[Desktop-packages] [Bug 2012341] Re: xdg-desktop-portal-gnome crashed with SIGSEGV in fast_validate()

[Launchpad Bug Tracker]

This bug was fixed in the package xdg-desktop-portal-gnome -
44~beta-1ubuntu2

---
xdg-desktop-portal-gnome (44~beta-1ubuntu2) lunar; urgency=medium

  * d/p/screencast-Duplicate-monitor-and-window-stream-info.patch:
Cherry-pick.  Fix use-after-free crash when window list changes between
being shown and the user making their selection. (cherry picked from
commit b87215b637799ef771289666bd57dd8bb71f7061 in debian/master / 44.0-1
in experimental) (LP: #2012341)

 -- Iain Lane   Sun, 16 Apr 2023 21:08:30 +0100

** Changed in: xdg-desktop-portal-gnome (Ubuntu Lunar)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xdg-desktop-portal-gnome in Ubuntu.
https://bugs.launchpad.net/bugs/2012341

Title:
  xdg-desktop-portal-gnome crashed with SIGSEGV in fast_validate()

Status in xdg-desktop-portal-gnome package in Ubuntu:
  Fix Released
Status in xdg-desktop-portal-gnome source package in Lunar:
  Fix Released

Bug description:
  [ Description ]

  Screen sharing via the GNOME portal is often crashing due to a use-
  after-free.

  [ Fix ]

  An upstream cherry-pick (https://gitlab.gnome.org/GNOME/xdg-desktop-
  portal-gnome/-/commit/a46d3b338ed362e6dfad359db3d9a505bff0dc9c) which
  takes a local copy of the data which can be freed.

  [ Test case ]

  One way which works for me:

  0. Be on GNOME, have a few different programs open (wayland ones, X ones, 
snaps, not snaps).
  1. Open firefox, visit https://meet.jit.si.
  2. Start a meeting with yourself.
  3. Share a window into the meeting. You should get the portal dialog asking 
you which window to share. Pick any one and share it to the chat.
  4. If the bug happens, the window will not be shared, and you should see a 
crash if you look in `journalctl --user-unit=xdg-desktop-portal-gnome.service`.

  It doesn't happen every single time. If you don't see the bug, repeat
  step 3 a few times choosing different windows and with different
  timings (wait a few seconds to select the window or do it really
  fast).

  If the bug is fully fixed, you shouldn't see this crash happen at all
  even after trying lots of times.

  Make sure you can reproduce the bug before applying the new package,
  so you can be more confident it's fixed.

  When the crash happens, you see messages in the journal like:

  Apr 13 22:33:14 florence xdg-desktop-por[19182]: g_variant_new_string: 
assertion 'string != NULL' failed
  Apr 13 22:33:16 florence systemd[2468]: xdg-desktop-portal-gnome.service: 
Main process exited, code=dumped, status=11/SEGV

  [ What could go wrong? ]

  The patch introduces new `dup` and `free` functions for a couple of
  structs. They are fairly simple but if there's a bug there it could
  lead to a leak or a different crash.

  [ Original Description ]

  Tried to share a window under Wayland with obs-studio (installed from
  a deb) and apport popped up saying xdg-desktop-portal-gnome had
  crashed.

  ProblemType: Crash
  DistroRelease: Ubuntu 23.04
  Package: xdg-desktop-portal-gnome 44~beta-1ubuntu1
  ProcVersionSignature: Ubuntu 6.1.0-16.16-generic 6.1.6
  Uname: Linux 6.1.0-16-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.26.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Mar 21 16:25:47 2023
  ExecutablePath: /usr/libexec/xdg-desktop-portal-gnome
  InstallationDate: Installed on 2021-08-03 (595 days ago)
  InstallationMedia: Ubuntu 21.10 "Impish Indri" - Alpha amd64 (20210802)
  ProcCmdline: /usr/libexec/xdg-desktop-portal-gnome
  ProcEnviron:
   LANG=en_AU.UTF-8
   LANGUAGE=en_AU:en
   PATH=(custom, user)
   SHELL=/bin/bash
   XDG_RUNTIME_DIR=
  SegvAnalysis:
   Segfault happened at: 0x7f67fd7a94a0 :   movzbl 
(%rdi),%eax
   PC (0x7f67fd7a94a0) ok
   source "(%rdi)" (0xa489eeb5ba526c40) not located in a known VMA region 
(needed readable region)!
   destination "%eax" ok
  SegvReason: reading unknown VMA
  Signal: 11
  SourcePackage: xdg-desktop-portal-gnome
  StacktraceTop:
   g_utf8_validate () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
   g_variant_new_string () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
   () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
   () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
   g_variant_new_va () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
  Title: xdg-desktop-portal-gnome crashed with SIGSEGV in g_utf8_validate()
  UpgradeStatus: Upgraded to lunar on 2023-01-27 (52 days ago)
  UserGroups: adm cdrom dip libvirt lpadmin lxd plugdev sambashare sbuild sudo
  separator:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xdg-desktop-portal-gnome/+bug/2012341/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.

[Desktop-packages] [Bug 2012341] Re: xdg-desktop-portal-gnome crashed with SIGSEGV in fast_validate()

[Iain Lane]

I got this too. I think it's fixed by
a46d3b338ed362e6dfad359db3d9a505bff0dc9c upstream. This is bad enough -
it completely breaks screen sharing for me - that I think fixing in
update/SRU rather than waiting for a point release would be warranted,
will upload it.

I'll write my testcase in the description in a minute. Alex, if you
could add your one too, that would be good for the SRU! Also if you
could check if the package fixes it for you (it does for me).

** Information type changed from Private to Public

** Also affects: xdg-desktop-portal-gnome (Ubuntu Lunar)
   Importance: Medium
   Status: Confirmed

** Changed in: xdg-desktop-portal-gnome (Ubuntu Lunar)
   Status: Confirmed => In Progress

** Changed in: xdg-desktop-portal-gnome (Ubuntu Lunar)
 Assignee: (unassigned) => Iain Lane (laney)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xdg-desktop-portal-gnome in Ubuntu.
https://bugs.launchpad.net/bugs/2012341

Title:
  xdg-desktop-portal-gnome crashed with SIGSEGV in fast_validate()

Status in xdg-desktop-portal-gnome package in Ubuntu:
  In Progress
Status in xdg-desktop-portal-gnome source package in Lunar:
  In Progress

Bug description:
  Tried to share a window under Wayland with obs-studio (installed from
  a deb) and apport popped up saying xdg-desktop-portal-gnome had
  crashed.

  ProblemType: Crash
  DistroRelease: Ubuntu 23.04
  Package: xdg-desktop-portal-gnome 44~beta-1ubuntu1
  ProcVersionSignature: Ubuntu 6.1.0-16.16-generic 6.1.6
  Uname: Linux 6.1.0-16-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.26.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Mar 21 16:25:47 2023
  ExecutablePath: /usr/libexec/xdg-desktop-portal-gnome
  InstallationDate: Installed on 2021-08-03 (595 days ago)
  InstallationMedia: Ubuntu 21.10 "Impish Indri" - Alpha amd64 (20210802)
  ProcCmdline: /usr/libexec/xdg-desktop-portal-gnome
  ProcEnviron:
   LANG=en_AU.UTF-8
   LANGUAGE=en_AU:en
   PATH=(custom, user)
   SHELL=/bin/bash
   XDG_RUNTIME_DIR=
  SegvAnalysis:
   Segfault happened at: 0x7f67fd7a94a0 :   movzbl 
(%rdi),%eax
   PC (0x7f67fd7a94a0) ok
   source "(%rdi)" (0xa489eeb5ba526c40) not located in a known VMA region 
(needed readable region)!
   destination "%eax" ok
  SegvReason: reading unknown VMA
  Signal: 11
  SourcePackage: xdg-desktop-portal-gnome
  StacktraceTop:
   g_utf8_validate () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
   g_variant_new_string () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
   () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
   () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
   g_variant_new_va () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
  Title: xdg-desktop-portal-gnome crashed with SIGSEGV in g_utf8_validate()
  UpgradeStatus: Upgraded to lunar on 2023-01-27 (52 days ago)
  UserGroups: adm cdrom dip libvirt lpadmin lxd plugdev sambashare sbuild sudo
  separator:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xdg-desktop-portal-gnome/+bug/2012341/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp