-09
19:33:07.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.xfdesktop.new/xfdesktop.changes 2012-06-28
17:22:16.000000000 +0200
@@ -1,0 +2,5 @@
+Wed Jun 27 07:09:02 UTC 2012 - seife+...@b1-systems.com
+
+- fix use-after-free in desktop icon tooltip code (bnc#768985)
+
+-------------------------------------------------------------------
New:
----
xfdesktop-4.10.0-fix-use-after-free.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xfdesktop.spec ++++++
--- /var/tmp/diff_new_pack.JV88Ru/_old 2012-06-28 17:22:18.000000000 +0200
+++ /var/tmp/diff_new_pack.JV88Ru/_new 2012-06-28 17:22:18.000000000 +0200
@@ -28,6 +28,8 @@
Patch0: xfdesktop-backgrounds-path.patch
# PATCH-FEATURE-OPENSUSE xfdesktop-default-backdrop-image.patch
g...@opensuse.org -- Sets the default background image to a symlink that is
delivered by branding packages
Patch1: xfdesktop-default-background-image.patch
+# PATCH-FIX-UPSTREAM xfdesktop-4.10.0-fix-use-after-free.patch bnc#768985
bxo#9059 seife+...@b1-systems.com -- fix use-after free detected by
MALLOC_CHECK_ / valgrind -- to be sent upstream!
+Patch2: xfdesktop-4.10.0-fix-use-after-free.patch
BuildRequires: fdupes
BuildRequires: intltool
BuildRequires: update-desktop-files
@@ -84,6 +86,7 @@
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
export CFLAGS="%{optflags} -fno-strict-aliasing"
++++++ xfdesktop-4.10.0-fix-use-after-free.patch ++++++
Tooltip of a desktop file with empty Comment= field shows as
"EEEEEEEEEEEEEEEEEEEEE..." which hints at a use-after-free as the
area is poisoned by glibc after free().
Valgrind then showed this:
==4111== Invalid read of size 1
==4111== at 0x8413316: vfprintf (in /lib64/libc-2.15.so)
==4111== by 0x84C6380: __vasprintf_chk (in /lib64/libc-2.15.so)
==4111== by 0x7F3FC2A: g_vasprintf (in /usr/lib64/libglib-2.0.so.0.3200.3)
==4111== by 0x7F1FBFC: g_strdup_vprintf (in
/usr/lib64/libglib-2.0.so.0.3200.3)
==4111== by 0x7F1FC9B: g_strdup_printf (in
/usr/lib64/libglib-2.0.so.0.3200.3)
==4111== by 0x434087: xfdesktop_regular_file_icon_peek_tooltip
(xfdesktop-regular-file-icon.c:577)
==4111== by 0x41F6C4: xfdesktop_icon_view_show_tooltip
(xfdesktop-icon-view.c:1049)
==4111== by 0x659FB80: ??? (in /usr/lib64/libgtk-x11-2.0.so.0.2400.10)
==4111== by 0x7C7C70F: g_closure_invoke (in
/usr/lib64/libgobject-2.0.so.0.3200.3)
==4111== by 0x7C8D78F: ??? (in /usr/lib64/libgobject-2.0.so.0.3200.3)
==4111== by 0x7C9532A: g_signal_emit_valist (in
/usr/lib64/libgobject-2.0.so.0.3200.3)
==4111== by 0x7C95DAF: g_signal_emit_by_name (in
/usr/lib64/libgobject-2.0.so.0.3200.3)
==4111== Address 0x13301768 is 72 bytes inside a block of size 4,096 free'd
==4111== at 0x4C29D4E: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==4111== by 0x7F23377: g_string_chunk_free (in
/usr/lib64/libglib-2.0.so.0.3200.3)
==4111== by 0x60494F6: xfce_rc_close (xfce-rc.c:166)
==4111== by 0x434039: xfdesktop_regular_file_icon_peek_tooltip
(xfdesktop-regular-file-icon.c:567)
==4111== by 0x41F6C4: xfdesktop_icon_view_show_tooltip
(xfdesktop-icon-view.c:1049)
==4111== by 0x659FB80: ??? (in /usr/lib64/libgtk-x11-2.0.so.0.2400.10)
==4111== by 0x7C7C70F: g_closure_invoke (in
/usr/lib64/libgobject-2.0.so.0.3200.3)
==4111== by 0x7C8D78F: ??? (in /usr/lib64/libgobject-2.0.so.0.3200.3)
==4111== by 0x7C9532A: g_signal_emit_valist (in
/usr/lib64/libgobject-2.0.so.0.3200.3)
==4111== by 0x7C95DAF: g_signal_emit_by_name (in
/usr/lib64/libgobject-2.0.so.0.3200.3)
==4111== by 0x6674F97: ??? (in /usr/lib64/libgtk-x11-2.0.so.0.2400.10)
==4111== by 0x6675C53: ??? (in /usr/lib64/libgtk-x11-2.0.so.0.2400.10)
This is the patch I came up with:
Index: b/src/xfdesktop-regular-file-icon.c
===================================================================
--- a/src/xfdesktop-regular-file-icon.c
+++ b/src/xfdesktop-regular-file-icon.c
@@ -550,10 +550,14 @@ xfdesktop_regular_file_icon_peek_tooltip
mtime = g_file_info_get_attribute_uint64(info,
G_FILE_ATTRIBUTE_TIME_MODIFIED);
time_string = xfdesktop_file_utils_format_time_for_display(mtime);
+ regular_file_icon->priv->tooltip =
+ g_strdup_printf(_("Type: %s\nSize: %s\nLast modified: %s"),
+ description, size_string, time_string);
+
/* Extract the Comment entry from the .desktop file */
if(is_desktop_file)
{
gchar *path = g_file_get_path(regular_file_icon->priv->file);
XfceRc *rcfile = xfce_rc_simple_open(path, TRUE);
@@ -561,27 +565,22 @@ xfdesktop_regular_file_icon_peek_tooltip
if(rcfile) {
xfce_rc_set_group(rcfile, "Desktop Entry");
comment = xfce_rc_read_entry(rcfile, "Comment", NULL);
}
+ /* Prepend the comment to the tooltip */
+ if(comment != NULL) {
+ gchar *tooltip = regular_file_icon->priv->tooltip;
+ regular_file_icon->priv->tooltip = g_strdup_printf("%s\n%s",
+ comment,
+ tooltip);
+ g_free(tooltip);
+ }
xfce_rc_close(rcfile);
}
- regular_file_icon->priv->tooltip =
- g_strdup_printf(_("Type: %s\nSize: %s\nLast modified: %s"),
- description, size_string, time_string);
-
- /* Prepend the comment to the tooltip */
- if(is_desktop_file && comment != NULL) {
- gchar *tooltip = regular_file_icon->priv->tooltip;
- regular_file_icon->priv->tooltip = g_strdup_printf("%s\n%s",
- comment,
- tooltip);
- g_free(tooltip);
- }
-
g_free(time_string);
g_free(size_string);
g_free(description);
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
